IE7 at RSA San Francisco

re: IE7 at RSA San Francisco

cooperpx — Tue, 06 Feb 2007 23:29:45 GMT

@ Jeremy Dallman

Have you ever noticed how IE7 no longer provides you any information about an untrusted certificate (ie: self-signed) before accepting it ?

File -> Properties -> Certificates = Error message saying no certificate is present.

re: IE7 at RSA San Francisco

cooperpx — Tue, 06 Feb 2007 23:36:19 GMT

@ Jeremy Dallman

(Sorry for the double post) It would also seem that if you install the 'bad' certificate the bar stays red until you restart IE7?

re: IE7 at RSA San Francisco

SurrealLogic — Tue, 06 Feb 2007 23:44:11 GMT

Sorry to be off topic, but does anyone else have an issue with horrible flickering problems in IE7 on Vista Ultimate? Firefox is fine, I think I have the latest drivers, but anything Flash or animated javascript flickers like crazy. Any thoughts?

Microsoft releases new and updated information about Extended Validation and IE7

Spyware Sucks — Tue, 06 Feb 2007 23:54:16 GMT

As I have noted a couple of times over the past couple of days, IE7 Extended Validation has gone live:

re: IE7 at RSA San Francisco

TMaster — Wed, 07 Feb 2007 00:03:33 GMT

Strange, my address bar doesn't turn green when visiting those sites, not even when I turn on the automatic phishing filter.

In fact, when I visit the Woodgrove Bank demonstration site, it turns red, because I haven't accepted the certificate authority.

Is this normal behavior - I seem to recall Extended Validation not being enabled yet, but I thought it would be fully functioning in february 2007?

What error am I making? The certificate does say "Extended Validation" in it.

re: IE7 at RSA San Francisco

EricLaw [MSFT] — Wed, 07 Feb 2007 00:38:32 GMT

TMaster: I assume you're using Windows XP?

Try visiting https://www.verisign.com first.

re: IE7 at RSA San Francisco

Sylva Lisko — Wed, 07 Feb 2007 00:41:10 GMT

Since we have downloaded the new EI7 last year

there is just trouble - error msgs, pages not responding, everything is slow.

on our other laptop we kept the EI6 and all is perfect.

can we go back from EI 7 to EI 6 on our PC?

thank you

re: IE7 at RSA San Francisco

Tim — Wed, 07 Feb 2007 00:53:29 GMT

Taking research from Gartner at face value is NOT wise advice.

10 Million Phishing Attempts Thwarted Since October

Kirk Allen Evans' Blog — Wed, 07 Feb 2007 01:53:22 GMT

This is such a cool story. Two years ago, Bill Gates announced IE7 at RSA highlighting the Phishing Filter

re: IE7 at RSA San Francisco

Sandi Hardmeier — Wed, 07 Feb 2007 02:29:55 GMT

Tmaster,

You need to turn on your phishing filter, and set it to automatic, *and* ensure server certificate revocation checking is not turned off, to see the green bar.

The red certificate at Woodgrove is to be expected; the *testing* certificate was not issued by a trusted authority, that is, it was issued by "Microsoft Enhanced Validation Testing PCA". To see the list of trusted authorities, go to tools, internet options, content tab, certificates button, trusted root certification authorities.

Sandi

re: IE7 at RSA San Francisco

AK — Wed, 07 Feb 2007 03:25:30 GMT

I faced 2 Problems with IE 7

1. First time when I enter any domain name and press Ctrl+Enter IE7 hangs for almost 30 sec.

2. If I sign into multiple sites using tabs and logout from any of the sites, I get logged out from all other sites. may be a cookie problem..i guess!??

Microsoft CardSpace interop with OpenID announced at RSA

Microsoft News Tracker — Wed, 07 Feb 2007 04:17:57 GMT

Today, Bill Gates and Craig Mundie keynoted the RSA Conference 2007 and announced a variety of security related Microsoft initiatives. Perhaps the biggest news was announced in detail on the blog of Microsoft’s Kim Cameron where Microsoft p...

re: IE7 at RSA San Francisco

EricLaw [MSFT] — Wed, 07 Feb 2007 04:24:14 GMT

@Sandi: Actually, ~either~ setting the Phishing Filter to Automatic ~OR~ enabling Server Certificate Revocation Checking is sufficient.

@AK: Do you see the delay if you type the "http://" before the domain name?

What sites are you logging out of? Logging out of some sites (like Outlook Web Access) will clear your session cookies.

re: IE7 at RSA San Francisco

Jerry Pisk — Wed, 07 Feb 2007 08:07:28 GMT

What I don't get is why the need for EV certs? If the existing certificates are being issued to anyone who asks for them without any verification wouldn't the fix to that problem be to start validating cert requests? EV certs are basically an acknowledgment of the fact that regular certs are not trustworthy. As such, those shouldn't be trusted at all.

re: IE7 at RSA San Francisco

Michael — Wed, 07 Feb 2007 10:24:00 GMT

are u sure a GREEN address shows up when navigates to websites like Verisign in WinXP?

re: IE7 at RSA San Francisco

Tony — Wed, 07 Feb 2007 11:23:48 GMT

@ Sylva, visit the IE7 support site for free technical support, http://www.microsoft.com/windows/products/winfamily/ie/iefaq.mspx

@ Jerry, I agree completely. Verification sites must do their job, otherwise we will continue to have escalations of new certificates with new names that eventually become obsolete themselves. The system is flawed, please don't propagate it any further until it's been fixed.

Also announced today By Bill Gates and Craig Mundie is the continued development of IPv6 and IP/Sec. Mr.gates was even quoted:

“Passwords are not only weak, the more you get of them, the worse it is,” Mr. Gates said. “We see smart cards, in specific, but certificates in general as the way to go.”

Are the EV and future certificates what Bill was referring too? If so Jerry's comment has merit and needs to be resolved before standards such as OpenID and CardSpace become compromised as well.

re: IE7 at RSA San Francisco

Viktor Krammer — Wed, 07 Feb 2007 13:41:31 GMT

@IE team

It would be nice if you could add a new SecureLockIconConstant identifying EV SSL connections to the DWebBrowserEvents2::SetSecureLockIcon event so that security add-ons for IE can take advantage of the new EV certificates as well.

Regarding UI flickering: The status bar and the small edge between the tab bar and the actual Web content frame still flickers if switching tabs.

Any plans on allowing us to report bugs we find in IE again? The connect bug database was a good approach, but was unfortunately turned off after RTM.

Besides, congratulations on launching Vista and EV SSL.

IE7 is HORRIBLE!

islander — Wed, 07 Feb 2007 15:32:11 GMT

Since I installed IE7 I have had MAJOR hiccups of one kind or another....... now it won't even load up pages of ANY sort...........

I am on Windows XP (home) and do NOT intend to go over to VISTA because it is a wannabe MAC platform and I should have gone Mac instead of staying with windows because it just keeps crashing and crashing and hanging and hanging!

I don't know way there is a new UNimproved version of IE for non techies..........

re: IE7 and Go button (Address Bar)

say2joe — Wed, 07 Feb 2007 19:03:52 GMT

How can the Go button (used with the Address Bar on the Taskbar) be removed now that the option to remove it is no longer included with IE7 Advanced Options? I've already done a few searches of the registry with no success.

I'm using XP Pro with IE7 (/w latest updates).

re: IE7 at RSA San Francisco

Aedrin — Wed, 07 Feb 2007 21:17:09 GMT

"Since I installed IE7 I have had MAJOR hiccups of one kind or another....... now it won't even load up pages of ANY sort...........

The obligatory car reference:

If people who owned cars kept buying all these third party components and never got it serviced, how long do you think it would last?

Do you really think a Mac will improve your experience?

Are you a victim of marketing lies?

re: IE7 at RSA San Francisco

EricLaw [MSFT] — Thu, 08 Feb 2007 01:01:06 GMT

@say2joe: Remove the "Go" button from the Addressbar in your task bar by opening Windows Explorer (not IE) and right-clicking on the "Go" button there, then unchecking "Go button".

@Viktor Krammer: Yes, SecureLockIconConstant would be a good start, but at the moment, we don't expose a good way for extensions to grab the certificate itself, so the constant alone likely would not be enough.

@Jerry Pisk: The issue is that there's no standard for what type of validation is performed for a non-EV certificate. Each CA sets their own policies, and some are stronger than others. In contrast, the EV guidelines that IE7 supports specify the exact bar for vetting the identity information for all CAs.

Implying that non-EV SSL isn't trustworthy isn't exactly correct; it's fair to say that it ensures the privacy and integrity of the connection, but provides only limited verification of the identity of the remote server. At a minimum, it ensures that the registered owner of the domain name (which itself be misleading) is able to respond to certificate registration confirmation mails.

Hence, EV was created to offer a higher and standardized level of assurance of the identity of the remote server.

re: IE7 at RSA San Francisco

Alex — Thu, 08 Feb 2007 04:40:12 GMT

I found a very tiny bug in the Address Bar when using EV SSL Certificates, see the image at this url (nevermind the JPEG-corruption):

http://swb.alex-media.nl/photos/C11184B4-C845-E8B2-EB1F-CD4394DB6A82.jpg

What you're looking at: the company name should be 'Charles Schwab & Co., Inc. [US]'. You see: 'Charles Schwab _Co., Inc. [US]'

The problem is caused by the company name having an ampersand in it. It is displayed as a _ because that's Windows mnemonic-key. When you click on the icon, the correct company name is displayed.

re: IE7 at RSA San Francisco

TMaster — Thu, 08 Feb 2007 09:23:11 GMT

Sandi, thank you!

I wasn't so much surprised the Woodgrove Bank side had a red bar, it made sense to me, since I knew it was self-signed. Sorry if I didn't make this clear.

However, your comment that the certificate revocation has to be enabled solved the problem for me. I doubt this is the default setting anyway, I just cannot remember turning it off.

I guess this was an obvious case of PEBKAC. And thanks to Eric for the reply as well =)

Un milion de încercări de phishing pe săptămână

Weblogul lui Zoli — Thu, 08 Feb 2007 15:49:18 GMT

Atât oprește Phishing Filter-ul din IE7 . De la lansarea lui în octombrie, Internet Explorer 7 a blocat

re: IE7 at RSA San Francisco

EricLaw [MSFT] — Fri, 09 Feb 2007 01:30:58 GMT

@Alex: Nice catch, and your analysis is spot on.

This bug was only discovered after we shipped IE7; we'll be fixing it in a future version.

Extended Validation Guidelines v1 Released!

IEBlog — Wed, 13 Jun 2007 04:57:17 GMT

I’ve talked several times in the past about Extended Validation SSL certificates and how they are a great