Showing posts sorted by relevance for query IE10. Sort by date Show all posts
Showing posts sorted by relevance for query IE10. Sort by date Show all posts

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)

Posted by Avik Sarkar On 9/11/2012 12:06:00 am

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)


Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at  Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer previewdeveloper preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. 
"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

-Source (Computer World)









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Everyday the users of Microsoft newly launched and so far most advanced windows operating system, I mean Windows 8 are increasing. But we have to keep in mind the security threats are also increasing in parallel. Recently well known French IT security firm Vupen, also known as controversial bug hunters and exploit sellers claimed to have Zero-day exploit of Windows 8. Experts at Vupen Security took credit of cracking the low-level security enhancements featured in Windows 8, Microsoft's latest operating system. According a tweet made by the official account of Vupen Security said it already has a Windows 8 exploit on offer. "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" 
Apparently, the exploit combines several unpatched (0-day) security holes in the new version of Windows and the bundled Internet Explorer 10 browser to inject malicious code into systems via specially crafted web pages. Also VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled. “We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Bekrar wrote. 

The exploit allegedly bypasses all of Windows 8's malware protection features: for example the Address Space Layout Randomization (ASLR) function that Microsoft has extended in the current edition of Windows to cover more system areas and offer improved randomisation. Vupen claims that the exploit also bypasses the Data Execution Prevention (DEP) and ROP features as well as Internet Explorer's sandbox-like Protected Mode. A patch for the exploited holes may not become available in the foreseeable future: Vupen said that it discovered the vulnerabilities itself and doesn't plan to disclose them to Microsoft. The company is only offering its exploit to its paying customers, among them government investigation authorities. Should Microsoft close the holes, the elaborate exploit would significantly decrease in value.



-Source (The-H & threatpost)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Explorer 10 Platform Preview 4 Is Now Available

Posted by Avik Sarkar On 12/02/2011 11:56:00 pm


An updated platform preview of IE10 for the Windows Developer Preview is now available for download. This IE10 preview adds even more support for HTML5 technologies, enabling richer Web applications with significantly improved performance. IE10’s hardware acceleration of technologies like SVG, CSS3 transforms and animations delivers faster rendering than other browsers. 
The browser will not only power app-like websites, but will also power Windows 8's Metro-style apps, which resemble those running on the company's mobile platform, Windows Phone.
The company has also published test drive demos for several of the new HTML5 features implemented, listed by the blog post as follows:
  • Cross-Origin Resource Sharing (CORS) for safe use of XMLHttpRequest across domains.
  • File API Writer support for blobBuilder allowing manipulation of large binary objects in script in the browser.
  • Support for JavaScript typed arrays for efficient storage and manipulation of typed data.
  • CSS user-select property to control how end-users select elements in a Web page or application.
  • Support for HTML5 video text captioning, including time-code, placement, and captioning file formats.
Click Here to know more details form IE 10 official Blog. 
&
To Download Internet Explorer 10 Platform Preview 4 Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned

Posted by Avik Sarkar On 3/11/2013 02:55:00 am

Pwn2Own 2013 Result: Chrome, Firefox, IE, Adobe Reader, Flash & Java Owned Only Safari Survived 

Couple of months ago we have talked about 'Pwn2Own 2013' hacking contest sponsored by HP TippingPoint, ZDI and Google where the most famous and widely used browsers have to face challenges. Now the result of this long awaited security competition has came which is showing that the entire browser security landscape can change in a single day, as browsers thought to be secure are proven to be otherwise. Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers where Chrome, Internet Explorer 10 and Firefox all fell to the mercy of the hackers. Not only browsers but also three other popular applications that is Adobe Reader, Flash Player and yet again Java fallen victim to hackers at 'Pwn2Own'. And for Java it was a true disaster as Java fell three times, though under the contest rules, only the first attacker was due to win the $20,000 prize. Vupen, a renowned security research firm based in France, cracked both Firefox and Internet Explorer. It roughly explained the attack in a tweet, “We’ve pwned Firefox using a use-after-free and a brand new technique to bypass ASLR/DEP on Win7 without the need of any ROP.” This bug hint leads them winning $100,000 for finding a huge hole. Again in a tweet, Security firm Vupen explained “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass.” Lastly, U.K.-based security firm MWR Labs cracked Chrome and also gained full control of the operating system, this time Windows 7. It also “demonstrated a full sandbox bypass exploit.” The company explained in a blog post that it found a zero-day in Chrome “running on a modern Windows-based laptop.” It was able to exploit the vulnerability by performing a very similar attack to what took down Facebook, Microsoft, and a number of other well-known companies: It had the laptop visit a malicious website. 

Now lets take look at the final score board of Pwn2Own 2013:

Wednesday:
1:30 - Java (James Forshaw) PWNED
2:30 - Java (Joshua Drake) PWNED
3:30 - IE 10 (VUPEN Security) PWNED
4:30 - Chrome (Nils & Jon) PWNED
5:30 - Firefox (VUPEN Security) PWNED
5:31 - Java (VUPEN Security) PWNED

Thursday:
12pm - Flash (VUPEN Security) PWNED
1pm - Adobe Reader (George Hotz) PWNED
2pm - Java (Ben Murphy via proxy) PWNED


The total damage to the prize fund comes out at a whopping $480k. With HP's announcement that everyone will get paid for each attack, the prize monies will be divvied up as follows:-

  1. James Forshaw: Java = $20K
  2. Joshua Drake: Java = $20k
  3. VUPEN Security: IE10 + Firefox + Java + Flash = $250k
  4. Nils & Jon: Chrome = $100k
  5. George Hotz: Adobe Reader = $70k
  6. Ben Murphy: Java = $20k
As you all know that the main motive of these contest is to make applications, software more safe and secure while figuring out hidden vulnerabilities  Here also for Pwn2Own the security holes figured out by the above experts have already been submitted and taken carefully by those organization  along with that, the expected patch for the browsers have already been released. Those who are still using the older version of those above applications are requested to update their system. So, stay tuned with VOGH and be safe on the Internet. 


 -Source (HP, Naked Security) 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Internet Explorer 10 Will Support Do Not Track (DNT) By Default in Windows 8

Posted by Avik Sarkar On 6/11/2012 05:08:00 am

Internet Explorer 10 Will Support Do Not Track (DNT) By Default in Windows 8

Browser war continues and as a result here come another twist, that is in its recent Windows 8, I mean on Release Preview software giant Microsoft has announced that Internet Explorer 10 will have “Do Not Track” (DNT) on by default. IE 10 will be the first web browser with a Do Not Track feature that's on by default. In their official blog release MS said Consumers can change this setting, but the default will be to send the DNT signal to websites that consumers visit. 
According to Microsoft's Chief Privacy Officer Brendon Lynch - "We've made today’s decision because we believe in putting people first. We believe that consumers should have more control over how information about their online behavior is tracked, shared and used. Consumers should be empowered to make an informed choice and, for these reasons, we believe that for IE10 in Windows 8, a privacy-by-default state for online behavioral advertising is the right approach..." Later he added "We are engaged with the W3C, as we are with many international standards bodies. While we respect the W3C's perspective, we believe that a standard should support a privacy by default choice for consumers"
The company also pointed to minutes from the W3C group working on the draft specs, in which the group's co-chairwoman said: "It will be quite a while before we have a final recommendation with which to comply or not. 
"Do Not Track" is a tool that allows browser users to restrict advertisers from collecting information about their online Web activities. It has the backing of the U.S. Federal Trade Commission. Browsers with "Do Not Track" turned on don't block cookies but send a message to advertisers that the user does not want to be tracked. Companies voluntarily decide whether to comply with "Do Not Track," much as they currently decide whether to comply with the "Do Not Call" registry. Microsoft's announcement that it would turn on "Do Not Track" by default in IE10 angered advertisers. "The Digital Advertising Alliance, a coalition that counts Microsoft as a member, said that the decision ran counter to the industry's agreement with the White House announced earlier this year to honor 'do not track' as long as it is not a default setting," many international standards bodies.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Fiddler v2.3.3.3!

Posted by Avik Sarkar On 5/08/2011 05:14:00 pm


Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language. Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera and thousands more.


  • Add !dns [hostname] and !nslookup [hostname] to list DNS info to Log tab
  • Add !listen PORT [CERTHOSTNAME] to QuickExec
  • Add audio/video/font/silverlight/flash/HTTP-POST Session icons
  • Revamp a few toolbar icons
  • Enable +/- latency adjustments using AutoResponder
  • Add fiddler.ui.inspectors.request.alwaysuse and fiddler.ui.inspectors.response.alwaysuse preferences
  • Changed “Remove Un-Marked” to ignore breakpointed sessions
  • Added fiddler.ui.CtrlX.KeepMarked and fiddler.ui.CtrlX.PromptIfMoreThan # (to replace CONFIG.iPromptBeforeClearAll)
  • Add Screenshot toolbar command, including delay option
  • Delay-Create FiddlerScript file behind pref “fiddler.script.delaycreate” defaults to true
  • Add IE10 User-Agent to default rules
  • Add AlwaysFresh option to Performance menu
  • Add fiddler.requestbuilder.followredirects.max preference
  • Add actInvertSelectedSessions() with hotkey of CTRL+I
  • about:network is now a synonym for about:connectoids
  • Add support for SELECT @REQUEST.HEADER VALUE, use * to test for existence or “*” to match on a literal star.
  • Various bugfixes
Download Fiddler v2.3.3.3 (Fiddler2Setup.exe) here.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Web Browser Grand Prix 5

Posted by Avik Sarkar On 7/07/2011 06:20:00 pm

 
Three major released have landed since our last impromptu Web Browser Grand Prix (WBGP4): Chrome 12, Firefox 5, and Opera 11.50. Can Chrome or Opera regain the WBGP championship? Will Mozilla Firefox ever overtake Microsoft's IE9 in the rankings?
If it seems like it was only weeks ago when we were compelled to test the then-new Mozilla Firefox 4 against the reigning Web Browser Grand Prix champion Microsoft Internet Explorer 9 in Web Browser Grand Prix 4: Firefox 4 Goes Final, that's because it was only a few weeks ago.
In an attempt to curb the siphoning of its user base to Google, Mozilla decided to keep pace with the frenetic development cycle of Chrome. Firefox 5 is now a reality. But will Mozilla also keep up with innovation like Google? Furthermore, will a higher integer finally allow Mozilla to overtake arch-rival Microsoft in our performance metrics? Can former speed-kings Chrome and Opera reclaim the dual domination of our WBGP crown, as they did in 2010?
We've tightened up our suite of benchmarks for this article, cutting the fat that was Google's V8 JavaScript Benchmark and the redundant two-pixel variant of the GUIMark2 HTML5 Vector Charting test. We also fleshed it out by adding Facebook's JSGameBench, as well as battery life and reliability testing. But before we get to the benchmarks, let's get caught up on the latest developments in the continuing browser wars.
Opinions:-

The release of Firefox 5 was met with harsh criticism for its apparent lack of anything new. It has been said that Firefox 5 should have been called Firefox 4.1 or 4.2. Or even 4.02.
There is also a growing concern over whether the new rapid release schedule jives with IT departments. Firefox became a viable choice for many companies during the version 2 and 3 days. Mozilla also offers the preferred development platform for most Web designers. Basically, Firefox gained the reputation of being the most stable choice. By mimicking Chrome's development cycle, Mozilla may have shot itself in the foot.
Smack Talk:-

Microsoft took a shot right across the bow of Google and Mozilla by announcing that WebGL is “harmful,” and that IE10 would not be utilizing the specification. Several experts came out in support of Microsoft's assertion, though it should be noted that Redmond may have a dog in this fight with DirectX.

Attacking Mozilla even further, the Internet Explorer development team sent the Firefox development team a cupcake to celebrate the release of Firefox 5. Mozilla also received cakes from Microsoft for the release of Firefox 3 and 4. Full cakes. Obviously, this is in response to the criticism that Firefox 5 is nothing more than a minor update to Firefox 4. The included note read: "Congratulations on shipping! Love, The IE Team". "Congratulations on shipping" might have been in reference to the frequent delays that plagued Firefox 4, which was eventually made available more than six months late. Now that's a classy way to rag on somebody. Not missing a single opportunity to slam its competition, Microsoft also capitalized on the other major criticism of Firefox 5 when an IE developer boasted Microsoft's commitment to IT.
Mozilla shot back with a blog post addressing the IT issue, although in a very non-concrete way:

"We are exploring solutions that balance these needs..."

Not to be outdone, an Opera employee also had this to say in regard to rapid release schedule:

“Despite the version number (11.50), we've packed a lot of new features into it. While other browsers rush to release whole new version numbers with small tweaks, I think we've kept traditional versioning, while simply releasing a little faster.”Obviously, this comes at an unfortunate time for Mozilla, but one cannot help but wonder if this comment was meant for Google. Opera and Google have gotten into it pretty heavily in the past, and, for a time (before IE9), Chrome and Opera swapped places on a semi-monthly basis in the performance charts.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Unveils Windows Phone 8 Codenamed “Apollo”

Posted by Avik Sarkar On 6/22/2012 01:19:00 am

Microsoft Unveils Windows Phone 8 Codenamed “Apollo”

Few days ago in a report we have said that Microsoft is expected to launch it's own tablet (Microsoft Surface) while aiming to compete with iPad. Redmond based software and hardware giant just unveiled the next big step in its mobile software, Windows Phone 8 codenamed “Apollo” Windows Phone 8 brings the platform in line with other mobile OSes by adding support for muti-core processors, higher screen resolutions and newer wireless technologies like near field communication (NFC). Importantly, Microsoft has re-coded Windows Phone from the ground up for the new version. Previous versions of Windows Phone were based on Microsoft’s old mobile OS, Windows CE, but now the platform will share the same source code as the company’s coming desktop OS, Windows 8. That has big consequences for developers and consumers. For developers, it will be extremely easy to create a Windows Phone app if they already have a Windows 8 app that runs in the Metro environment (and vice versa). For consumers, it means more apps and better hardware to run them. It also has the effect of rendering every current Windows Phone obsolete, since those phones won’t be able to run the new software. They will, however, get an upgrade to Windows Phone 7 to 8. Windows Phone 8 adds support for many new hardware features. The most anticipated is support for multi-core devices, which have become common on both Android and iOS platforms. There’s also support for better screen resolutions, including 720p and 1,280 x 768 (WXGA). That’s not quite retina, but it’s better than the 800 x 480 screen of the Nokia Lumia 900, one of the current leading Windows Phones.

New Features At a Glance :-
  • Support for multi-core processors. Existing support for single core has been a major concern for some high-end users wanting faster processing ability.
  • Two new high-definition screen resolutions for the coming OS. They are 1280 x 768 and 1280 x 720.
  • Removeable micro-SD support for the first time to allow expansion of base storage.
  • A busier start screen with room for more live tiles than in Windows Phone 7.5. Today's Windows Phones have room for up to eight live tiles and WP8 will have room for up to 32 live tiles, which can be sized differently.
  • IT support. Adminstrators will see some gaps in the existing OS filled, including support for encryption and secure boot in WP8, as well as the ability to allow IT to deploy apps without going through Windows Marketplace.
  • Built-in Nokia Navteq map technology, with turn-by-turn driving instructions in many countries.
  • Full Internet Explorer 10 support with more features of HTML 5 added. Belfiore said that Windows Phone 8 with IE10 will download Web pages slightly faster than three other popular smartphones on the market.
  • Native code support, a feature seen as useful to developers eager to move their apps from iOS or Android to Windows Phone. 


-Source (Mshable & CW)




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Added Do Not Track (DNT) Facility in Chrome (User Privacy Implemented)

Posted by Avik Sarkar On 9/15/2012 03:48:00 pm

Google Added Do Not Track (DNT) Facility in Chrome Web-Browser (User Privacy Implemented)

Few months ago Microsoft made Do Not Track (DNT) facility available by default in Internet Explorer 10. So here comes the turn for Chrome. In February internet giant Google has agreed with the White House's Consumer Privacy Bill and here comes the result. Google has implemented the Do Not Track (DNT) header in its Chrome web browser, while promising to respect DNT headers set by visitors to its web site. 

First it was Mozilla who proposed the Do Not Track mechanism, later it has been garnered support from all major browser makers and a majority of the technology industry. 
Users who want to take advantage of the new DNT capabilities in Chrome will have to install the latest "bleeding edge" developer build in the form of the Chrome Canary branch. However, this version is not recommended for use in production environments. Users who are running a stable version of the browser will have to wait some months for the feature to arrive in the mainstream version.
"Do Not Track" is a tool that allows browser users to restrict advertisers from collecting information about their online Web activities. It has the backing of the U.S. Federal Trade Commission. Browsers with "Do Not Track" turned on don't block cookies but send a message to advertisers that the user does not want to be tracked. Companies voluntarily decide whether to comply with "Do Not Track," much as they currently decide whether to comply with the "Do Not Call" registry. Microsoft's announcement that it would turn on "Do Not Track" by default in IE10 angered advertisers. "The Digital Advertising Alliance, a coalition that counts Microsoft as a member, said that the decision ran counter to the industry's agreement with the White House announced earlier this year to honor 'do not track' as long as it is not a default setting," many international standards bodies.


-Source (The-H)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search