Martin McKeay

IE7 Vulnerability already? Not really

By Martin McKeay
October 20, 2006 11:59 AM EDT
The poor guys at IE7 didn't even get 24 hours before the first IE7 vulnerability was announced in their product.  Only, the vulnerability isn't really with IE7, it's really a problem with Outlook Express.   It can be exploited through IE7, but since the issue is with Outlook Express, it can probably be exploited through IE6 as well.  This doesn't make the situation for those of us in the security community much better, but at least it makes it so the IE7 development team can sleep a little better.  The Outlook Express development team however .... (Does Outlook Express still have a development team?)

I got the chance to talk to the IE7 Development team at the IE7 release party in San Francisco Wednesday night, and now the audio's been edited and posted.   My co-conspirator, Jeremiah Owyang, has neatly transcribed the conversation , but you have to listen to the audio to really get the feel for the energy level at the party.  Believe me, that made the recording much harder.

Thanks again to Gary Schare, Dean Hachamovitch and Chris Wilson for taking the time out at the party to talk to us.  And thanks for a great party.  Gotta go now, off to learn about Symantec's Security Response Lab and DeepSight Early Alert System.