Tag Archive: IE9

Video: Microsoft responds to Pwn2Own IE hack

Just moments after researchers from VUPEN used two zero-day vulnerabilities to hack into the Internet Explorer 9 browser, I caught up with Mike Reavey, senior director in the Microsoft Security Response Center (MSRC) to get his response to the attack and some information on what happens next.


Microsoft Security Response Center (MSRC) director Mike Reavey talks about the CanSecWest Pwn2Own challenge that saw a successful exploit of two zero-day vulnerabilities in the Internet Explorer 9 browser.

Source: ZDNet


Microsoft latest security risk: “Cookiejacking”

A computer security researcher has found a flaw in Microsoft Corp’s widely used Internet Explorer browser that he said could let hackers steal credentials to access FaceBook, Twitter and other websites.

He calls the technique “cookiejacking.”

“Any website. Any cookie. Limit is just your imagination,” said Rosario Valotta, an independent Internet security researcher based in Italy.

Hackers can exploit the flaw to access a data file stored inside the browser known as a “cookie,” which holds the login name and password to a web account, Valotta said via email

Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique “cookiejacking.”

The vulnerability affects all versions of Internet Explorer, including IE 9, on every version of the Windows operating system.

To exploit the flaw, the hacker must persuade the victim to drag and drop an object across the PC’s screen before the cookie can be hijacked.

That sounds like a difficult task, but Valotta said he was able to do it fairly easily. He built a puzzle that he put up on Facebook in which users are challenged to “undress” a photo of an attractive woman.

“I published this game online on FaceBook and in less than three days, more than 80 cookies were sent to my server,” he said. “And I’ve only got 150 friends.”

Microsoft said there is little risk a hacker could succeed in a real-world cookiejacking scam.

“Given the level of required user interaction, this issue is not one we consider high risk,” said Microsoft spokesman Jerry Bryant.

“In order to possibly be impacted a user must visit a malicious website, be convinced to click and drag items around the page and the attacker would need to target a cookie from the website that the user was already logged into,” Bryant said.

Source: Reuters

Chrome Browser, Now Used By 120 Million People, Just Cranked Up Its Speed

Google’s Chrome browser is now being used by 120 million people on a daily basis, which is up from 70 million the last time the company disclosed internal usage numbers last May. The new figures were disclosed moments ago at Google’s Chrome event, which Jason is covering live.

The Chrome browser has been seeing big jumps in market share recently, currently taking the No. 3 spot with a 9.26 percent overall share according to Net Applications. On TechCrunch, it is now the top browser used among our readers.

Chrome product manager Sundar Pichai also announced today Google will be making the Chrome browser even faster with an enhancement called “Crankshaft.” He claims:

“When Chrome was first announced two years ago, its new javascript engine, V8, was 8x faster than the fastest existing engine. And it was 16x faster than IE. We’ve continued to improve, and today we are announcing an enchancement called Crankshaft. This makes the engine up to 2x faster than it is today depending on the benchmark. It’s 50x as fast as the fastest web browsers 2 years ago and 100x faster than IE was two years ago.”

It is curious that he is comparing Chrome to IE from two years ago. IE itself, specifically IE9, is also much faster than IE from two years ago. What he really should be comparing it to is the current version of Internet Explorer, IE9. I sense another browser marketing battle beginning. Your move, Microsoft.

Source:  TechCrunch

Microsoft: Don’t delay your Windows 7 deployments for IE 9

With growing speculation that Microsoft is pushing to deliver the final version of its Internet Explorer (IE) 9 browser as early as spring 2011, company officials issued official guidance, advising business users against postponing their Windows 7 deployments to wait for the coming browser release.

On September 21, Rich Reynolds, Microsoft Corporate Vice President of Windows Consumer Marketing, posted the company’s latest Windows 7 deployment guidance to the “Windows for Your Business” blog.

Reynolds is advising business customers who are in the process of testing, piloting or rolling out Windows 7 to move to Windows 7 with Internet Explorer 8. Even those users with no formalized Windows 7 migration plans shouldn’t wait for Microsoft to deliver the final version of IE 9 to start planning, Reynolds said. From Reynolds’ post:

“Until the final code of Internet Explorer 9 is released to the web (RTW), we recommend businesses first move to Windows 7 Enterprise with Internet Explorer 8 so they can immediately benefit from the enhanced security, manageability, web standardization, and lifecycle support that Internet Explorer 8 brings to enterprise browsing, today. In addition, thanks to the high degree of application compatibility between the two browser versions, any investments today in deploying Internet Explorer 8 will put you on the best path to transitioning to Internet Explorer 9 in the future. Your Internet Explorer 8 migration investments will be preserved when you are ready to deploy Internet Explorer 9.”

According to leaked documents and information, Microsoft is expecting to make IE 9 the browser release it bundles with Windows 8, the next release of Windows client which isn’t expected to ship until 2012 or so. But, obviously, users can run IE 9 on other versions of Windows, including Windows 7.

At the same time, Reynolds discouraged business users from postponing their early testing of the IE 9 beta. Microsoft execs said on September 20 that there have been more than 2 million downloads so far of the IE 9 beta, which Microsoft made available for download on September 15.

Source: ZDNet

Microsoft’s IE9 look leaks to the Web

Thanks to Microsoft’s Russian subsidiary, the world now has a pretty good idea of what Internet Explorer 9 will look like.

The Russian folks were kind enough to briefly post an image and some details that had yet to be shared about the browser. And although they pulled it down, ZDNet blogger Mary Jo Foley captured the information and screenshot.

More than anything else, the screenshot shows a browser that attempts to offer a minimalistic user interface and leave as much room as possible for the Web sites. When combined with the browser’s hardware acceleration, the hope is to pave the way for Web sites that are as application-like as possible.

Microsoft declined to confirm the details Wednesday of what had been posted to its Russian site.

However, the look is consistent with what IE team member Ryan Gavin told CNET earlier this month about the planned appearance of IE9.

“The browser is the theater,” Gavin said in the interview. “We’re not the play.”

The browser appears to go as far as to allow people to pin certain sites to the desktop and open them in their own windows without any clear indication that they are using IE at all. According to Foley’s Bing translation of the Russian site, there will be certain sites that are “recognized” or “protected” and can be pinned to the taskbar and launched with their own icons.

Microsoft plans to release a beta of the browser at a September 15 event in San Francisco, although this latest leak clearly steals some of the thunder. Up to now, Microsoft had offered several technical previews of the underlying engine, but had yet to show or talk in detail about how the browser would look.

The invitations for the event do mention “the beauty of the Web” and “unlocking the native Web.”

Until now, though, the focus had been on several key features of the browser’s engine, including the hardware acceleration capabilities, improved JavaScript engine, and broader support for HTML5 and other standards. Microsoft first showed those features at the Mix10 event in March in Las Vegas, though it had talked about hardware acceleration as far back as last November’s Professional Developer Conference.

The details on the Russian site reveal a browser that borrows much from Windows 7, including the ability to tear off browser tabs and have them “snap” to a particular part of the screen, similar to the way documents and applications already do in the latest version of Windows.

There is also a unified search and address bar, something already seen in Google’s Chrome. However, having learned from criticism of Google–as well as its own considerable issues with regulators–I’m hearing that Microsoft will make the choice of whether to let the bar suggest sites as you type a completely opt-in affair.

Source: CNET

Internet Explorer 9 destroys Chrome 6 in HTML5 speed test (video)

If you can’t watch the video: IE9 is some orders of magnitude faster than Chrome when it comes to hardware-accelerated canvas rendering.

In some other initial benchmarks, IE9 is about 30% slower than Chrome 6 in the SunSpider JavaScript benchmark — and about 10% faster than Firefox 3.7.

I also tested FishIE with Opera and Firefox — and believe it or not, Opera’s a lot faster than both Chrome and Firefox!

Anyway, if you missed the news, IE9 developer preview 3 came out earlier today — Lee’s post has more info, if you’re curious, or simply download it now.

Source: DownloadSquad