Toolkit
Story: Open-source IE patch hits trust barrier
Posted by: XiPHiaS (Saturday 20 December 2003, 1:18 PM)
Looking at the source i don't see anything suspicious. The link to their own website just reported the spoofed URL so they can show the user what's going on. they could log this information, but what harm can you do with that?
The only thing I don't know is how the patch is integrated in IE. I simply don't have the knowledge of how this works. Maybe someone can explain that part of the source to me. The way they do this might pose a problem when you're installing future MS patches or might break other things, so that might be a good reason for not installing this patch.
Just one more thing: Their source code is open, but not as open as one would expect. Just look at this comment in the code:
// ---------------------------------------------
// Terms of Agreement:
// ---------------------------------------------
//
// By using this source code, you agree to the
// following terms:
//
// 1) You may use the source code, resource
// files for educational purposes only.
// 2) You MAY NOT redistribute this source code
// without written permission. Failure to do
// so is a violation of copyright laws.
// 3) The author of this code may have retained
// certain "additional copyright rights".
// If so, this is indicated in the author's
// description.
This means you cannot base your own patch on this code without permission. Not a big issue in this case, but still it is one...
Full Talkback thread
Story: Open-source IE patch hits trust barrier
-
Let's see, these 'analysts' think it is better to... Alice Benton -
It's a bit ridiculous that MS hasn't yet released... Jeremy Campbell
-
Yeah. right. Trust Microsoft instead. What a bumc... Scott Waters
-
Looking at the source i don't see anything suspici... XiPHiaS -
The patch works by grabbing any url that is clicke... Leon Pennington
-
Yeah, these analysts just don't want to get their... Anonymous
