Richi Jennings

IE7 releases with vulnerability (and fun with resumes)

October 20, 2006 6:41 AM EDT
Open IT Blogwatch in a new tab and read how Microsoft released Internet Explorer 7, but all is not well. Not to mention how to reply to lame resume writers...

Martin McKeay was at the launch party:
Internet Explorer 7 was released  last night and I had the opportunity to go to the release party ... Dean Hachamovitch, the General Manager for the IE development team, was a gracious host and made the rounds, answering the questions that bloggers and reporters around the room had for him, as did the rest of the IE7 development team. And the food was good, too.

Internet Explorer 7 is a huge improvement over IE6, with anti-phishing technologies and ActiveX opt-in, just to name a few. Unluckily the biggest security improvement, the sandboxing of the browser, will only be available in Vista, and several other security features are only available from XP forward.

I really like some of the new user experience upgrades, such as tabbed browsing, a spell checker for any text area (something I really need) and the integration of RSS into the browser.
Preston Gralla urges us to, "Just say yes":
It's been a long time coming, but Internet Explorer 7 is here at last. If you're dying to get your hands on the new browser, you can download it right now ... IE7 is a considerable improvement over IE6, and with new features such as tabbed browsing, RSS support, improved security and an integrated search box, it's well worth the upgrade. IE6 was an inferior competitor to Mozilla's Firefox, but IE7 is the equal of Firefox 1.5, and in some ways better. That's not to say that everyone will be happy with this new version of IE. If you're a power user, much as you'll welcome these new features, you can be excused if you feel that Microsoft has partially abandoned you.
Mark Evans jokes:
Now, we can abandon those pesky open-source browsers that have kept IE from cementing its domination of the market. I can't wait to uninstall Firefox, Flock and Opera. No more worrying about cool extensions and plug-ins from an army of developers, no more worry about Web sites that just don't look quite right, and finally no more guilt about trying to be one of those people who seeks out Microsoft alternatives.
Michael Pietroforte is worried:
Today, I installed the final and now I am even more convinced of not deploying IE7 this year. It is quite obvious that its setup changes a lot in the whole system. On my one year old PC it took about 15 minutes to install IE7. Afterwards the setup asked me three times to reboot my PC. I then got the message that some applications might not work correctly since I am so stubborn and didn't accept to reboot immediately.
And Secunia tells us about the first IE7 vulnerability:
A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. This can be exploited to access documents served from another web site.
RSnake laughs:
This is some of the worst ownage I’ve seen in a long time ... This allows anyone with control over a webserver to control anything you do with any page you can connect to. It’s interesting that Secunia marked it as a “less critical” threat, as this pretty much gives any attacker read access to any domain anywhere as long as you are using Internet Explorer 6.0 or 7.0 ... the client is redirected to the server as you (with your credentials) and it is returned as a cachable mhtml file that can be read via XMLHttpRequest since it “appears” to your browser to be located on the machine that did the redirection. Pretty clever. I’ve played around with these sorts of things before but was never successful (obviously I never tried mhtml). It seems to me that someone was saving this one.
...
I don&'t know why anyone would say this is a less critical risk as this is complete ownage of the entire internet for users of Internet Explorer. Hopefully Microsoft will patch this one quickly.
IDG updates us:
A flaw that research firm Secunia claimed to have discovered in Internet Explorer 7 just hours after its unveiling is not a browser bug after all, Microsoft Corp. said Thursday. Instead, the problem lies in a component of Microsoft's Outlook Express e-mail client, which can be triggered by the browser.

Buffer overflow:

Around the Net
Around Computerworld
And finally... Re: Your Resume [warning: strong language ahoy]
Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richij.com.