Re: IE4 font security flaw (fwd)

>2. I don't agree that they need to fix anything.  Now, my understanding is
>that if the bit were set correctly on the font in the first place, IE is
>no less secure than any other application using the same fonts.  The issue
>is the fonts being downloadable as a distribution system and then being
>hijacked and kept.  But if the font foundaries had set the bit correctly
>to start with it wouldn't be an issue.  It looks to me like the foundaries
>made the mistake, and now you're whining that MS needs to bail them out
>but adding *another* level of control to supercede the one there now.

There's a big difference between embedding a font in a Word or PowerPoint
document and sending it to someone else at an office, and embedding it in a
web page that the world can view and extract from.

At the time embedding bits were set (and the spec was changed several
times--once even after some vendors had already set their fonts), the
"stakes" were far different than they are now.

Your "you've made your bed now lie in it" approach is neither realistic or
fair. When a major player changes the rules, then the other players need an
opportunity to change their strategies, too.

]) /\ |\| | (- |_
Home of EsperFonto
Read my new Opinion Column at

Received on Friday, 24 October 1997 14:46:50 UTC