Fugitif
05.07.2008, 22:16
Microsoft addresses XSS in Internet Explorer
Microsoft is planning to add a series of new security features to the next version of its Internet Explorer browser, including protection against cross-site scripting attacks.
A beta version of IE 8 is due out in August, and along with the XSS filter, it will include a filter designed to provide better protection against phishing attacks, features that make it easier for developers to request resources and share information across domains, and some changes to the way that ActiveX controls are handled by the browser. Specifically, developers will be able to write controls that are only available for the individual user who downloads them..
The announcement of the new security features in IE 8 came just a week after the release of Firefox 3, the latest version of IE's main competition in the browser world. Firefox 3 also includes updated antimalware and antiphishing capabilities and several other security updates. Microsoft has been fighting to repair the security reputation of IE for several years, since the initial release of Firefox, which the Mozilla Foundation has positioned as a more secure alternative to IE.
But Microsoft has been making steady progress on the security of its ubiquitous browser in recent versions, and IE 8 serves to further that cause. The most intriguing and potentially most useful feature in the new browser is the XSS filter, which is built to protect against Type-1 XSS attacks. These attacks are among the more common ones online right now, and many non-technical users have little idea that they even exist, let alone what to do about them. The XSS filter in IE 8 monitors all of the requests and responses made by the browser and automatically disables XSS attacks when they're detected. Users will see a modified version of the requested page, showing them that the attack was blocked
More:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1319861,00.html#
Microsoft is planning to add a series of new security features to the next version of its Internet Explorer browser, including protection against cross-site scripting attacks.
A beta version of IE 8 is due out in August, and along with the XSS filter, it will include a filter designed to provide better protection against phishing attacks, features that make it easier for developers to request resources and share information across domains, and some changes to the way that ActiveX controls are handled by the browser. Specifically, developers will be able to write controls that are only available for the individual user who downloads them..
The announcement of the new security features in IE 8 came just a week after the release of Firefox 3, the latest version of IE's main competition in the browser world. Firefox 3 also includes updated antimalware and antiphishing capabilities and several other security updates. Microsoft has been fighting to repair the security reputation of IE for several years, since the initial release of Firefox, which the Mozilla Foundation has positioned as a more secure alternative to IE.
But Microsoft has been making steady progress on the security of its ubiquitous browser in recent versions, and IE 8 serves to further that cause. The most intriguing and potentially most useful feature in the new browser is the XSS filter, which is built to protect against Type-1 XSS attacks. These attacks are among the more common ones online right now, and many non-technical users have little idea that they even exist, let alone what to do about them. The XSS filter in IE 8 monitors all of the requests and responses made by the browser and automatically disables XSS attacks when they're detected. Users will see a modified version of the requested page, showing them that the attack was blocked
More:
http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1319861,00.html#