A look at Internet Explorer from the inside out. Note: @EricLaw left Microsoft in 2012, but was named an IE MVP in 2013.
Translate This Page
Translate this page
Browse by Tags
Tagged Content List
Understanding Enhanced Protected Mode
Last week, Andy Zeigler announced the introduction of Enhanced Protected Mode (EPM) over on the IEBlog. In today’s post, I’d like to provide further technical details about EPM to help security researchers, IT professionals, enthusiasts, and developers better understand how this feature works...
23 Mar 2012
Authenticode and Weak Certificate Chains
Recently, someone attempted to download a deprecated version of the Windows Script debugger . This tool was used to debug scripts prior to the introduction of more powerful, modern tools like those that are built into IE8 and later. The user emailed me when they encountered a very surprising outcome...
19 Aug 2011
Sharpen the Saw
Gather round, young’ins, Grandpa Eric is going to tell you a story. Back in the old days, when I started writing software, programmers’ utilities were sold in boxes in retail stores. You’d plunk down your 149 bucks or whatever (in cash , kids, this was before credit cards got popular...
14 Aug 2011
Detecting Captive Network Portals
18 May 2011
Misbehaving HTTPS Servers impair TLS 1.1 and TLS 1.2
Back in the summer of 2009, I blogged about Windows 7’s new support for TLS 1.1 and TLS 1.2 . These new protocols are disabled by default, but can be enabled using Group Policy or the Advanced Tab of the Internet Control Panel: Some adventurous Internet Explorer users have found that...
24 Mar 2011
IE9 No-Reboot Setup and the Windows Restart Manager
On Windows 7, Internet Explorer 9 can often be installed without rebooting the system. In cases where a system restart is required, either the system lacks one of the required prerequisites (so IE Setup is forced to install it and reboot) or a running program or service is holding one of Internet Explorer’s...
16 Feb 2011
In-Place Shell Navigation with the WebBrowser Control on Windows 7
Because the WebBrowser Control (WebOC) can be used to display a wide range of content (HTML, Office Documents, PDFs, the local file-system, etc) it is often integrated into applications as a somewhat generic object hosting surface. For Windows 7, a small change was made that will impact applications...
30 Dec 2009
Understanding Certificate Name Mismatches
Recently, I received a query from the Windows Mobile team-- they had observed that visiting https://gmail.com triggers a certificate name mismatch error on IEMobile, but doesn’t seem to trigger any error on Windows 7 when using the desktop versions of Internet Explorer or Firefox. Now, long-time readers...
7 Dec 2009
Troubleshooting Authentication with Fiddler
Over the last few weeks, I’ve been exchanging mail with a webmaster (Vladimir) in Russia who reported that his customers were having problems using IE8 on Windows 7 to log into his website. His site uses HTTP Basic Authentication, so users are prompted to enter their credentials using the following...
22 Nov 2009
Getting the Server's Certificate Chain from WinINET
Over the last few years, a number of folks have lamented that there's no good way to get the server's complete certificate chain from a WinINET HTTP response. That has changed with the release of the new WinINET shipping in Windows 7 / IE8. INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT is a new flag you...
20 Aug 2009
User Account Control in Windows 7
It isn't directly related to Internet Explorer, but Mark Russinovich's Inside Windows7 User Account Control article over on TechNet provides an illuminating explanation of why UAC isn't a security boundary, but why it helps protect against malware anyway. For IE8 on Win7, the change is that if the...
22 Jun 2009
Page 1 of 1 (11 items)
© 2013 Microsoft Corporation.
Privacy & Cookies