W3C home > Mailing lists > Public > www-font@w3.org > October to December 1997

IE4 font security flaw

From: Daniel Will-Harris <Daniel@Will-Harris.com>
Date: Thu, 23 Oct 1997 14:13:10 -0700
To: <www-font@w3.org>
Message-ID: <01bcdff8$7770dce0$244204c7@dwh>
Font foundries and designers have been vocal in their fear of font embedding
on the web, and now it seems their fears were well-founded, at least in the
case of Microsoft’s new browser, Internet Explorer 4. The browser’s new
OpenType font embedding feature has a fatal security flaw that makes it easy
for any user, even those without technical knowledge, to capture embedded
fonts from a web site and install them into their system for use with all
their software. No one other than myself has yet uncovered the simple steps
to do so and I will not reveal the steps here, because I don’t want people
pirating fonts.

Microsoft knows about the problem and has stated it will do nothing to
correct it.

With over 2 million copies of IE4 distributed in the past two weeks alone,
IE4’s font embedding may not adequately address the protection of the
intellectual property rights of font designers and foundries.

You can read the details at http://news.i-us.com/wire/

]) /\ |\| | (- |_
Home of EsperFonto
Read my new Opinion Column at
Received on Thursday, 23 October 1997 17:20:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:37:29 UTC