McAfee inadvertently speeds creation of Metaploit IE exploit pack A security researcher has credited McAfee for helping him to develop exploit code that cracks open an unpatched flaw in older versions of Internet Explorer. Moshe Ben Abu (AKA Trancer00t) used the flaw in IE 6 and 7 in knocking-up a module for the open-source Metasploit exploit database. "I didn't find the vuln', just found …
First post an M$ bash, second and third a McrappyFee bashing. Gone are the days (that never existed) of quality comments.
My vote would be immediate "responsible" disclosure and if a patch isn't released in 2 weeks, go public. Proof-of-concept exploit code is close to rediculous, considering it allows some script kiddie to just dump the exploit into their virii framework with no effort of their own. The problem with propriety systems is there's no incentive to secure their stuff in any reasonable timeframe because where else are you going to go? Don't like the M$ failship? Unlikely your corp is going to jump ship to *nix and still get vendor support for your Win32 software running under Wine. Apple is right-out due to no sensible [note use of word] companies developing business apps for that platform.
M$ clearly has the application advantage, even if their OS is riddled with holes worse than a discarded water heater in the backwoods of Alabama... It is no different than the iPhone and App Store. People still buy the outdated hardware to get at the software, even though the likes of the Nexus One are on the market. No apps? No use.
Figure my allegence with that one. /coat
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2023
