EricLaw's IEInternals

Thursday, September 03, 2009 12:36 AM

Client Certificate Selection Prompt

The HTTPS protocol allows a secure server to request that the client verify their identity with a client certificate during the initial secure handshake. By presenting a client certificate, the browser helps further defeat man-in-the-middle attacks and

Posted by EricLaw | 8 Comments

Filed under: privacy, https, certificate

Tuesday, June 30, 2009 11:29 PM

The Privacy Impact of Add-ons: New APIs for IE8

By default, when starting a new session using IE8's InPrivate Browsing feature, toolbars and Browser Helper Objects are disabled. This is done to help protect the user's privacy: many toolbars and extensions maintain their own navigation/search/etc history

Posted by EricLaw | 0 Comments

Filed under: user-choice, ActiveX, Best-Practices, privacy, dev, add-ons

Wednesday, June 17, 2009 6:54 PM

CSS History Probing, or: "I know where you went last week"

Background One of the interesting attacks which makes the rounds every few years concerns the ability of web pages to use CSS to detect whether or not certain URLs have been visited. Given a sufficiently large set of URLs to probe, a website may be able

Posted by EricLaw | 2 Comments

Filed under: Security, standards, privacy, css

EricLaw's IEInternals

This Blog

Syndication

Search

Tags

News

Archives

Browse by Tags

Client Certificate Selection Prompt

The Privacy Impact of Add-ons: New APIs for IE8

CSS History Probing, or: "I know where you went last week"