Archive for Internet-Explorer tag
One small step for web standards, one giant download for automatic update
Internet Explorer 7 has just offered to install itself on my machine helpfully already downloaded, all 14.8MB, by Windows Automatic Update.
One can assume that IE’s market share will shift from 6 to 7 practically overnight unless significant numbers reject the update or have switched Automatic Update off completely.
This shift should hopefully mean that web developers can finally start using more of the CSS and XHTML standards we’ve been experimenting with for the last few years whilst waiting for Microsoft to play catch-up.
Sure IE7 isn’t perfect but the improved PNG support is better than a kick in the teeth.
Even if you don’t like Firefox you can thank it’s increasing presence for putting the pressure on Microsoft enough to reassemble an IE team for another release.
Happy All Hallows Eve and goodbye October 2006,
[)amien
Stupid defaults: Internet Explorer 7
Some people just love shipping applications with the stupidest possible default settings.
Internet Explorer 7.0 seems to be just one such application.
If turning on the automatic phishing filter is recommended why does it default to off?
Why does IE7 feel the need to ignore your Windows setting for ClearType and implement it’s own?
If it’s the case that they want more people to use ClearType then how about turn on the setting in Windows?
Finally, my favourite – language which just screams that your language and preference is obviously inferior and you made a mistake.
You should switch to United States at ONCE!
Perhaps they might be able to change it for whilst IE7 is now released and wild at least this configuration page is up on msn.com so they could change it there…
[)amien
Phishing with IDN’s
Currently “hot news” is the fact that Firefox, Mozilla and Safari browsers have been demonstrated as susceptible to a new form of phishing attack.
Basically all these browsers support International Domain Names (IDN) that let you use the full Unicode set of foreign characters and symbols, and some of these foreign characters while technically different from the Latin ones look identical. In the case demonstrated they have used the Arabic a to replace a Latin a in “Paypal” to get another site. This isn’t really anything new, even the original RFC commented on how this would be a problem and the IETF issued guidelines that would have limited their scope if only Verisign actually implemented them. (Specifically the guideline for preventing mixing of languages within a domain name would reduce the scope for attack considerably).
One thing that is amusing is the Internet Explorer fan boy reaction that their browser isn’t susceptible. This is true but only because Microsoft hasn’t added IDN support to IE, instead recommending you install a third-party plug-in to do it.
Head over to Verisign, install the plug-in, and you too can have exactly the same “exploit”.
Some 12 hours later it appears the rest of the world twigs and Secunia issues this advisory.
[)amien