Security Basics mailing list archives
RE: Internet Explorer 8 beta and xss filter...
From: "Mike Theriault" <Mike_Theriault () Jabil com>
Date: Wed, 9 Jul 2008 11:46:45 -0400
I'm glad to see that Microsoft is taking steps to improve the security of IE as well. Let's not forget that type-1 XSS attacks can be prevented by disabling active scripting. Firefox in conjunction with "NoScript" has done a great job in this area by allowing you to customize active scripting for a given site, but unfortunately for IE it's all or nothing so disabling scripting does not lend itself well to usability because so many sites leverage it. I hope IE8 gives you a greater level of granularity and control over the scripting runtime than what IE offers today. Regards, Mike Theriault Corporate Application Security Engineer "We preserve our freedoms by using four boxes: soap, ballot, jury, and cartridge." -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adam Pal Sent: Wednesday, July 09, 2008 7:50 AM To: Jorge L. Vazquez Cc: security-basics; security focus listbounce Subject: Re: Internet Explorer 8 beta and xss filter... Hello Jorge, The link you submited describes the protection offered by IE8 as "to protect against Type-1 XSS attacks", from this point of view i`d expect that the number of unintended attacks decrease. Of course, there are also other types and the attackers will find a possibility to pass through IE8-protection. But i dont expect IE8 to _stop_ XSS, the attack is against a web application, not against a browser, the point is just that it was not visible to innocent users, which will change from now on. I consider it as a "plus" for Microsoft that they take this threat seriously and start integrating such protections into their own browsers. -- Best regards, Adam Pal Tuesday, July 8, 2008, 1:02:37 AM, you wrote: <==============Original message text=============== JLV> hey guys... JLV> just came across this article that describes the new security features JLV> on IE 8 beta specially the XSS filter. JLV> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1319861, 00.html# JLV> do you think this will put a stop on xss attacks by Microsoft and their JLV> new browser? JLV> thanks JLV> Jorge L. Vazquez JLV> www.pctechtips.org <===========End of original message text===========
Attachment:
smime.p7s
Description:
Current thread:
- Internet Explorer 8 beta and xss filter... Jorge L. Vazquez (Jul 08)
- Re: Internet Explorer 8 beta and xss filter... Adam Pal (Jul 09)
- RE: Internet Explorer 8 beta and xss filter... Mike Theriault (Jul 10)
- Re: Internet Explorer 8 beta and xss filter... Adam Pal (Jul 09)