I wasn’t going to publish this but there are so many people that are reading inaccurate & somewhat slanderous reports about a "purported bug" or the "first flaw in Internet Explorer 7.0" that I want to clear the air with anyone that’s reading this:
Secunia, in their rush to "security flaw publishing fame" around what they perceived to be a security flaw in the newly released Internet Explorer 7.0, have misidentified the vulnerability’s source/cause.
They claim it’s a flaw in Internet Explorer 7.0. It’s really a vulnerability in Outlook Express. Read more here: http://blogs.technet.com/msrc/archive/2006/10/19/information-on-reports-of-ie-7-vulnerability.aspx
There are a few supposed experts that are saying, "Well, gee. How was Secunia to know?" Y’know, if they had brought this SPECIFIC IE7.0 ISSUE to Microsoft’s attention beforehand and let them evaluate the issue before they decided to create a media frenzy, maybe they wouldn’t be backpedeling like they are now.
The excuse that they’re making is that they reported the issue for IE6.0 in April 2006 and didn’t hear anything from Microsoft so, "How would they know that the problem would be related to Outlook Express?" Y’know, this is kinda like saying, "we assumed it was an IE problem back in version 6.0… we assumed the situation was the same for IE 7.0." And we all know what happens when we "assume" right?
kurtsh
Kurt Shintaku's Blog 