Script Polyglots

Lately, there’s been a resurgence of interest in hiding script inside files of other types; sometimes this is known as a polyglot file. On Twitter, there’s been some excitement about a new tool that creates GIF/JavaScript polyglots. As you can see in the example provided in the aforementioned blog, when referenced as the source of…

0

Downloading ZIP-Based Formats

More and more file formats are based on the ZIP format. The Open Packaging Conventions use ZIP as a base format, and that means frameworks like .NET’s System.IO.Packaging also generate files that are valid ZIP files. The Office 2007+ formats are ZIP-based, and more personally, Fiddler’s SAZ Format is ZIP-based. Unfortunately, this trend toward ZIP-based…

4

Understanding Once-Per-Session Cache Validation

Last year, I wrote about the IE9 improvements in heuristic expiration, which apply when a server fails to specify how long a cached resource should be treated as fresh. Heuristic Expiration works by calculating an implicit freshness lifetime from the Last-Modified timestamp on the cached resource and the timestamp at which the resource was downloaded from…

7

First IE9 Update Now Available

As announced over on the IEBlog, the first update for IE9 is now available. When this update is installed, the IE Help > About screen will indicate that the IE version is 9.0.1. Please note that this is a display only change and it is not reflected in the User-Agent String, Conditional Comments, or the…

8

Download Resumption in Internet Explorer

While most file downloads are quickly and successfully completed, some large downloads take a long time to complete, and may be interrupted in the middle by either the user choosing to “Pause” or due to networking glitches (e.g. WiFi connection dropped). One of the significant enhancements in the IE9 Download Manager is enhanced support[1] for…

18

Consent and Browser Refreshes

Modern browser APIs like the GeoLocation API are designed to have an asynchronous consent experience, whereby the API simply will not undertake a privileged action until the user consents. Unfortunately, many browser features like popup windows and ActiveX controls were designed before privilege limitations were introduced, and many websites are designed with the expectation that…

12

Socially-Engineered XSS Attacks

When the IE team talks about Cross-Site-Scripting (XSS) attacks, we’ve usually grouped them into three categories Type 0: DOM-based XSS Type 1: “Reflected” XSS Type 2: Persistent/Stored XSS DOM-APIs like toStaticHTML enable pages to protect themselves against Type 0 attacks. The Internet Explorer XSS Filter can block Type 1 attacks by detecting reflected script and…

7

Browser Helper Objects for Windows Explorer

Thanks to TuxExplorer for reminding me to blog about this. Both Windows Explorer and Internet Explorer are able to load extensions known as Browser Helper Objects (BHOs). BHOs are a minimal extensibility point into both the shell and the browser, allowing extensions to sync to events and react accordingly. For instance, the Mouse Gestures add-on…

3

Everything you need to know about Authenticode Code Signing

In today’s post, I’ll be discussing the use of Authenticode to sign software programs; this post will be of interest primarily to software developers. Large software companies (like Microsoft) often have an entire team dedicated to the code-signing and release process, but even (especially) small software publishers should sign their code. In this post, I’ll…

28

IE9 Final RTW Minor Changes List

This is the third and last post in the Minor Changes series; it covers changes in the final Release-to-Web (RTW) version of Internet Explorer 9. IE9 Beta Minor Changes List IE9 Release Candidate (RC) Minor Changes List The Release Candidate was Platform Complete, meaning that the Internet Explorer team worked hard to avoid making any…

7