IEInternals

A look at Internet Explorer from the inside out. @EricLaw left Microsoft in 2012, but was named an IE MVP in '13 & an IE userAgent (http://useragents.ie) in '14

  • IEInternals

    Security Intelligence Report Volume 7 Released

    • 0 Comments
    Security researchers at Microsoft release a biannual "Intelligence Report" containing statistics about the software-related security incidents over the past 6 months. This report is called the SIR , and the latest version can be found here . There are...
  • IEInternals

    Using Meddler to Simulate Web Traffic

    • 10 Comments
    As mentioned back in July , IE8’s new lookahead downloader has a number of bugs which cause it to issue incorrect speculative download requests. The “BASE Bug” caused the speculative downloader to only respect the <BASE> element...
  • IEInternals

    Capturing Crash Dumps for Analysis

    • 5 Comments
    Sometimes, folks report crashes to the IE team that we are unable to reproduce internally. That’s usually because, as mentioned often, most crashes are caused by buggy browser add-ons. In some cases, however, crashes occur even when running with browser...
  • IEInternals

    Understanding DEP/NX

    • 14 Comments
    Despite being one of the crucial security features of modern browsers, Data Execution Prevention / No Execute (DEP/NX) is not well understood by most users, even technical experts without a security background. In this post, I’ll try to provide...
  • IEInternals

    DotNet UserControls Restricted in IE8

    • 4 Comments
    In the past, Internet Explorer supported a really easy way to host .NET UserControls in HTML. These controls worked much like ActiveX controls, but because they ran with limited permissions, sandboxed by the .NET Framework, they would download and run...
  • IEInternals

    The User-Agent String: Use and Abuse

    • 25 Comments
    When I first joined the IE team five years ago, I became responsible for the User-Agent string. While I’ve owned significantly more “important” features over the years, on a byte-for-byte basis, few have proved as complicated as the...
  • IEInternals

    Good News: Microsoft Security Essentials Released

    • 0 Comments
    Microsoft’s free new anti-virus / anti-malware realtime scanner is now available as a free download . Installing MSE, a traditional signature-based scanner, alongside IE8’s URL Reputation-based SmartScreen Filter yields comprehensive protection to help...
  • IEInternals

    Internet Explorer Cannot Download https://something

    • 45 Comments
    Earlier today, I was asked to troubleshoot a secure site where file downloads were always failing . Having seen this problem many times often over the years, I immediately suspected that the web developer wasn’t aware that if a user tries...
  • IEInternals

    New Tool: Compare IE Security Settings

    • 0 Comments
    “IE Zone Comparer” was designed to provide additional visibility into URLMon's security zone settings. Pick any two collections of security zone settings, and IE Zone Comparer displays the values of those settings, highlighting any differences between...
  • IEInternals

    Understanding Domain Names in Internet Explorer

    • 15 Comments
    Web browsers use domain names for a variety of purposes, but how they’re used is much more complicated than most developers realize. In this post, I’ll attempt to cover the most important aspects of this topic. Definitions When talking...
  • IEInternals

    Two New Tools Available from the SDL Team

    • 0 Comments
    Yesterday, IE Team alumnus Jeremy Dallman posted over on the Security Development Lifecycle team’s blog, announcing the release of BinScope and MiniFuzz . These two tools are part of the toolset that the Internet Explorer team uses to help verify the...
  • IEInternals

    Preventing Automatic Hyperlinking in ContentEditable HTML

    • 5 Comments
    Today, a question from the mail bag… Q: Is there a way to stop IE from “auto-magically” recognizing and creating hyperlinks inside HTML? First, a bit of context. Web developers can use the ContentEditable property to allow users to edit part of...
  • IEInternals

    The Mystery of the Forgetful Browser Settings

    • 0 Comments
    A friend recently wrote to me, alarmed that the SmartScreen Filter feature was constantly turning off on his laptop with IE8. Despite manually re-enabling the feature using the Safety menu multiple times per hour, it was mysteriously and repeatedly turned...
  • IEInternals

    HTML5 Implementation Issues in IE8 (and later)

    • 12 Comments
    IE8 introduced support for some of the more stable features in the HTML5 spec. However, web developers have reported some problematic scenarios in IE8's support for these features, as described below. 1. postMessage only works for IFRAMES/FRAMES ...
  • IEInternals

    Welcome to Security Theater...

    • 1 Comments
    From the things that make you go hmm.... department: http://personal.fidelity.com/misc/buffers/coming-soon-identity.shtml.cvsr Choose a question like “In what city was your high school?” then enter the answer. This kind of information gives us a...
  • IEInternals

    My Favorite IE Add-on: Ralph Hare’s Mouse Gestures

    • 5 Comments
    Unfortunately, I spend a lot of time dealing with problems users encounter when using Internet Explorer. As a result, when I write about add-ons, I’m usually talking about misbehaving code that is wrecking the browser. However, it’s not all...
  • IEInternals

    Why Won’t IE Remember My Login Info?

    • 75 Comments
    Over on the Microsoft Answers forum , some folks have reported that Internet Explorer doesn’t remember their login details. This is a tricky problem to troubleshoot because there are a number of different problems which get lumped together under...
  • IEInternals

    Microsoft Doloto Performance Optimization Tool

    • 0 Comments
    Ben Livshits and Emre Kiciman of Microsoft Research have released the Doloto performance-optimization tool . This cool tool enables web developers to optimize page-load time by ensuring that pages only pull in the JavaScript functions they need. Mentioned...
  • IEInternals

    Nine

    • 5 Comments
    Nine is a number that’s been on my mind quite a lot lately, so it’s fitting that it’s now 09:09:09 on 09/09/09. I’m eager to write more about Nine here in the future, and I know from the comments that this is a subject of interest to many. For now...
  • IEInternals

    Client Certificate Selection Prompt

    • 23 Comments
    The HTTPS protocol allows a secure server to request that the client verify their identity with a client certificate during the initial secure handshake. By presenting a client certificate, the browser helps further defeat man-in-the-middle attacks and...
  • IEInternals

    Same Origin Policy Part 1: No Peeking

    • 11 Comments
    Despite its role as the cornerstone of web application security, it’s clear that many (most?) web professionals do not understand Same Origin Policy (SOP), or hold one or more misconceptions about what SOP requires. It’s a big topic, and...
  • IEInternals

    HowTo: Organize Favorites using Windows Explorer

    • 0 Comments
    Here's a fun little tip from the "Things I didn't know about my own product " file: If you want to organize your favorites using a full Windows Explorer instance instead of the far more limited "Organize Favorites" dialog box, hold SHIFT while clicking...
  • IEInternals

    It was only a matter of time...

    • 1 Comments
    It looks like the days of "security by obscurity" protection for Mac users may be coming to a close. As described over on Brian Krebs' blog , socially-engineered malware authors are now going after Mac OS X users with targeted exploits that attack both...
  • IEInternals

    My browser is acting funny…

    • 25 Comments
    As browser users go, I’m pretty savvy. I’ve been on the IE team for nearly half a decade, and I’ve been writing browser extensions for twice as long. I read networking source code for entertainment, I spend my free time writing a web debugger , and I...
  • IEInternals

    Getting the Server's Certificate Chain from WinINET

    • 0 Comments
    Over the last few years, a number of folks have lamented that there's no good way to get the server's complete certificate chain from a WinINET HTTP response. That has changed with the release of the new WinINET shipping in Windows 7 / IE8. INTERNET_OPTION_SERVER_CERT_CHAIN_CONTEXT...
Page 7 of 9 (206 items) «56789