Re: IE4 font security flaw (fwd)

>From:        MegaZone, megazone@livingston.com

>BFD, they should have gotten it right to start with.  MS screws up, but
>not this time.  Whining about IE is a cowardly, braindead move.  Suck it
>up, admit the foundaries screwed the pooch, and get it right from now on.

>2. I don't agree that they need to fix anything.  Now, my understanding is
>that if the bit were set correctly on the font in the first place, IE is
>no less secure than any other application using the same fonts.  The issue
>is the fonts being downloadable as a distribution system and then being
>hijacked and kept.  But if the font foundaries had set the bit correctly
>to start with it wouldn't be an issue.  It looks to me like the foundaries
>made the mistake, and now you're whining that MS needs to bail them out
>but adding *another* level of control to supercede the one there now.

If font foundries have set the embedding bits to view/print only
the they have the right to expect that the font is treated differently
then wen the bits are set to installable embedding! If IE treates
view/print embedded fonts which such sloppyness that they can easily
be kept and used then the foundries have all the right to whine:

They have set the bits correctly!

Jelle Bosma
Monotype Typography Ltd.

Received on Friday, 24 October 1997 06:50:25 UTC