Feeds

MS adopts stronger encryption for IE7

Code maker

Remote control for virtualized desktops

Microsoft plans to adopt a stronger cryptography protocol in the next version of its web browser software, Internet Explorer 7. IE7 will replace the SSLv2 (Secure Socket Layer) protocol with the sturdier TLSv1 (Transport Layer Security) protocol in default HTTPS protocol settings as a means to provide improved security for ecommerce transactions, according to a posting in Redmond's official IE development blog.

Users of IE6 can manually configure these stronger settings but the changes will mean that more users will be directed towards using the stronger SSLv3 or TLSv1 protocols rather than SSLv2. The change should be seamless for end users but adoption of the stronger encryption protocol by a wider percentage of surfers could create some work for sys admins.

Microsoft reckons that only a "handful of sites" left on the internet require SSLv2. "Adding support for SSLv3 or TLSv1 to a website is generally a simple configuration change," said Eric Lawrence, an IE program manager.

As part of Microsoft's "secure by default" design philosophy, IE7 will block encrypted web sessions to sites with problematic (untrusted, revoked or expired) digital certificates. Users will receive a warning when they visit potentially insecure sites, which users can choose to ignore, except where certificates are revoked. "If the user clicks through a certificate error page, the address bar will flood-fill with red to serve as a persistent notification of the problem," Lawrence explained.

The Beta 2 version of IE7 also changes the way non secure content is rendered in a secure web page. IE7 renders only the secure content by default but it offers surfers the chance to unblock the nonsecure content on a secure page using the Information Bar.

In the same posting, Microsoft also revealed that the new Windows Vista platform will offer several crypto improvements beyond what's offered by IE7. These include support for AES (Advanced Encryption Standard), a strong algorithm recently adopted as a US government standard for electronic security, which offers support for up to 256 bits encryption. Windows Vista will also enables certificate revocation checking by default. ®

Remote control for virtualized desktops

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.