Despite its role as the cornerstone of web application security, it’s clear that many (most?) web professionals do not understand Same Origin Policy (SOP), or hold one or more misconceptions about what SOP requires. It’s a big topic, and...

Here's a fun little tip from the "Things I didn't know about my own product " file: If you want to organize your favorites using a full Windows Explorer instance instead of the far more limited "Organize Favorites" dialog box, hold SHIFT while clicking...

It looks like the days of "security by obscurity" protection for Mac users may be coming to a close. As described over on Brian Krebs' blog , socially-engineered malware authors are now going after Mac OS X users with targeted exploits that attack both...

As browser users go, I’m pretty savvy. I’ve been on the IE team for nearly half a decade, and I’ve been writing browser extensions for twice as long. I read networking source code for entertainment, I spend my free time writing a web debugger , and I...

Over the last few years, a number of folks have lamented that there's no good way to get the server's complete certificate chain from a WinINET HTTP response. That has changed with the release of the new WinINET shipping in Windows 7 / IE8. INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT...

Over the five years I’ve worked on Internet Explorer, I’ve probably seen more questions from the community about HTTP cookies than on any other topic. Cookies are an integral component of most websites in use today, and hence problems or unexpected...