Matasano Chargen - Latest Comments in Matasano Interviews IE Lead PM Christopher Vaughan

Re: Matasano Interviews IE Lead PM Christopher Vaughan

iketz000 — Thu, 25 Jun 2009 21:39:24 -0000

Great interview.. Hope that you have a video so I can watch it..

Re: Matasano Interviews IE Lead PM Christopher Vaughan

dre — Fri, 23 Jun 2006 11:14:21 -0000

you guys had good coverage on most dec05-current ie flaws. i wish chris spoke more to the details about them. good job, though, i enjoyed it.

i think a lot of vulnerabilities (CSSXSS comes to mind first) are getting confused with browser features... such as cross-domain access. i think cross-domain access attacks will move to the top of clientside security risks in the next year. one of my favorite reads of the year was Zalewski's paper on cross-site cooking [securityfocus].

sure, graphics rendering vulnerabilities and javascript/heap/nopsled/shellcode exploits are going to continue to plague browsers for some time. even vista's uac and pmie won't stop everything.

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Dresden Marshall — Thu, 22 Jun 2006 02:05:25 -0000

Fascinating interview, but I would have enjoyed his thoughts on Mozilla and Firefox.
Assuming that commenting on Gecko or anything relative to it wouldn't get him fired^^

Re: Matasano Interviews IE Lead PM Christopher Vaughan

ivan — Wed, 21 Jun 2006 23:23:04 -0000

Hm all very nice and polite, but where's the meat?
I still do not understand the rationale for not writing IE7, let alone IE8, in managed code.
what happened to eat your own food? .NET is good for eveybody else but not good enough for the flagship application of its maker? Sorry, a "variety of reasons" does not suffice as a real answer to me

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Sanjay Kumar — Wed, 21 Jun 2006 15:16:32 -0000

You can see the brief of the interview in my blog.. Comments invited..

My blog : http://sansor.wordpress.com

-sansor
Avoid GATES of Hell use LINUX

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Doug — Wed, 21 Jun 2006 12:06:29 -0000

If the efforts to make IE secure are reasonably succcessful then it will force other browsers to innovate more as security is one of their biggest selling points currently. From a business perspective if the default IE is far more secure when Vista is deployed then there will be little motivation for companies to deploy another web browser.

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Window Snyder — Wed, 21 Jun 2006 11:11:25 -0000

That said, those questions might find a better home on the IE team blog at: http://blogs.msdn.com/ie/archive/2006/06/20/640....

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Thomas Ptacek — Wed, 21 Jun 2006 10:44:11 -0000

Friends, Romans, Slashdot readers: while I'm as interested in web standards punditry as anyone else, it isn't the apropos our blog, our normal audience, or this interview.

So, while I'd love to get a PM on the IE team to explain the rationale behind how collapsible margins work in the IE6 box model, I'm going to try to be a model of restraint.

It's not easy for a high-profile team at MSFT to do an interview on a snarky security blog and we're really happy that Chris Vaughan was able to let us pull it off. That said, if you've got to get your LUG cred on, find a way to whack IE on security. On this particular occasion, expect us to circle the wagons and whack you back. Good times!

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Chris Brooksbank — Wed, 21 Jun 2006 10:19:09 -0000

To reiterate dans point.

Did they fix CSS and generally make IE more standards complient. Surely that was a major reason for redevelopment as well ?

Also how many websites will break the day IE7 autoupdates itself onto users machines.

Re: Matasano Interviews IE Lead PM Christopher Vaughan

dan — Wed, 21 Jun 2006 08:58:33 -0000

What about CSS1/2/3 support? Are they still going to screw that up?

Re: Matasano Interviews IE Lead PM Christopher Vaughan

Richard Johnson — Tue, 20 Jun 2006 15:41:18 -0000

The 'unauthorized software' comment strikes a nerve. Most of the proposed DRM gack won't be authorized to run on machines on my nets. Will MS allow it to run anyway? What about MS's own DRM gack? Who will protect our ownership rights on our machines from megacorp rootkit writers?