Thread: Exploit for every browser except IE...
View Single Post
Old 08-02-2005, 02:33   #7
El Diablo
Inactive
 
Join Date: Jun 2003
Location: Oxford
Posts: 125
El Diablo is an unknown quantity at this point
Re: Exploit for every browser except IE...
Quote:
Originally Posted by Halcyon
Wow.
Microsoft can have a little "It didnt get our browser" celebration today.
for once that IE prooves to be useful.
Ummmm... I don't get this. Surely this issue has nothing to do with M$ IE being 'secure' but down to the fact that these people managed to register an IDN like that anyway? If anything, Verisign are at fault for failing to protect their existing customer's interest when opening up xn-- registrations, something that not *all* registries are doing... yet. There's a consultation paper going out shortly for registrations under .uk, to establish whether there's a requirement to handle IDNAs or not. I can imagine that there will be a need, but at least with .uk, we're safe in the assurance that we won't get shafted by the registry - unlike gTLDs whereby there's very little public consultation on the effects of opening up new protocols, such as IDNA. We've seen Verisign do daft things before, this isn't anything new and is not something that should be directed at browser vendors. If anything, M$ have once again displayed their inability to keep up with the times by not supporting IDNA anyhow, why are they the only ones that don't? And ... no, before you suggest it, it has nothing to do with security conscience

Quote:
Originally Posted by punky
It is ironic though, that being a naff, featureless browser is what stops the virus from attacking it.
Yeah, that's exactly the point. a) it wasn't a virus, there's quite a difference here; and b) IE *is* featureless, they just happened to be lucky here, in that it's *so* featureless it doesn't support IDNs - yet there *are* registries out there that do... Why are M$ so far behind?

Quote:
Originally Posted by MovedGoalPosts
Mr Gates has actually provided software that by default is more secure than the offerings of others

M$ much vaunted security edicts must count for something then. Wohoo
Nah, again... IE is *not* more secure - it just doesn't support the new IDN protocol, simple. That's *not* necessarily a good thing, whatsoever. The fact that IE is upgradable to support IDN is a distinct indication of this. If it was a security issue, then the upgrade wouldn't be available. It simply hasn't been fully distributed because there is not yet a widespread requirement for it - although IDN has been launched in various countries, with much success.
El Diablo is offline   Reply With Quote