On the day of its release security researcher Tom Ferris at Security
Protocols needed just 15 minutes to find the first vulnerability in IE7
Beta 2 and write an exploit for it. This is believed to be a new
record.

You can read the article at:
http://www.nist.org/news.php?extend.75

One can only imagine the meetings at Microsoft when upper level
management asked the programmers exactly what they spent the Millions
of Dollars they were given to improve security in Internet Explorer 7.
And why dozens of programmers and testers didn't find a bug that this
one person found in just 15 minutes. At most companies heads would
roll!

John Herron, CISSP
http://www.NIST.org

"NIST.org" <google [at] eaglestock.com> wrote in message
news:1138856122.241983.215270 [at] z14g2000cwz.googlegroups.com.. .
> On the day of its release security researcher Tom Ferris at Security
> Protocols needed just 15 minutes to find the first vulnerability in IE7
> Beta 2 and write an exploit for it. This is believed to be a new
> record.
>

Not sure here but wasn't this a preview of Beta 2 and not the actual Beta 2
release?

Jbob <nobody [at] spamcox.net> wrote:
> "NIST.org" <google [at] eaglestock.com> wrote in message
> news:1138856122.241983.215270 [at] z14g2000cwz.googlegroups.com.. .
> > On the day of its release security researcher Tom Ferris at Security
> > Protocols needed just 15 minutes to find the first vulnerability in IE7
> > Beta 2 and write an exploit for it. This is believed to be a new
> > record.
> Not sure here but wasn't this a preview of Beta 2 and not the actual Beta 2
> release?

Unbelievable. Microsoft is fooling people with the oxymoron of a
"beta release", and everybody here seems to be twitted.

Yours,
VB.
--
Netzwerkgrundlagen anhand Windows lernen zu wollen ist doch wie seine
ersten sexuellen Erfahrungen mit einer Prostituierten zu sammlen: Die
Leidenschaft fehlt, das wirklich Wichtige lernt man dabei nicht, und die
Chance sich einen Schädling einzufangen ist hoch. (Lukas Graf in d.c.s.m)

Volker Birk wrote:
> Jbob <nobody [at] spamcox.net> wrote:
>> "NIST.org" <google [at] eaglestock.com> wrote in message
>> news:1138856122.241983.215270 [at] z14g2000cwz.googlegroups.com.. .
>>> On the day of its release security researcher Tom Ferris at Security
>>> Protocols needed just 15 minutes to find the first vulnerability in IE7
>>> Beta 2 and write an exploit for it. This is believed to be a new
>>> record.
>> Not sure here but wasn't this a preview of Beta 2 and not the actual Beta 2
>> release?
>
> Unbelievable. Microsoft is fooling people with the oxymoron of a
> "beta release", and everybody here seems to be twitted.

I still wonder why... from just my little database I found 19 unpatched
security holes from IE6 that haven't been fixed on IE7 Beta1 and still
didn't get fixed on Beta2. In fact a fixed one was reopened on Beta2.

Yeha, IE7 will be the first webbrowser which ships with well-known
security holes. That even better since IE6, which has been famous to be
unsafe only since April '03 (means: no moment when there was no known
unpatched vulnerability).