Web Design Ireland

I was having a read around the web on the latest Internet Explorer incarnation to hit the shelves soon - Internet Explorer 8.

It still amazes me that Microsoft are adding software to their browser which are supposed to give extra features, trying to encourage developers to implement these features and thus encourage browser lock in. I really thought that lessons had been learned from all of that malarchy. ActiveX etc and the security holes that ensued.

Andy Lianto writes in his Communication Technology blog that IE will always be full of security holes no matter which version it is, so its no surprise to see some babblings in the blogosphere.

So now we have a scenario with binary code being able to be embedded directly into a webpage. Hooray! Does this not sound like a gift from the gods for malware? yes so the binary data Microsoft intends to use is images, but no doubt someone will find a way to trick the browser into executing system code from this interface.

From the MS site..

Data URIs offer web developers the opportunity to embed small external resources (like CSS files or images) directly into a URL on a webpage:
…The primary use case for data URIs is the encapsulation of a binary file inside an URL ..

The security guys over at Websense, seem to think that there will be problems with XSS (cross site scripting) as well, with the new introduction of XDomainRequest..I think the same.

Yeah, we need those features like a (security) hole in the head. Be afraid be very afraid…