One of the AJAX improvements we adopted in IE8 from HTML5 is AJAX page navigations. In IE8 mode, we provide support for script to update the travel log components (for e.g. back/forward buttons, address bar) to reflect client-side updates to documents. This allows a better user experience where users can navigate back and forth without messing the AJAX application state.
For more information regarding the feature and sample code, refer to the Internet Explorer MIX08 Hands-on Labs for AJAX and IE8 Beta 1 for Developers. For an example of how this can be used to hook navigation in Silverlight (with sample code!), see Michael Scherotter’s blog posts titled How IE8 Enables Silverlight Deep Linking and Browser Back/Forward Navigation and IE8 Forward/Back in a Silverlight 2 (Beta 2) Application for further details.
Source- IE Blog
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Windows® SteadyState™ 2.5 is now available on Windows XP and Windows Vista. Whether you manage computers in a school computer lab or an Internet café, a library, or even in your home, Windows SteadyState helps make it easy for you to keep your computers running the way you want them to, no matter who uses them.
Windows SteadyState runs on genuine copies of Windows XP Professional, Windows XP Home Edition, Windows XP Tablet PC Edition, Windows Vista Business, Windows Vista Ultimate, Windows Vista Home Basic, Windows Vista Home Premium, and Windows Vista Starter. And, Windows SteadyState is offered free of charge to Windows Genuine Advantage customers!
SteadyState Helps Make it Easier to Manage Your Shared Computers Shared computers are commonly found in schools, Internet and gaming cafés, libraries, and community centers. It is increasingly common for owners, teachers, or non-technical personnel to manage shared computers in addition to their many other responsibilities.
Managing shared computers can be difficult, technically challenging, time-consuming, and expensive. And what’s more, without system restrictions and protections, users can inadvertently change the desktop appearance, reconfigure system settings, and introduce unwanted software, viruses, and other harmful programs. Repairing damaged shared computers can require significant time and effort.
User privacy is also an issue for shared computer environments. Shared computers often use shared user accounts that make Internet history, saved documents, and cached Web pages available to subsequent users.
Windows SteadyState provides a more effective way to help defend shared computers from changes by untrusted users and unwanted software installations. It can also help safeguard system resources.
Windows SteadyState Features Windows SteadyState includes the following features to help you manage your shared computers:
- Getting Started – Provides the initial steps to help you during your first time use of Windows SteadyState.
- Windows Disk Protection – Help protect the Windows partition, which contains the Windows operating system and other programs, from being modified without administrator approval.Windows SteadyState allows you to set Windows Disk Protection to remove all changes upon restart, to remove changes at a certain date and time, or to not remove changes at all. If you choose to use Windows Disk Protection to remove changes, any changes made by shared users when they are logged on to the computer are removed when the computer is restarted
- User Restrictions and Settings – The user restrictions and settings can help to enhance and simplify the user experience. Restrict user access to programs, settings, Start menu items, and options in Windows. You can also lock shared user accounts to prevent changes from being retained from one session to the next.
- User Account Manager – Create and delete user accounts. You can use Windows SteadyState to create user accounts on alternative drives that will retain user data and settings even when Windows Disk Protection is turned on. You can also import and export user settings from one computer to another—saving valuable time and resources.
- Computer Restrictions – Control security settings, privacy settings, and more, such as preventing users from creating and storing folders in drive C and from opening Microsoft Office documents from Internet Explorer®.
- Schedule Software Updates – Update your shared computer with the latest software and security updates when it is convenient for you and your shared users.
Download here
I’m excited to share with you details on the significant investments we’ve made in Security for Internet Explorer 8. As you might guess from the length of this post, we’ve done a lot of security work for this release. As an end-user, simply upgrade to IE8 to benefit from these security improvements. As a domain administrator, you can use Group Policy and the IEAK to set secure defaults for your network. As web-developer, you can build upon some of these new features to help protect your users and web applications.
As we were planning Internet Explorer 8, our security teams looked closely at the common attacks in the wild and the trends that suggest where attackers will be focusing their attention next. While we were building new Security features, we also worked hard to ensure that powerful new features (like Activities and Web Slices) minimize attack surface and don’t provide attackers with new targets. Out of our planning work, we classified threats into three major categories: Web Application Vulnerabilities, Browser & Add-on Vulnerabilities, and Social Engineering Threats. For each class of threat, we developed a set of layered mitigations to provide defense-in-depth protection against exploits.
Source- IE blog
Today we are releasing some details on a new IE8 feature that makes reflected / “Type-1” Cross-Site Scripting (XSS) vulnerabilities much more difficult to exploit from within Internet Explorer 8. Type-1 XSS flaws represent a growing portion of overall reported vulnerabilities and are increasingly being exploited “for fun and profit.”
The number of reported XSS flaws in popular web sites has skyrocketed recently – MITRE has reported that XSS vulnerabilities are now the most frequently reported class of vulnerability. More recently, sites such as XSSed.com have begun to collect and publish tens of thousands of Type-1 XSS vulnerabilities present in sites across the web.
XSS vulnerabilities enable an attacker to control the relationship between a user and a web site or web application that they trust. Cross-site scripting can enable attacks such as:
- Cookie theft, including the theft of sessions cookies that can lead to account hijacking
- Monitoring keystrokes input to the victim web site / application
- Performing actions on the victim web site on behalf of the victim user. For example, an XSS attack on Windows Live Mail might enable an attacker to read and forward e-mail messages, set new calendar appointments, etc.
While many great tools exist for developers to mitigate XSS in their sites / applications, these tools do not satisfy the need for average users to protect themselves from XSS attacks as they browse the web.
Source- IE Blog
As someone whose email address is posted in thousands of forum posts, newsgroup discussions, and blogs, I get a lot of spam. Of the spam I receive, a significant number of messages represent phishing attacks. Most of these lures aren’t very clever or convincing, but phishing has become a simple numbers game—hosting phishing sites is cheap, and even if only a few users fall for any given phishing attack, attackers will profit by increasing the volume of phishing campaigns.
In Internet Explorer 7, we introduced the Phishing Filter, a dynamic security feature designed to warn users when they attempt to visit known-phishing sites, and worked with partners to introduce Extended Validation certificates that light up the address bar when users visit sites with verified identity information. Beyond the Phishing Filter, Microsoft has also published educational materials on identifying phishing scams, and developed a strategy to attack phishing at multiple levels.
For Internet Explorer 8, we’ve built upon the success of the Phishing Filter feature (which blocks over a million phishing attacks weekly) to develop the SmartScreen® Filter, a replacement that improves upon the Phishing Filter in a number of important ways:
- Improved user interface
- Faster performance
- New heuristics & enhanced telemetry
- Anti-Malware support
- Improved Group Policy support
Source- IE Blog
The flaw focuses on IE’s inline frames, often used for serving ads, which typically come from a different domain than content that appears on the same Web page. Microsoft’s Internet Explorer 6, 7, and 8 beta 1 appear to contain a security flaw that could subject users who visit a malicious Web site or open a malicious e-mail message to arbitrary code. U.S. CERT has published a vulnerability note indicating Internet Explorer doesn’t handle document frames securely.
Document frames can be used to subdivide Web pages such that the content associated with each division comes from a different server or domain. These "iframes," or inline frames, often are used for serving ads, which typically come from a different domain than content that appears on the same Web page.
The problem, as U.S. CERT describes it, is that "Microsoft Internet Explorer fails to properly restrict access to a document’s frames, which may allow an attacker to modify the contents of frames in a different domain."
Source: InformationWeek
Today the IE team released the IE June Cumulative Security Update for Internet Explorer 8 Beta 1 for Developers on Windows Update. For detailed information on the contents of this update, please see the following documentation:
If you are using IE8 Beta 1 for Developers, we encourage you to download this security update through Windows Update or the Microsoft Download Center today.
Source- IE Blog
Livestation is a free software application that provides a range of live news television channels and radio stations that can be received on a computer anywhere with a basic broadband connection. You can watch television on your desktop, or on your laptop, at home, at work, on the move, or in a hotel room, provided you have a broadband internet connection or wireless access.
Livestation allows you to receive live TV and radio news from the world’s leading broadcasters on your PC, via a multi-channel interactive application on the desktop giving you a unique window on the world’s news. You can watch Livestation full screen or minimised to fit in the corner of your screen, enabling you to carry on with other tasks while also keeping an eye on the news. You can flick between channels, just as you would on your TV set.
Livestation is legal, safe, free and comes with no strings attached.
Current features include:
- High quality live audio and video
- Channel selection and programme guide
- Programme information overlay
- Ability to scale player window from 50% to 200%
- Always on top window setting
- Full screen playback option
- Volume control and mute.
Other functions, including support for subtitles and audio description, and many other interactive features, will be added in future releases.
What’s new in Livestation 1.0.76.7:
- Personalise your player with your own channels(stream bookmarks).
- Bookmark your own channels, tag them, search for them
- Watch your own channels in Livestation.
- Twitter integration [view full changelog]
Minimum requirements:
* Windows XP Service Pack 2 or Vista
* Internet Explorer 6+
* 1.5 Ghz processor
* A network of at least 800 kbps.
* Microsoft Silverlight
* Free registration: Publisher’s website
Notes: This is a pre-release version of the Livestation player which may not include all the final features and may have faults or flaws. Please only install and use this version of the Livestation player if you are comfortable using pre-release software.
Livestation is available for download at this address
Link: Livestation Home Page
View: Source & Screenshots
Ankur Mittal | July 15, 2008
