jump to navigation

Microsoft outlines IE 7 security plans December 12, 2005

Posted by peewitsol in Technical.
trackback

Microsoft is tightening up the way its Internet Explorer browser handles HTTPS for version 7, which is used to secure online transactions, in an attempt to give people more protection online.
In a posting on the Microsoft Internet Explorer blog, IE program manager Eric Lawrence said that IE 7 would support the Transport Layer Security (TLS) protocol by default.
Existing versions of IE automatically use the SSL 2.0 protocol, which is weaker than TLS, to encrypt user data, although it is possible to manually switch to TLS.

Microsoft’s decision to ditch support for SSL 2.0 means that any site that still requires this protocol should upgrade, but Lawrence claimed there are “only a handful” of such sites.
Lawrence also explained how IE 7 will behave differently from earlier versions when it encounters potential security problems.

“Whenever IE6 encountered a problem with a HTTPS-delivered Web page, the user was informed via a modal dialog box and was asked to make a security decision. IE 7 follows the XPSP2 ‘secure by default’ paradigm by defaulting to the secure behavior,” said Lawrence.

IE 7 will not give users the option of seeing both secure and insecure items within an HTTPS page. With IE6, this option appears when the browser encounters an HTTPS page that includes some HTTP content. But in IE 7, only the secure content will be rendered by default, forcing the user to choose to access the rest via the information bar.

“This is an important change because very few users (or web developers) fully understand the security risks of rendering HTTP-delivered content within a HTTPS page,” Lawrence claimed.

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: