Forgot your password?
typodupeerror

Become a fan of Slashdot on Facebook

Microsoft

Microsoft Patches OLE Zero-Day Vulnerability 37

Posted by Soulskill
from the putting-right-what-once-went-wrong dept.
msm1267 writes: Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities. Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements.
Microsoft

Microsoft Is Bringing WebRTC To Explorer, Eyes Plugin-Free Skype Calls 66

Posted by samzenpus
from the call-window dept.
An anonymous reader writes Microsoft today announced it is backing the Web Real-Time Communication (WebRTC) technology and will be supporting the ORTC API in Internet Explorer. Put another way, the company is finally throwing its weight behind the broader industry trend of bringing voice and video calling to the browser without the need for plugins. Both Google and Mozilla are way ahead of Microsoft in this area, both in terms of adding WebRTC features to their respective browsers and in terms of building plugin-free calling services that rely on the technology. In short, Skype is under threat, and Microsoft has finally decided to opt for an "If you can't beat 'em, join 'em" strategy.
Internet Explorer

Microsoft's JavaScript Engine Gets Two-Tiered Compilation 46

Posted by Soulskill
from the under-the-hood dept.
jones_supa writes: The Internet Explorer team at Microsoft recently detailed changes to the JavaScript engine coming in Windows 10. A significant change is the addition of a new tier in the Just-in-Time (JIT) compiler. In Windows 10, the Chakra JS engine now includes a second JIT compiler that bridges the gap between slow, interpreted code and fast, optimized code. It uses this middle-tier compiler, called Simple JIT, as a "good enough" layer that can move execution away from the interpreter quicker than the Full JIT can. Microsoft claims that the changes will allow certain workloads to "run up to 30% faster". The move to a two-tiered JIT compiler structure mirrors what other browsers have done. SpiderMonkey, the JavaScript engine in Firefox, has an interpreter and two compilers: Baseline and IonMonkey. In Google Chrome, the V8 JavaScript engine is also a two-tiered system. It does not use an interpreter, but compiles on a discrete background thread.
The Internet

CSS Proposed 20 Years Ago Today 180

Posted by Soulskill
from the i-like-your-cascading-style dept.
An anonymous reader writes: On 10 October 1994, Opera CTO Hakon Lie posted a proposal for Cascading HTML style sheets. Now, two decades on, CSS has become one of the modern web's most important building blocks. The Opera dev blog just posted an interview with Lie about how CSS came to be, and what he thinks of it now. He says that if these standards were not made, "the web would have become a giant fax machine where pictures of text would be passed along." He also talks about competing proposals around the same time period, and mentions his biggest mistake: not producing a test suite along with the CSS1 spec. He thinks this would have gotten the early browsers to support it more quickly and more accurately. Lie also thinks CSS has a strong future: "New ideas will come along, but they will extend CSS rather than replace it. I believe that the CSS code we write today will be readable by computers 500 years from now."
Internet Explorer

Internet Explorer Implements HTTP/2 Support 122

Posted by Soulskill
from the metadata-transmission dept.
jones_supa writes: As part of the Windows 10 Technical Preview, Internet Explorer will introduce HTTP/2 support, along with performance improvements to the Chakra JavaScript engine, and a top-level domains parsing algorithm based on publicsuffix.org. HTTP/2 is a new standard by the Internet Engineering Task Force. Unlike HTTP/1.1, the new standard communicates metadata in binary format to significantly reduce parsing complexity. While binary is usually more efficient than text, the real performance gains are expected to come from multiplexing. This is where multiple requests can be share the same TCP connection. With this, one stalled request won't block other requests from being honored. Header compression is another important performance concern for HTTP.
Encryption

Why Google Is Pushing For a Web Free of SHA-1 108

Posted by Soulskill
from the collision-course dept.
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."
Businesses

Microsoft Considered Renaming Internet Explorer To Escape Its Reputation 426

Posted by samzenpus
from the a-rose-by-any-other-name dept.
An anonymous reader writes "Microsoft's Internet Explorer engineering team told a Reddit gathering that discussions about a name change have taken place and could happen again. From the article: "Microsoft has had "passionate" discussions about renaming Internet Explorer to distance the browser from its tarnished image, according to answers from members of the developer team given in a reddit Ask Me Anything session today. In spite of significant investment in the browser—with the result that Internet Explorer 11 is really quite good—many still regard the browser with contempt, soured on it by the lengthy period of neglect that came after the release of the once-dominant version 6. Microsoft has been working to court developers and get them to give the browser a second look, but the company still faces an uphill challenge."
Internet Explorer

Microsoft Releases Early IE12 Preview As Part of Its New Developer Channel 105

Posted by Unknown Lamer
from the now-just-gpl-the-code... dept.
DroidJason1 (3589319) writes "Microsoft is looking to create a more open dialog between the Internet Explorer team and the Web development community by announcing Internet Explorer Developer Channel. IE Dev Channel allows you to preview the next version of Internet Explorer (IE12) alongside and independently of IE11. Web developers can download and test drive the latest IE platform features, something developers were already able to do with Firefox and Chrome. This preview release even offers support of the emerging Gamepad API, allowing you to use your Xbox controller to play games in IE!"
Internet Explorer

Next IE Version Will Feature Web Audio, Media Capture, ES6 Promises, and HTTP/2 173

Posted by timothy
from the loyal-opposition dept.
An anonymous reader writes "Microsoft [Wednesday] announced it is developing at least four new features for the next release of Internet Explorer (IE): Web Audio API, Media Capture and Streams, ES6 Promises, and HTTP/2. The company says this is not an exhaustive list of what to expect in the next version, but merely what it is currently confident that it will be able to deliver. For those who don't know, HTTP/2 is a faster protocol for transporting Web content. It is based on Google's SPDY open networking protocol and is currently being standardized by the IETF. Web Audio is a JavaScript API for processing and synthesizing audio in Web applications while Media Capture provides access to the user's local audio and video input/output devices. Promises is meant to help developers write cleaner asynchronous code."
Windows

Microsoft Announces Windows 8.1 With Bing To Sell Cheaper Devices 124

Posted by Soulskill
from the borrowing-from-amazon's-playbook dept.
An anonymous reader writes "Microsoft today confirmed the rumors of a new edition of its latest operating system by unveiling Windows 8.1 with Bing. The company says the main purpose of the new SKU is to allow its hardware partners to sell lower-cost Windows devices; the first ones with the new edition will be announced next month at Computex in Tapei. Windows 8.1 with Bing is exactly like Windows 8.1 with the recently released Windows 8.1 Update, with one major difference: Bing is set as the default search engine in Internet Explorer. Users can still change that option in IE's search engine settings, but OEMs do not have that luxury."
Windows

Why Microsoft Shouldn't Patch the XP Internet Explorer Flaw 345

Posted by Soulskill
from the going-to-take-flak-one-way-or-another dept.
Hugh Pickens DOT Com writes: "Sebastian Anthony argues that Microsoft is setting an awful precedent by caving and issuing a fix for Windows XP. 'Yes, tardy governments and IT administrators can breathe a little easier for a little bit longer,' writes Anthony, 'and yes, your mom and dad are yet again safe to use their old Windows XP beige box. But to what end? It's just delaying the inevitable.' Lance Ulanoff argues that Microsoft can't turn a blind eye the security of XP users, even though the company ended support for the 12-year-old operating system on April 8, a fact that Microsoft has been warning about for, literally, years. But this won't be the only vulnerability found in XP, says Dwight Silverman. 'If Microsoft makes an exception now, what about the flaw found after this one? And the next? And the one after that, ad infinitum?' Even though Microsoft has released a patch for the IE flaw, and Windows XP is included, it's time to move on – really. 'I don't want to hear that tired "if it ain't broke, don't fix it" line. Hey, XP IS broke, and it will just get more so over time. Upgrade to a newer version of Windows, or switch to another modern operating system, such as OS X or Linux.'"
Security

Microsoft Issues Advisory For Internet Explorer Vulnerability 152

Posted by samzenpus
from the watch-out dept.
jones_supa (887896) writes "Neowin reports how Microsoft made a rare weekend post on its Security Response Center blog to announce an advisory that affects all currently supported versions of Internet Explorer (versions 6 to 11). The issue is based on a newly discovered exploit that could be used against the web browser. The vulnerability exists in the way that IE accesses an object in memory that has been deleted or has not been properly allocated. Memory may be corrupted in a way that could allow an attacker to execute arbitrary code in the context of the current user. Microsoft is aware of 'limited, targeted attacks' that have used the exploit. IE 10 and 11 are protected against attacks using this exploit if they have their Enhanced Protected Mode turned on. Also, PCs that have either the Enhanced Mitigation Experience Toolkit 4.1 or the EMET 5.0 Technical Preview installed are also secured against this security hole. Microsoft will take the appropriate action to protect its customers by delivering a security update."
Firefox

Firefox Was the Most Attacked & Exploited Browser At Pwn2own 2014 207

Posted by Soulskill
from the foxes-provide-the-best-sport dept.
darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."
Internet Explorer

IE Vulnerability Exposing Banking Logins, Spreading Rapidly 93

Posted by Unknown Lamer
from the apt-get-wrong-operating-system dept.
jfruh writes "A vulnerability in Internet Explorer 9 and 10 that allows attackers to target banking login info, first reported on February 13, is being exploited in the wild, and attacks are spreading rapidly. Sites compromised by the malware run the gamut from U.S. Veterans of Foreign Wars site, to a site frequented by French military contractors, to a Japanese dating site. Microsoft has released a 'fix-it tool' but not a regular patch."
Internet Explorer

Microsoft's IE Is the Most Targeted Application By Security Researchers 96

Posted by Unknown Lamer
from the easy-pickings dept.
darthcamaro writes "Though Microsoft hasn't yet patched its Internet Explorer web browser in 2014, it did patch IE at least once every month in 2013. According to HP's 2013 Cyber Risk Report, more researchers tried to sell IE vulnerabilities than any other product vulnerability. 'IE is the most prevalent browser on the systems that attackers want to compromise' said Jacob West, CTO of HP's Enterprise Security Group."
Internet Explorer

IE Drops To Single-Digit Market Share 390

Posted by timothy
from the but-high-in-the-single-digits dept.
New submitter fplatten writes "I think this is all you need to see to know what legacy Steve Ballmer has left at Microsoft, where its IE browser market share has collapsed from a high of 86% in 2002 to just 9% now. I guess this is just another in a long list of tech companies that failed to maintain its dominant market share. Also, IE may be the one product that never really deserved it, but just piggybacked on Windows, and users left in droves once decent (more secure) alternatives and standards became popular." Microsoft stockholders probably don't feel too badly about the Ballmer legacy overall, though -- browser choice is a pretty small arm of the octopus.
Internet Explorer

Open Source Add-on Rewrites the User Interface of IE11 86

Posted by timothy
from the people-still-use-ie? dept.
An anonymous reader writes "This is how Internet Explorer would look if you move the tabs to the top like in other browsers. Developed as a design and UX study, the open source add-on replaces the default navigation bar and combines three traditionally separate toolbars into one. The UX project started in 2004 to demonstrate that it is feasible to combine the address, search, and find box into one. Additionally, Quero offers a variety of customization options for IE, including making the UI themeable or starting Microsoft's desktop browser always maximized."
Security

IE Zero-Day Exploit Disappears On Reboot 103

Posted by samzenpus
from the poof-it's-gone dept.
nk497 writes "Criminals are taking advantage of unpatched holes in Internet Explorer to launch 'diskless' attacks on PCs visiting malicious sites. Security company FireEye uncovered the zero-day flaw on at least one breached U.S. site, describing the exploit as a 'classic drive-by download attack'. But FireEye also noted the malware doesn't write to disk and disappears on reboot — provided it hasn't already taken over your PC — making it trickier to detect, though easier to purge. '[This is] a technique not typically used by advanced persistent threat (APT) actors,' the company said. 'This technique will further complicate network defenders' ability to triage compromised systems, using traditional forensics methods.'"
Internet Explorer

Google Ends Internet Explorer 9 Support In Google Apps 199

Posted by Unknown Lamer
from the if-only-they-did-that-with-ie6 dept.
An anonymous reader writes "Google has announced it is discontinuing support for Internet Explorer 9 in Google Apps, including its Business, Education, and Government editions. Google says it has stopped all testing and engineering work related to IE9, given that IE11 was released on October 17 along with Windows 8.1. This means that IE9 users who access Gmail and other Google Apps services will be notified 'within the next few weeks' that they need to upgrade to a more modern browser. Google says this will either happen through an in-product notification message or an interstitial page."
Internet Explorer

Why Internet Explorer Still Dominates South Korea. 218

Posted by timothy
from the stuck-in-a-rut dept.
New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."

"Our reruns are better than theirs." -- Nick at Nite

Working...