[ Technology Blogs Articles News Reviews ]

 
Google
www Technoclicks.com
Post Tech Blog Article News Reviews

Top Articles

Microsoft Beefs Up IE 7 Security

Posted by iNext - 2005-10-26

Microsoft will dump SSL 2.0 encryption in the upcoming Internet Explorer 7 for a stronger security protocol, TLS 1.0, the IE 7 development team has revealed.

The default settings for the HTTPS protocol in IE 7 will be for TLS (Transport Layer Security) 1.0. In the current Internet Explorer, TLS must be enabled by the user, via the Tools/Internet Options/Advanced menu.

IE 7 will also block access to Web sites that offer up a problematical digital certificate. If a certificate's been issued to a host name other than the URL's actual hostname, or the certificate was issued by an untrusted root domain, IE 7 will put up a message that explains the problem. If the user chooses to proceed, IE 7 will tint the address bar red as an additional warning.

Additionally, said IE program manager Eric Lawrence in the group's official blog, the Windows Vista version of IE 7 -- the browser will come in two editions, one for Vista, the other for the current Windows XP SP2 operating system -- will include new encryption algorithms, such as AES (Advanced Encryption Standard).

"Generally, IE users will not notice any difference in the user-experience due to this change; it’s a silent improvement in security," explained Lawrence.

Web site owners, he said, will have to make only a simple change, if that. "Our research indicates that there are only a handful of sites left on the Internet that require SSLv2," he said. "Adding support for SSLv3 or TLSv1 to a website is generally a simple configuration change."

SSL 2.0, the protocol IE's abandoning, has been used by attackers to breach and compromise systems. In April 2004, Microsoft revealed a vulnerability in Windows servers involving SSL 2.0. And earlier this month, OpenSSL disclosed a vulnerability that could force users' machines to negotiate with servers with the more-vulnerable SSL 2.0.



Related Category :

Security ||

Next ....: VoIP Darling Skype Divulges Flaws In All Clients

:: Previous Articles
:: iDefense Pays Out $39,000 In Bug Bounties
:: Security Group Takes First Major Step Against VoIP Dangers
:: Fortinet To Launch 'Trend Free' Antivirus Technology

Recent Articles

 


 

Home | | Members | Search | Upadtes | RSS | Tags | Site Map | Tags | Conact

© Technoclicks.com - All rights reserved.