Redmond's Butterfly Effect

http://www.securityfocus.com/columnists/251

"Most of you have heard of a reportedly widespread compromise of an unknown number of clients through an unpatched vulnerability in Internet Explorer. The clients were owned by visiting commercial websites that had previously been compromised by a yet undetermined method; the attackers dropping code onto those servers that customers would then launch when the site was visited. (...)

Internet Explorer is an extremely complex work. I'm not really all that sure what to call it: Application? Browser? Development platform? Mini-OS? Given the innate complexity of zone settings, ActiveX object controls and the various scripting configurations, there is really no excuse for the way multiple vulnerabilities within a single product were handled with such tunnel vision, particularly when their combined exploitation has been exemplified on forums like Security Focus for months now. (...)

Regardless of what the future of IE brings, it is evident to me that given the events of today the IE security team either doesn't fully understand the security ramifications of its product, or the thing is so complex that it really does take over 10 months to patch a bug. Either way, it doesn't look so good."

Keywords: behavior in risks, workarounds

Outcomes: safety and security culture

-- GregorioIvanoff - 16 Nov 2019
to top