Jake writes with this excerpt from Ars: "Microsoft is warning about a new piece of malware, Rogue:MSIL/Zeven, that auto-detects a user's browser and then imitates the relevant malware warning pages from Internet Explorer, Firefox, or Chrome. The fake warning pages are very similar to the real thing; you have to look closely to realize they aren't the real thing. The ploy is a basic social engineering scheme, but in this case the malware authors are relying on the user's trust in their browser, a tactic that hasn't been seen before. Beyond the warning pages, the actual malware looks like the real deal: it allows you to scan files, tells you when you're behind on your updates, and enables you to change your security and privacy settings. Performing a scan results in the product finding malicious files, but of course it cannot delete them unless you update, which requires paying for the full version. Attempting to buy the product will open an HTML window that provides a useless 'Safe Browsing Mode' with high-strength encryption. To top it all off, the rogue antivirus webpage looks awfully similar to the Microsoft Security Essentials webpage; even the awards received by MSE and a link to the Microsoft Malware Protection Center have been copied."

Trailrunner7 writes "A Spanish security researcher has discovered a new vulnerability in Apple's QuickTime software that can be used to bypass both ASLR and DEP on current versions of Windows and give an attacker control of a remote PC. The flaw apparently results from a parameter from an older version of QuickTime that was left in the code by mistake. It was discovered by Ruben Santamarta of Wintercore, who said the vulnerability can be exploited remotely via a malicious Web site. On a machine running Internet Explorer on Windows 7, Vista or XP with QuickTime 7.x or 6.x installed, the problem can be exploited by using a heap-spraying technique. In his explanation of the details of the vulnerability and the exploit for it, Santamarta said he believes the parameter at the heart of the problem simply was not cleared out of older versions of the QuickTime code. 'The QuickTime plugin is widely installed and exploitable through IE; ASLR and DEP are not effective in this case and we will likely see this in the wild,' said HD Moore, founder of the Metasploit Project."

An anonymous reader writes "Software giant Microsoft's Internet Explorer turned 15 years old on Monday. The company recently said it would launch the Internet Explorer 9 public beta version on September 15, 2010. The software giant launched the first version of the browser, Internet Explorer 1, on August 16, 1995. It was a revised version of Spyglass Mosaic, which Microsoft had licensed from Spyglass Inc."

peterkern writes "The July browser market share reports are somewhat inconsistent, but if we believe StatCounter, then it looks like Firefox will be overtaking Microsoft IE's market share next month. The two browsers are both within 1 point of 40% market share, IE above and Firefox below. Europeans are more crazy about Firefox than Americans: In Germany, Firefox has a 61% market share, while IE has only 25%. Google Chrome is, according to StatCounter, now above 10%. ConceivablyTech has more details, including market share data from both StatCounter and Net Applications (which as of this month is limiting its free data)."

phantomfive writes "The company everyone loves to hate is after your private information, as the Wall Street Journal reports. The IE8 design team had planned on adding the best privacy features available, but the advertising executives wanted to track users. From the story: 'In the end, the product planners lost a key part of the debate. The winners: executives who argued that giving automatic privacy to consumers would make it tougher for Microsoft to profit from selling online ads. Microsoft built its browser so that users must deliberately turn on privacy settings every time they start up the software.'"

pcardno writes "The UK government has responded to a petition encouraging government departments to move away from IE6 that had over 6,000 signatories. Their response seems to be that a fully patched IE6 is perfectly safe as long as firewalls and malware scanning tools are in place, and that mandating an upgrade away from IE6 will be too expensive. The second part is fair enough in this age of austerity (I'd rather have my taxes spent on schools and hospitals than software upgrade testing at the moment), but the whole reaction will be a disappointment to the petitioners." Update: 07/31 11:43 GMT by S : Dan Frydman, the man who launched the petition, has posted a response to the government's decision.

rsk writes "Internet Explorer 6, 7 and to some extent 8 have been the bane of every CSS-loving web developer for years. With the spreading adoption of CSS3's fancier rendering effects, like rounded edges, drop shadows and linear gradients, the frustration of needing to deal with IE compatibility is growing. 327 Creative's Jason Johnston has created the CSS3 Pie library to address this. CSS3 Pie adds support for CSS3's most popular rendering techniques to Internet Explorer 6, 7 and 8 by way of the IE-only CSS property 'behavior.' CSS3 Pie is open sourced under the Apache 2 license and can be accessed from its github repository."

An anonymous reader writes "Over on the IE blog they have a rundown of IE9's hardware accelerated support for the canvas element. They write, 'With the recent release of the latest IE9 platform preview, we talked about how we're rebuilding the browser to use the power of your whole PC to browse the web, and to unlock a new class of HTML5 applications. One area that developers are especially excited about is the potential of HTML5 canvas. Like all of the graphics in IE9, canvas is hardware accelerated through Windows and the GPU. In this blog post we discuss some of the details behind canvas and the kinds of things developers can build.'"

An anonymous reader writes "Longtime Microsoft watcher Mary Jo Foley used her Redmond magazine column this month to point out that after years of arguing that the browser is 'inextricably linked' to the operating system, the company's current push to get users to drop IE 6 for newer versions, plus IE's separate release schedule, are disproving its own argument. From the article: 'Microsoft has insisted that its browser is part of Windows, and, ironically, that's coming back to haunt the company. Customers can mix and match different versions of IE with different versions of Windows. ... But Microsoft has done very little to get this message out there. I'd argue this is because it makes plain the absurdity of the company's claims that IE is part of Windows.'"

wiredmikey writes "A new password cracking tool released today instantly reveals cached passwords to websites in Microsoft Internet Explorer, and mailbox and identity passwords in all versions of Microsoft Outlook Express, Outlook, Windows Mail, and Windows Live Mail."

An anonymous reader writes "Microsoft's Internet Explorer 9 development team has announced the availability of the third IE9 platform preview release on the IE blog. Dean Hachamovitch writes, 'The third Platform Preview of Internet Explorer 9, available now, continues the deep work around hardware acceleration to enable the same standards-based markup to run faster. This is the latest installment of the rhythm we started in March, delivering platform preview releases approximately every eight weeks and listening to developers. You'll see more performance, same markup, and hardware-accelerated HTML5.' The announcement focuses on cross-browser compatibility, noting that when 'developers spend less time rewriting their sites to work across browsers they have more time to create amazing experiences on the Web.' Curiously, however, the video embedded in the page works only in some browsers. Dear Microsoft, IE9 supports many royalty-free, web-compatible formats out of the box (HTML, CSS, WOFF, PNG, and the like) so why not at least one more?"

yanyan writes "I'm fairly new to the field of web application development. Currently I'm working on a big online ticketing system for passage and freight for a local shipping company. It's a one-man show and the system is written in Ruby and uses Rails. Aside from the requisite functionality of creating bookings the system must also print reports and tickets, and this is where I've discovered (the hard way) that most, if not all, browsers fall short. I've had to switch from Firefox 3.6.3 to Opera 10.53 because of a major printing bug in Firefox, but the latest stable Opera is also giving me its own share of problems. To complicate things, an earlier version of Opera (10.10) doesn't appear to have 10.53's printing problems, but I'm wary. What browsers and specific versions do you end up deploying for use with big, complex web apps that include printing? Also consider CSS accuracy and consistency."

Ricky writes with a followup to news we discussed a couple days ago that a Microsoft toolbar update was installing an IE add-on and a Firefox extension without the user's consent. Quoting Ars: "Microsoft has fixed the distribution scope of a toolbar update that, without the user's knowledge, installed an add-on in Internet Explorer and an extension in Firefox called Search Helper Extension. Microsoft told us that the new update is actually the same as the old one; the only difference is the distribution settings. In other words, the update will no longer be distributed to toolbars that it shouldn't be added to. End users won't see the tweak, Microsoft told Ars, and also offered an explanation on what the mystery add-on actually does. 'The Search Enhancement Pack is a shared component used by the Windows Live Toolbar, MSN Toolbar, and Bing Bar. This component enables toolbar search functionality, like the toolbar search suggestions drop down. It is not the toolbar. It is a component used by the toolbars.'"

Jan writes "As part of its regular Patch Tuesday, Microsoft released an update for its various toolbars, and this update came with more than just documented fixes. The update also installs an add-on for Internet Explorer and an extension for Mozilla Firefox, both without the user's permission."

Andreas(R) writes "Microsoft has published a set of HTML5 tests comparing Internet Explorer 9 to other web browsers. In Microsoft's own tests, IE9 performs 100% on all tests. However, the Internet Explorer 9 HTML5 Canvas Campaign has published results that show that Internet Explorer gets 0% on all their tests." The results reported here are selected with tongue in cheek: "Therefore, we'll also present shameless results from tests which have been carefully selected to give the results that the PR department has demanded."

Barence writes "The man in charge of Internet Explorer has told PC Pro that he's been tasked with destroying IE6. Internet Explorer 6 continues to be the most used browser version in the world at the ripe old age of nine. IE6's position as the default browser in Windows XP means many companies still cling to the browser. 'Part of my job is to get IE6 share down to zero as soon as possible,' said Ryan Gavin, head of the Internet Explorer business group. Microsoft has also been giving further previews of Internet Explorer 9, with demonstrations showing two 720p HD videos running simultaneously on a netbook, thanks to IE9's GPU-accelerated graphics."

jlp2097 writes "There is a new article up on Microsoft's IEBlog explaining why IE9 will support only the H.264 codec: 'First and most important, we think it is the best available video codec today for HTML5 for our customers. Relative to alternatives, H.264 maintains strong hardware support in PCs and mobile devices as well as a breadth of implementation in consumer electronics devices around the world, excellent video quality, scale of existing usage, availability of tools and content authoring systems, and overall industry momentum – each an important factor that contributes to our point of view. H.264 also provides the best certainty and clarity with respect to legal rights from the many companies that have patents in this area.'"

An anonymous reader writes "Predicting that Microsoft will lose market share from month to month isn't especially difficult. Yet it is amazing to see the downfall of what was once a bastion for Microsoft. It appears that Microsoft can't defend IE against Firefox and, as it seems, Google's Chrome. Net Applications now believes that IE has a share of less than 60%, which is about the range that IE had in early 1999, when IE5 was launched. IE is now officially back in the 1990s. Chrome, by the way, is the fastest growing browser, both in absolute numbers and percentages. It is well ahead of Safari and more than tripled its share within 12 months."

alphadogg writes "Security experts, industry analysts, and even Microsoft recommend that IT departments upgrade Internet Explorer 6, yet new research shows that while there may have recently been a mock funeral for the aging browser, IE6 is still around and doing well, especially during standard business hours." The article says that they are seeing 6-13% peaking during business hours. Around here we see less than 1.5% IE6, but since we see only 10% IE in general, I imagine we're just lucky.

Blue Taxes writes "The cross-site scripting filter that ships with Microsoft's Internet Explorer 8 browser can be abused by attackers to launch cross-site scripting attacks on websites and web pages that would otherwise be immune to this threat. The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server's response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack cannot succeed. The researchers figured out a way to use IE8's altered response to conduct simple abuses and universal cross-site scripting attacks, which worked against sites that would not otherwise have been vulnerable to XSS." Here is the researchers' backgrounder (PDF) on the attack. Microsoft says that they have issued two patches that address the issue, but the researchers insist that holes remain.
Update: 04/20 14:06 GMT by KD : Microsoft's Security Response Center has issued a statement on the vulnerability.