Welcome to MSDN Blogs Sign in | Join | Help

Browse by Tags

All Tags » Best-Practices   (RSS)
Tuesday, December 01, 2009 2:56 AM

Understanding the Protected Mode Elevation Dialog

Internet Explorer 7 introduced Protected Mode, a feature which helps ensure that the browser and its add-ons run with a minimal set of permissions. Code running inside the “Low Rights” process doesn’t have permission to write to your user-profile’s folders
Posted by EricLaw | 6 Comments
Saturday, October 10, 2009 4:51 PM

Understanding DEP/NX

Despite being one of the crucial security features of modern browsers, Data Execution Prevention / No Execute (DEP/NX) is not well understood by most users, even technical experts without a security background. In this post, I’ll try to provide some insight
Posted by EricLaw | 4 Comments
Thursday, October 08, 2009 3:19 AM

The User-Agent String: Use and Abuse

When I first joined the IE team five years ago, I became responsible for the User-Agent string. While I’ve owned significantly more “important” features over the years, on a byte-for-byte basis, few have proved as complicated as the “simple” UA string.
Posted by EricLaw | 12 Comments
Friday, September 18, 2009 2:18 AM

Two New Tools Available from the SDL Team

Yesterday, IE Team alumnus Jeremy Dallman posted over on the Security Development Lifecycle team’s blog, announcing the release of BinScope and MiniFuzz . These two tools are part of the toolset that the Internet Explorer team uses to help verify the
Posted by EricLaw | 0 Comments
Filed under: , ,
Sunday, September 13, 2009 12:49 AM

My Favorite IE Add-on: Ralph Hare’s Mouse Gestures

Unfortunately, I spend a lot of time dealing with problems users encounter when using Internet Explorer. As a result, when I write about add-ons, I’m usually talking about misbehaving code that is wrecking the browser. However, it’s not all doom-and-gloom
Posted by EricLaw | 0 Comments
Wednesday, July 01, 2009 8:05 PM

IE and the Accept Header

RFC 2616 describes the Accept request header as follows: The Accept request-header field can be used to specify certain media types which are acceptable for the response. Accept headers can be used to indicate that the request is specifically limited
Posted by EricLaw | 15 Comments
Tuesday, June 30, 2009 11:29 PM

The Privacy Impact of Add-ons: New APIs for IE8

By default, when starting a new session using IE8's InPrivate Browsing feature, toolbars and Browser Helper Objects are disabled. This is done to help protect the user's privacy: many toolbars and extensions maintain their own navigation/search/etc history
Posted by EricLaw | 0 Comments
Wednesday, June 17, 2009 2:29 PM

Building Safer ActiveX controls: DOM Bridging

Over on the BlueHat blog, security researcher Manuel Caballero wrote up an interesting post on how Silverlight avoids exposing unsecured private browser APIs to abuse from RIA content. Anyone building ActiveX controls that take untrusted input should
Posted by EricLaw | 0 Comments
 
Page view tracker