Weblog.BassQ.nl

Microsoft has issued a statement confirming that it plans to release a patch for a security vulnerability in Internet Explorer which saw Google fall victim to some targeted and sophisticated attacks recently.

George Stathakopoulos, Microsoft Security, confirmed the news in a company blog posting. “Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability” said Stathakopoulos. He also added that Microsoft will share specific timing of the release tomorrow.

The vulnerability was unveiled when Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Due to the attack, and the background behind it, Google announced it will no longer be providing censored results for its Chinese Google search engine. Currently Google offers censored search results as part of an agreement with the Chinese government.

Since the news of the un-patched flaw broke, Microsoft has been on damage limitation. This week Microsoft began urging businesses and consumers to upgrade to Internet Explorer 8, explaining that the security benefits are far greater than that of Internet Explorer 6. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. Currently the flaw exists in Internet Explorer versions 6, 7 and 8 but exploit code is only available for Internet Explorer 6. The patch, when released, will protect all affected versions of Internet Explorer.

Should you stop using Internet Explorer?

Microsoft has had a torrid time over the past week as governments and customers question the security of the popular web browser, Internet Explorer.

The issues began when Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Due to the attack, and the background behind it, Google announced it will no longer be providing censored results for its Chinese Google search engine. Currently Google offers censored search results as part of an agreement with the Chinese government.

The news created waves across the world and last week Microsoft admitted that an un-patched Internet Explorer 6 vulnerability was one of the vectors used in the targeted attacks against Google. To many the news wasn’t surprising. Internet Explorer 6, released in August 2001, is over eight years old. It has been subject to a number of high profile vulnerabilities over the years. The alternatives that exist in the marketplace today are not only much more improved in terms of features and standards support, but crucially, offer a greater safety net for online browsing. If you’re still using Internet Explorer 6 then quite frankly, you’re mad.

Ed Bott wrote, shortly after the admission by Microsoft, that any IT pro allowing IE6 use in a corporate setting is “guilty of malpractice” and I couldn’t agree more. However, unfortunately in a corporate setting it’s not always as easy as hitting an upgrade button. Most corporate infrastructure is based on a global directory, email and intranet websites as the core ways of communication between employees. Updating and maintaining internal only (intranet) websites is always a challenge for corporations as many will have been left untouched for years with code specific to aged Internet Explorer versions. Websites is only the beginning; there are also custom applications and systems that utilize Internet Explorer that could be incompatible with Microsoft’s latest versions.

This week Microsoft began urging businesses and consumers to upgrade to Internet Explorer 8, explaining that the security benefits are far greater than that of Internet Explorer 6. However, for corporations and web designers there’s a continued reminder that for many years Microsoft ignored emerging and defined web standards in Internet Explorer, especially in version 6. Developers originally griped about the lack of standards support for Cascading Style Sheets (CSS) after the introduction of Internet Explorer 6 in 2001. At the time the software giant dominated the browser marketplace and many would argue its actions slowed down web development. Flash forward to 2010 and it’s a whole different ball game. Microsoft’s market share is slowly ebbing away thanks to competitive and promising offerings from both Mozilla and Google. Microsoft improved its web standards support in Internet Explorer 7 and 8 and now it plans to extend that with 9, due later this year. But is it too little too late?

The question of whether to stop using Internet Explorer is one that many businesses and consumers are likely asking this week. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. Currently the flaw exists in Internet Explorer versions 6, 7 and 8 but exploit code is only available for Internet Explorer 6. The reason IE 7 and 8 are both unaffected for now is due to the increased security of the software. Internet Explorer 7 introduced a phishing filter, protected mode to run the browser in a sandbox at low level security rights (vista only) and improved management of ActiveX controls. Microsoft improved security in IE8 by running the browser frame and tabs in separate processes and per-site ActiveX controls. Both IE 7 and 8 also include support for Data Execution Prevention (DEP) that prevents buffer overflow attacks.

So do these attacks mean you should stop using Internet Explorer? Simply put, no. Although it’s true that a vulnerability exists, Microsoft is currently working on a patch to resolve this as soon as possible. If you’re still running Internet Explorer 6 then it’s definitely time to upgrade. Neowin spoke to Cliff Evans, head of security and privacy for Microsoft in the UK yesterday. Evans urged consumers and businesses to “look at this vulnerability in a broader context and think about what the risk is.” He argued that although the vulnerability exists, it’s highly unlikely that the average business or consumer would be targeted by the type of attack Google experienced. Evans insisted that “normal organisations have little to fear” over the recent attacks and that Microsoft recommends all businesses and consumers upgrade to Internet Explorer 8, especially if they are currently using 6. I questioned Evans over corporations who may be stuck on Internet Explorer 6 for compatibility reasons but he urged them to look at their upgrade plans again. According to data from Net Applications (December 09), as a percentage of Internet Explorer use, IE6 maintains 36.57% and IE8 36.27%. Internet Explorer 7 lags behind with 27.11%. With Internet Explorer 6 still the most popular of all Internet Explorer variants, Microsoft is going to have a tough time convincing people to upgrade. Evans would not commit to a release date for the fix but said it was more likely that it would be distributed as an out of band patch shortly or as part of Microsoft’s monthly “patch Tuesday” which is due on February 9.

Source: http://www.neowin.net/

Perhaps you are a Web Developer or a Web Hoster who on the one hand likes PHP. But on the other hand you like Windows. It’s OK. It’s not a contradiction. Now you can run your PHP applications even better on Windows. It’s also OK to tell your Linux friends what they are missing.

Today, Microsoft is announcing the Windows Cache Extension for PHP Beta – a PHP accelerator that is used to increase the speed of PHP applications running on Windows and Windows Server. Once the Windows Cache Extension for PHP is enabled and loaded by the PHP engine, PHP applications can take advantage of the functionality without any code modifications. How sweet is that?

If you run PHP on Windows, check it out. If you run PHP on Linux and want an alternative, check it out. If you want to increase PHP application performance on Windows by caching PHP bytecode in memory, check it out. If you want to reduce file system I/O overhead by caching the PHP scripts in memory, check it out. If you want to avoid redundant mapping for absolute paths by using relative file path cache, check it out.

Windows Cache Extension for PHP Beta can be installed with the Microsoft Web Platform Installer 2.0 RC and works with IIS 7.5, 7.0, 6.0, and 5.1. Find more information on Using Windows Cache Extension for PHP. Also, be sure to check out other official IIS Extensions from Microsoft.

Download Here; http://www.iis.net/extensions/WinCacheForPHP

Internet Explorer Collection 1.2.0.0 is released.

Internet Explorer Collection contains multiple IE versions, which are standalone so they can be used at the same time.

Internet Explorer Collection can now also be used in new Windows versions like Windows 7 and is compatible with the latest updates and Service Packs too.

Conditional Comments work exactly the same as in the native versions. The original version number is shown in the User Agent string. The version number can be found in the window title too.

Because Internet Explorer Collection is populair amongst web developers, it also includes the Internet Explorer Developer Toolbar. This Explorer Bar provides a variety of tools which make troubleshooting websites easier. The Internet Explorer Developer Toolbar is compatible with Internet Explorer 5.0 and higher when using Windows 2000 or higher.

Internet Explorer Collection contains the following versions of IE:
- Internet Explorer 1.0 (4.40.308)
- Internet Explorer 1.5 (0.1.0.10)
- Internet Explorer 2.01 (2.01.046)
- Internet Explorer 3.0 (3.0.1152)
- Internet Explorer 4.01 (4.72.3110.0)
- Internet Explorer 5.01 (5.00.3314.2100)
- Internet Explorer 5.5 (5.51.4807.2300)
- Internet Explorer 6.0 (6.00.2800.1106)
- Internet Explorer 6.0 (6.00.2900.2180)
- Internet Explorer 7.0 (7.00.5730.13)
- Internet Explorer 8.0 (8.00.6001.18372)

More information: http://finalbuilds.edskes.net/iecollection.htm

Download: Internet Explorer Collection 1.2.0.0 (54.5 MB, 57.154.852 bytes)
MD5 Hash: 968b2c1752abea2bc18f245172f3990b
- mirror.edskes.net
- mirror1.edskes.com
- mirror2.edskes.com

[ad#post]

Microsoft has made Internet Explorer 8 Beta 1 available for public download. Internet Explorer 8 beta 1 features improvements over Internet Explorer 7 which makes it a worthy update to install.

Download: IE8 Beta 1

The browser that helped kick-start the commercial web is to cease development because of lack of users. Netscape Navigator, now owned by AOL, will no longer be supported after 1 February 2008, the company has said. In the mid-1990s the browser was used by more than 90% of the web population, but numbers have slipped to just 0.6%. In particular, the browser has faced competition from Microsoft Internet Explorer (IE), which is now used by nearly 80% of all web users. “While internal groups within AOL have invested a great deal of time and energy in attempting to revive Netscape Navigator, these efforts have not been successful in gaining market share from Microsoft’s Internet Explorer,” said Tom Drapeau on the company’s blog.

This is a preview of the update that will be available in April 2008.

If you don’t recall, in April 2006, we made a change to how Internet Explorer handled embedded controls used on some webpages. Some sites required users to “click to activate” before they could interact with the control. Microsoft has now licensed the technologies from Eolas Technologies inc, removing the “click to activate” requirement in Internet Explorer.

Info and download: KB945007