Posted on December 17th, 2008 by Barry Collins

Will Microsoft put bloggers back in their box after IE scare?

The new-found hole in Internet Explorer has certainly sparked a mainstream media storm. My security-expert colleague, Darien Graham-Smith, has been getting more media exposure than the X-Factor winner over the past couple of days, culminating in an appearance on BBC News last night. Meanwhile, I fielded a last-minute call from that veritable hot-house of technical gossip – the Chris Evans show on Radio 2.

The widespread coverage of the IE flaw will be doing Microsoft no favours at a time when it’s struggling to fend off the emerging Google Chrome and the enduringly popular Firefox. Even worse, the pain was entirely self-inflicted.

News of the hole broke on Microsoft’s own Malware Protection Center blog, and while you have to admire the company’s candour, you can’t help but wonder if the bloggers inadvertently spun the threat for more than it was actually worth.

“Based on our stats, since the vulnerability has gone public, roughly 0.2% of users worldwide may have been exposed to websites containing exploits of this latest vulnerability,” the post read.

“That percentage may seem low,” they said, building the suspense, “however it still means that a significant number of users have been affected.

“The trend for now is going upwards: we saw an increase of over 50% in the number of reports today compared to yesterday,” they concluded, using the kind of meaningless statistic you normally see bandied about by fledgling internet start-ups, who get their PR agencies to spin an increase from two to three registered users over the past month for all it’s (not) worth.

Microsoft’s open approach to blogging – pioneered by the now-departed Robert Scoble – has definitely helped give the company a much-needed shot of personality. But that blog post would have been a damned-sight less alarmist had it gone through the company’s legions of press officers first. As I’m pretty sure all future posts from the Malware Protection Center will be…

Tags: blogging, Internet Explorer, Security

Posted in: Newsdesk

Permalink | Trackback

Follow any responses to this entry through the RSS 2.0 feed.

Social Bookmark this article: What is this?

4 Responses to “ Will Microsoft put bloggers back in their box after IE scare? ”

james016 Says:
December 17th, 2008 at 2:48 pm
‘Sup me homies
JM Says:
December 17th, 2008 at 6:04 pm
Well, I praise Microsoft for coming clean about this security hole, even if led by one of their bloggers. I hope that any future problem will not be covered up by some corporation-worshipping press officer. After all, if a white-hat security researcher discovers a vulnerability, then the black-hats can do so, too. Better to be warned and wary than living in blissful ignorance. Also, next time, I can see that the problem might easily be a similar security hole in another browser – Apple’s Safari, for instance. I hope that we’d get to know about that if it happened, too.
dollythesheep Says:
December 18th, 2008 at 1:49 pm
It has been fixed, and within 48h. Well done Microsoft. Too many boo boys have been chipping in with false or irrelevant details. The chances of you going to a legitimate site and loosing your login password are almost zero. The bottom line is that Microsoft was able to get a fix before the criminals exploited it by writing code for more sinister uses.
Matthew Says:
December 18th, 2008 at 2:51 pm
Fixed in 48 hours?

Like many vulnerabilities, this is old as the hills, and has been left on the back burner until it became critical.

Maybe it is time to go open source, not that Firefox has an unblemished security record, nor does the webkit engine of Safari and Chrome.

The battle is on a different plane when it’s open source, as both the bad guys and the good guys can trawl the source looking for potential vulnerabilities – there is no “security through obscurity”, as a gaping hole would be discovered by black hats and white hats alike.