IE7 Beta 2 Vulnerability Discovered in just 15 minutes!

IE7 Beta 2 Vulnerability Discovered in just 15 minutes!

am 02.02.2006 05:55:22 von google

On the day of its release security researcher Tom Ferris at Security
Protocols needed just 15 minutes to find the first vulnerability in IE7
Beta 2 and write an exploit for it. This is believed to be a new
record.

You can read the article at:
http://www.nist.org/news.php?extend.75

One can only imagine the meetings at Microsoft when upper level
management asked the programmers exactly what they spent the Millions
of Dollars they were given to improve security in Internet Explorer 7.
And why dozens of programmers and testers didn't find a bug that this
one person found in just 15 minutes. At most companies heads would
roll!

John Herron, CISSP
http://www.NIST.org

Re: IE7 Beta 2 Vulnerability Discovered in just 15 minutes!

am 02.02.2006 07:03:46 von Jbob

"NIST.org" wrote in message
news:1138856122.241983.215270@z14g2000cwz.googlegroups.com.. .
> On the day of its release security researcher Tom Ferris at Security
> Protocols needed just 15 minutes to find the first vulnerability in IE7
> Beta 2 and write an exploit for it. This is believed to be a new
> record.
>

Not sure here but wasn't this a preview of Beta 2 and not the actual Beta 2
release?

Re: IE7 Beta 2 Vulnerability Discovered in just 15 minutes!

am 02.02.2006 07:36:40 von Volker Birk

Jbob wrote:
> "NIST.org" wrote in message
> news:1138856122.241983.215270@z14g2000cwz.googlegroups.com.. .
> > On the day of its release security researcher Tom Ferris at Security
> > Protocols needed just 15 minutes to find the first vulnerability in IE7
> > Beta 2 and write an exploit for it. This is believed to be a new
> > record.
> Not sure here but wasn't this a preview of Beta 2 and not the actual Beta 2
> release?

Unbelievable. Microsoft is fooling people with the oxymoron of a
"beta release", and everybody here seems to be twitted.

Yours,
VB.
--
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)

Re: IE7 Beta 2 Vulnerability Discovered in just 15 minutes!

am 18.02.2006 21:11:32 von Sebastian Gottschalk

Volker Birk wrote:
> Jbob wrote:
>> "NIST.org" wrote in message
>> news:1138856122.241983.215270@z14g2000cwz.googlegroups.com.. .
>>> On the day of its release security researcher Tom Ferris at Security
>>> Protocols needed just 15 minutes to find the first vulnerability in IE7
>>> Beta 2 and write an exploit for it. This is believed to be a new
>>> record.
>> Not sure here but wasn't this a preview of Beta 2 and not the actual Beta 2
>> release?
>
> Unbelievable. Microsoft is fooling people with the oxymoron of a
> "beta release", and everybody here seems to be twitted.

I still wonder why... from just my little database I found 19 unpatched
security holes from IE6 that haven't been fixed on IE7 Beta1 and still
didn't get fixed on Beta2. In fact a fixed one was reopened on Beta2.

Yeha, IE7 will be the first webbrowser which ships with well-known
security holes. That even better since IE6, which has been famous to be
unsafe only since April '03 (means: no moment when there was no known
unpatched vulnerability).