DroidJason1 (3589319) writes "Microsoft is looking to create a more open dialog between the Internet Explorer team and the Web development community by announcing Internet Explorer Developer Channel. IE Dev Channel allows you to preview the next version of Internet Explorer (IE12) alongside and independently of IE11. Web developers can download and test drive the latest IE platform features, something developers were already able to do with Firefox and Chrome. This preview release even offers support of the emerging Gamepad API, allowing you to use your Xbox controller to play games in IE!"
Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.
An anonymous reader writes "Microsoft today confirmed the rumors of a new edition of its latest operating system by unveiling Windows 8.1 with Bing. The company says the main purpose of the new SKU is to allow its hardware partners to sell lower-cost Windows devices; the first ones with the new edition will be announced next month at Computex in Tapei. Windows 8.1 with Bing is exactly like Windows 8.1 with the recently released Windows 8.1 Update, with one major difference: Bing is set as the default search engine in Internet Explorer. Users can still change that option in IE's search engine settings, but OEMs do not have that luxury."
Hugh Pickens DOT Com writes: "Sebastian Anthony argues that Microsoft is setting an awful precedent by caving and issuing a fix for Windows XP. 'Yes, tardy governments and IT administrators can breathe a little easier for a little bit longer,' writes Anthony, 'and yes, your mom and dad are yet again safe to use their old Windows XP beige box. But to what end? It's just delaying the inevitable.' Lance Ulanoff argues that Microsoft can't turn a blind eye the security of XP users, even though the company ended support for the 12-year-old operating system on April 8, a fact that Microsoft has been warning about for, literally, years. But this won't be the only vulnerability found in XP, says Dwight Silverman. 'If Microsoft makes an exception now, what about the flaw found after this one? And the next? And the one after that, ad infinitum?' Even though Microsoft has released a patch for the IE flaw, and Windows XP is included, it's time to move on – really. 'I don't want to hear that tired "if it ain't broke, don't fix it" line. Hey, XP IS broke, and it will just get more so over time. Upgrade to a newer version of Windows, or switch to another modern operating system, such as OS X or Linux.'"
jones_supa (887896) writes "Neowin reports how Microsoft made a rare weekend post on its Security Response Center blog to announce an advisory that affects all currently supported versions of Internet Explorer (versions 6 to 11). The issue is based on a newly discovered exploit that could be used against the web browser. The vulnerability exists in the way that IE accesses an object in memory that has been deleted or has not been properly allocated. Memory may be corrupted in a way that could allow an attacker to execute arbitrary code in the context of the current user. Microsoft is aware of 'limited, targeted attacks' that have used the exploit. IE 10 and 11 are protected against attacks using this exploit if they have their Enhanced Protected Mode turned on. Also, PCs that have either the Enhanced Mitigation Experience Toolkit 4.1 or the EMET 5.0 Technical Preview installed are also secured against this security hole. Microsoft will take the appropriate action to protect its customers by delivering a security update."
darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."
jfruh writes "A vulnerability in Internet Explorer 9 and 10 that allows attackers to target banking login info, first reported on February 13, is being exploited in the wild, and attacks are spreading rapidly. Sites compromised by the malware run the gamut from U.S. Veterans of Foreign Wars site, to a site frequented by French military contractors, to a Japanese dating site. Microsoft has released a 'fix-it tool' but not a regular patch."
darthcamaro writes "Though Microsoft hasn't yet patched its Internet Explorer web browser in 2014, it did patch IE at least once every month in 2013. According to HP's 2013 Cyber Risk Report, more researchers tried to sell IE vulnerabilities than any other product vulnerability. 'IE is the most prevalent browser on the systems that attackers want to compromise' said Jacob West, CTO of HP's Enterprise Security Group."
New submitter fplatten writes "I think this is all you need to see to know what legacy Steve Ballmer has left at Microsoft, where its IE browser market share has collapsed from a high of 86% in 2002 to just 9% now. I guess this is just another in a long list of tech companies that failed to maintain its dominant market share. Also, IE may be the one product that never really deserved it, but just piggybacked on Windows, and users left in droves once decent (more secure) alternatives and standards became popular." Microsoft stockholders probably don't feel too badly about the Ballmer legacy overall, though -- browser choice is a pretty small arm of the octopus.
An anonymous reader writes "This is how Internet Explorer would look if you move the tabs to the top like in other browsers. Developed as a design and UX study, the open source add-on replaces the default navigation bar and combines three traditionally separate toolbars into one. The UX project started in 2004 to demonstrate that it is feasible to combine the address, search, and find box into one. Additionally, Quero offers a variety of customization options for IE, including making the UI themeable or starting Microsoft's desktop browser always maximized."
nk497 writes "Criminals are taking advantage of unpatched holes in Internet Explorer to launch 'diskless' attacks on PCs visiting malicious sites. Security company FireEye uncovered the zero-day flaw on at least one breached U.S. site, describing the exploit as a 'classic drive-by download attack'. But FireEye also noted the malware doesn't write to disk and disappears on reboot — provided it hasn't already taken over your PC — making it trickier to detect, though easier to purge. '[This is] a technique not typically used by advanced persistent threat (APT) actors,' the company said. 'This technique will further complicate network defenders' ability to triage compromised systems, using traditional forensics methods.'"
An anonymous reader writes "Google has announced it is discontinuing support for Internet Explorer 9 in Google Apps, including its Business, Education, and Government editions. Google says it has stopped all testing and engineering work related to IE9, given that IE11 was released on October 17 along with Windows 8.1. This means that IE9 users who access Gmail and other Google Apps services will be notified 'within the next few weeks' that they need to upgrade to a more modern browser. Google says this will either happen through an in-product notification message or an interstitial page."
New submitter bmurray7 writes "You might think that the country that has the fastest average home internet speeds would be a first adapter of modern browsers. Instead, as the Washington Post reports, a payment processing security standard forces most South Koreans to rely upon Internet Explorer for online shopping. Since the standard uses a unique encryption algorithm, an ActiveX control is required to complete online purchases. As a result, many internet users are in the habit of approving all AtivceX control prompts, potentially exposing them to malware."
An anonymous reader writes with this excerpt from The Register: "The Windows 8.1 rollout has hit more hurdles: the new version 11 of Internet Explorer that ships with the operating system does not render Google products well and is also making life difficult for users of Microsoft's own Outlook Web Access webmail product. The latter issue is well known: Microsoft popped out some advice about the fact that only the most basic interface to the webmail tool will work back in July. It seems not every sysadmin got the memo and implemented Redmond's preferred workarounds, but there are only scattered complaints out there, likely because few organisations have bothered implementing Windows 8.1 yet." Also from the article: "Numerous reports suggest that IE 11 users can once again enjoy access to all things Google if they un-tick the IE 11 option to 'Use Microsoft Compatibility lists.'" And here's Microsoft KB work around.
hypnosec writes "Microsoft paid out over $28,000 in rewards under its first ever bug-bounty program that went on for a month during the preview release of Internet Explorer 11 (IE11). The preview bug bounty program started on June 26 and went on till July 26 with Microsoft revealing at the time that it will pay out a maximum of $11,000 for each IE 11 vulnerability that was reported. Microsoft paid out the $28k to a total of six researchers for reporting 15 different bugs. According to Microsoft's 'honor roll' page, they paid $9,400 to James Forshaw of Context Security for pointing out design level vulnerabilities in IE11 as well as four IE11 flaws. Independent researcher Masato Kinugawa was paid $2,200 for reporting two bugs. Jose Antonio Vazquez Gonzalez of Yenteasy Security Research walked off with $5,500 for reporting five bugs while Google engineers Ivan Fratric and Fermin J. Serna were each handed out $1,100 and $500 respectively."
An anonymous reader writes "Microsoft is investigating a new remote code execution vulnerability in Internet Explorer and preparing a security update for all supported versions of its browser (IE6, IE7, IE8, IE9, IE10, and IE11). The company has issued a security advisory in the meantime because it has confirmed reports that the issue is being exploited in a 'limited number of targeted attacks' specifically directed at IE8 and IE9."
Hugh Pickens DOT Com writes "Ryan Vogt writes in the Mercury News that Shakespeare described death as 'the undiscovere'd country, from whose bourn no traveller returns.' Did you know there is a the miraculous way to resuscitate tabs sent to the 'undiscovere'd country,' a sort of Ctrl-Z for the entire Internet, that means 'no more called-out cusswords, no more wishing the back button had you covered when, aiming to click on a tab, you accidentally hit the little X on the tab's starboard.' For Macs: Command [plus] shift [plus] t reopens the last tab. For PCs: Ctrl [plus] Shift [plus] T. 'Try it right now. Close this tab and bring it back. I dare ya.' Melia Robinson's trick [described for Chrome] works in Firefox and Internet Explorer, too, so clumsy mousing won't send the the E*Trade tab you mistakenly closed all cued up to sell those 10,000 shares of stock or your long political post on your uncle's Facebook page on a one-way trip to the undiscovere'd country in those browsers, either." No guarantees on the stock trading.
chicksdaddy writes "Lucre from Microsoft's newly minted bug bounty program is lining the pockets of Google researchers. Two Google employees earned the distinction of receiving some of the first (official) monetary rewards under the company's bounty program. Fermín Serna, a researcher in Google's Mountain View, California headquarters, said he received a bounty issued by Microsoft this week for information on an Internet Explorer information leak that could allow a malicious hacker to bypass Microsoft's Address Space Layout Randomization (or ASLR) technology. His bounty followed the first ever (officially) paid to a researcher by Microsoft: a bounty that went to Serna's colleague, Ivan Fratic, a Google engineer based in Zurich, Switzerland, for information about a vulnerability in Internet Explorer 11 Preview. Serna declined to discuss the details of his discovery until Microsoft had a patch ready to release. But he said that any weakness in ASLR warranted attention. 'Mainly all security mitigations in place depend on ASLR. So bringing that one down, weakens the system a lot and makes it easy the exploitation of other vulnerabilities,' he said. As for his bounty, Serna (whose resume includes work for Microsoft on the MSRC Engineering team) said it was 'way less' than the maximum $11,000 bounty for a full, working exploit that bypasses all the Windows 8 mitigations (which includes ASLR as well as the Data Execution Prevention or DEP technology). 'But still nice!'"
rescendent writes sends this report about new features in Internet Explorer 11: "Microsoft released Windows Server ("Blue") to MSDN subscribers today, ahead of the BUILD conference later this week in San Francisco. The build provides us a number of clues as to what we will see in the official Windows 8.1 (Blue) preview. The server build number is 9341, the Windows 8.1 preview build will be: 6.3.9431.winmain_bluemp.130615-1214. IE11 scores 351/500 + 2 bonus point, and 25/25 for WebGL. Since this is a server build, the score may be a little higher than IE11 on Win 8.1, but this confirms WebGL for IE11. IE11 WebGL Conformance Test Results: 14,748 of 20,509 tests pass (71.9%). Many things seen in the Server 2012 R2 preview will also show up in the Windows 8.1 preview."
judgecorp writes "Microsoft has sponsored research that indicates that its Internet Explorer browser uses less power than the competition, Firefox and Google (there's no explanation of what causes the difference). However, the difference in power use is not really significant — it's about one Watt when browsing. Browsing for 20 hours at this rate, the IE user would save enough power to make a cup of tea, compared with Firefox and Chrome users. That Microsoft commissioned and published the report seems to indicate a certain desperation to Microsoft's IE marketing efforts."