I'm not convinced to run IE (hey Dave, when are y'all going to have one that runs on SuSE?), but his take on the seriousness of information leaks is spot on:
A flaw that IE doesn't have is advertising to the server the exact minor version of the application. People often underestimate the value of information leaks – advertising the exact minor version is basically saying "Hello, you may attack me with these exploits, but I'm patched against those exploits."He also points out some statistical analysis issues with the study. Good reading if you want some drill down from my blathering.
No comments:
Post a Comment