The microsoft guys started a blog entry regarding my talk at blackhat/whitepaper.
"We designed and implemented the RSS features using the principles of
the Secure Development Lifecycle as embraced by Microsoft. One of the
principles is defense in depth. The idea being, even if script somehow
were to sneak by the first layer of defense, the impact that the script
could have is restricted, if not entirely negated."
For those of you reading this I tested IE Beta 1 which at the time did execute script. I contacted
Microsoft who informed me the day before Beta 2 came out. Beta 2 addressed the issue before I even
spoke to a Microsoft person about this due to their process. Props to Microsoft for taking
a proactive approach.
UPDATE: An article by TechWeb
states I am a SPI Dynamics Co founder. This is completely incorrect. Caleb sima who was originally going to co present
with me is a SPI Dynamics founder not me.
Article Link: http://blogs.msdn.com/rssteam/archive/2006/08/07/691248.aspx