Click here to receive your FREE subscription to Campus Technology
News
Tougher Security Planned for Internet Explorer 8
7/7/2008
|
|
In the wake of a report suggesting that Microsoft's Internet Explorer was the least secure of all leading Web browsers, Redmond Wednesday touted the security features expected to appear in IE 8. The company is promising nothing less than "comprehensive protection" with IE 8's new features.
IE 8's upcoming bells and whistles were described by Eric Lawrence, Microsoft's security program manager for IE, in a blog post. The browser is currently available to the public only in beta test form.
New security functions in IE 8 include the blocking of code that exploits cross-site-scripting (XSS) vulnerabilities, plus local browser defense functions and upload controls for streamed data. IE 8 will also include translation functions to help users stay safe as they input and output data on social networking sites.
The flagship feature will be the deflection of XXS vulnerabilities. Such exploits typically take advantage of holes in Web applications to siphon out search or surf history by swiping info on cookies and other data. Such stolen info can then be used to visit sites where passwords may have been saved at logon interfaces. It can also be used to vandalize, change or delete critical data on a workstation or network.
In the blog, Microsoft's Lawrence wrote that "Preventing XSS on the server-side is much easier that catching it at the browser…[you] simply never trust user input. Most web platform technologies offer one or more sanitization technologies -- developers using ASP.NET should consider using the Microsoft Anti-Cross Site Scripting Library."
Local browser defense functions in IE 8 will be able to contain threats to an application running on an individual workstation. It will stop hackers on a local machine before they branch out onto the network. This fix is crucial, considering the rise in attacks that can give a hacker network access through just one PC in an enterprise environment.
A SmartScreen Filter feature in IE 8 will serve as an upload control, tagging suspicious activity on sites known for attacks. It will display a big warning over a red background before the page even loads. The user will have the option to either "disregard" or "continue" visiting the site.
Recommended Reading
- Tufts Grants Rights for Mileage-Increasing Transportation Technology to Electric Truck
Tufts University has optioned rights to a technology that can recharge the batteries of any hybrid electric and electric-powered vehicle while it is driven. The Tufts-developed technology could increase by 20 percent to 70 percent the miles per gallon or total driving range performance of vehicles like the Honda Civic, Ford Escape, and Toyota Prius hybrids and the Tesla Motors and Phoenix Motorcars electric vehicles.
- U Florida and Cyntellect Collaborate to Unlock Mysteries of Cancer Stem Cells
The University of Florida has entered into a research agreement with life sciences company Cyntellect. The university's Interdisciplinary Center for Biotechnology Research will work with the company to focus on a variety of research areas including the purification and analysis of cancer stem cells (CSCs), rare cells believed to be directly involved in propagating cancers.
- George Mason U Receives Grant To Deploy Intergraph Apps for Intelligence Curriculum
George Mason University (GMU) in Fairfax, VA has been awarded a grant from Intergraph to enable students enrolled in GMU's Geospatial Intelligence Graduate Certificate program to use the company's geospatial production and exploitation software as part of their core curriculum.
- Institute for Cyber Security at U Texas, San Antonio Opens Incubator
The University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS) has launched a new Internet security incubator. The incubator was developed to commercialize promising technologies that address major cyber security and privacy issues. The first companies to enter the incubator are Denim Labs and SafeMashups.
- ISO/IEC Publishes Office Open XML Standard
ISO/IEC has published the Office Open XML (OOXML) file format standard, formally known as ISO/IEC 29500:2008. It describes file formats originally designed by Microsoft for its Office 2007 productivity suite, which are used in presentation, spreadsheet and word processing applications.
- Dynamics NAV 2009 ERP Coming Next Month
Microsoft exec Kirill Tatarinov Wednesday described some new features to expect in the forthcoming Microsoft Dynamics NAV 2009 enterprise resource planning solution. He gave the keynote address at Microsoft's Convergence 2008 event in Copenhagen, Denmark.
