----- Original Message ----- From: "Parker at Vip conduit" <[EMAIL PROTECTED]> To: "Accessible Devices" <[EMAIL PROTECTED]> Sent: Thursday, July 03, 2008 7:41 PM Subject: Accessible Devices Microsoft Unveils New IE 8 Security Features
> We thought you might find this informative. This is all the information > we currently have available. So far we've not seen anything on > accessibility. > By J. Nicholas Hoover Wed Jul 2, 12:20 PM ET > Internet Explorer's getting a little bit safer. Microsoft Wednesday > unveiled significant > new security features that will be in the next version of the company's > Web browser, > Internet Explorer 8, currently in public beta testing. >>From Microsoft's standpoint, any improvement in security is a plus, and >>the company > seems to be taking that to heart with Internet Explorer 8, which includes > a slew > of new or upgraded security features. In the past, Microsoft has been > heavily criticized > for its browser security, while its chief competitor, Mozilla Firefox, has > been largely > lauded. > One of the most important new features in IE8 is a set of cross-site > scripting defenses > to protect the browser against the most common type of these attacks, > known as "reflection" > attacks, wherein transmitted data is sent back to the attacker. During > these attacks, > hackers could be stealing and browser history, logging keystrokes, > stealing credentials, > or just evading phishing filters. > Internet Explorer 8 will also have what Microsoft's calling the > SmartScreen Filter, > which has been previously announced, but is more than Microsoft originally > let on. > It's an upgraded version of the phishing filter found in Internet Explorer > 7 with > a twist. It now includes malware protection, a feature also found in the > latest versions > of Mozilla and Opera. > When users visit a site that's been reported by any one of a number of > third-party > data providers as a phishing or malware-laden site, they'll be greeted > with a big > red background and a warning. That's an upgrade over the anti-phishing > user in Internet > Explorer 7, which Microsoft tests found looked too much like a potentially > less harmful > page that just has security certificate errors. > The warning has options either to go to the user's or to "disregard and > continue," > though the first option is in much bigger text. Businesses will be able to > set policy > so that "disregard and continue" doesn't show up as an option. The > anti-malware protection > will also block suspicious downloads. > Several third-party data feeds will provide Internet Explorer with the > information > needed to block phishing and malware-laden Web sites. Microsoft gets data > on reported > phishing sites from seven providers, though it's not yet clear where it > will get > data on sites reported to contain malware. > Microsoft's already announced a number of security features for Internet > Explorer > 8. For example, the browser has a number of anti social engineering > features. It > will highlight names in the URL bar to help prevent URL spoofing, like > when an tells > the recipient to click on a site that's represented as a site, but is > really a malicious > one. There's also an additional anti-phishing feature, where a dialogue > that catches > certain site characteristics sets off a red flag even when the site isn't > in IE's > anti-phishing data feeds. > There are several new browser-based security features, including > improvements to > ActiveX dialogues and control. There are now several levels of security > for ActiveX > controls. With per user control, users can and install a control and it > will run > whenever it wants. An opt in level allows users to decide whether the > control should > run each time it wants to. kill bits can stop a control from loading at > all, and > per site control means a control can only be invoked by one particular Web > site. > Data Execution Prevention helps mitigate many memory-related attacks, > including overruns, > by blocking code execution from running in protected memory. Several other > features, > including cross domain request and cross domain messaging, are aimed at > preventing > attacks from taking place in mash-ups or any time two Web sites have to > exchange > information. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://mail.accessible-devices.com/pipermail/a-d_accessible-devices.com/attachments/20080703/1cc01362/attachment.html > This is an Announce only list. Subscribers are not able to post to this > list. > To unsubscribe from the Accessible Devices list copy the line below. > Paste it in > the To: line of a blank message and send it. > [EMAIL PROTECTED] > Please feel free to pass this message on to a friend who might like to > subscribe. > To subscribe to Accessible Devices send a blank e mail to: > [EMAIL PROTECTED] > Just follow the directions in the confirmation message when it comes. > Please Note: Accessible Devices is not able to provide tech support for > software or products that we supply information about. > > > _______________________________________________ > A-d mailing list > [EMAIL PROTECTED] > http://mail.accessible-devices.com/mailman/listinfo/a-d_accessible-devices.com > Join Access India convention: For updates on it visit: http://accessindia.org.in/harish/convention.htm To unsubscribe send a message to [EMAIL PROTECTED] with the subject unsubscribe. To change your subscription to digest mode or make any other changes, please visit the list home page at http://accessindia.org.in/mailman/listinfo/accessindia_accessindia.org.in
