Internet Explorer

(get it in RSS or Atom)

Microsoft to pay first bug bounty for Internet Explorer hole

Microsoft to pay first bug bounty for IE hole

So far, so good with the new program, says Microsoft security expert Katie Moussouris. They're getting more bugs earlier and hearing from researchers who've never rung them before.

July 2013 Patch Tuesday - Windows, IE, Flash, Shockwave and ColdFusion

Patch Tuesday

Microsoft fixed 34 vulnerabilities in products ranging from Windows, Internet Explorer and .NET to Lync, Visual Studio and Silverlight. Not to be left behind, Adobe launched fixes for Flash, Shockwave and Cold Fusion. Settle into your air-conditioned server rooms and start testing!

SSCC 112 - Keyjacking, Facebook and Opera breaches, Apple's WPA passwords [PODCAST]


Here you are! Episode #112 of the Sophos Security Chet Chat podcast.

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular quarter-hour programme.

Anatomy of a browser trick - you've heard of "clickjacking", now meet "keyjacking"...


An Italian security researcher has rediscovered a trick known as "user interface redressing" and used it to detail some potentially risky behaviour in IE 8.

Paul Ducklin takes a look to see just how dangerous keyjacking can be...

Microsoft ready to cough up (potentially big!) bounty bucks for bugs

Microsoft ready to cough up (potentially big!) bounty bucks for bugs

If you're good at finding exploits and know your way around a whitepaper, you could be looking at a $150,000 bonus.

Patch Tuesday June 2013 - Office, Windows and Flash

Patch Tuesday

Right on time, Microsoft and Adobe released fixes today for Windows, Internet Explorer, Microsoft Office 2003 and 2011 and Adobe Flash Player. Time to dance that familiar dance and get those updates installed.

Google's certificate announcement contains a hidden surprise for Windows XP users

Google's certificate announcement contains a hidden surprise for Windows XP users

Are you an IT administrator still caring for Windows XP computers that are running Internet Explorer?

Google's latest announcement brings another good reason to upgrade your systems or switch to an alternative browser.

Monday review - the hot 24 stories of the week

Monday review

In case you missed any recent stories, here's everything we wrote in the last seven days.

May Patch Tuesday critical for users of Internet Explorer and web-based services

Patch Tuesday

Microsoft has just released its monthly updates for May 2013. The zero-day IE flaw used on the Dept of Labor website was fixed, as well as an IE 10 hole used at PWN2OWN.

Critical fixes for Adobe Reader, Flash Player and ColdFusion also hit the streets today.

Microsoft rushes out CVE-2013-1347 "Fix it" for the latest Internet Explorer zero-day


The recent and widely reported US Dept of Labor website hack turned out to be a zero-day exploit against IE.

Good news! Microsoft just published an emergency "Fix it" patch against the vulnerability...

Microsoft fixes 9 flaws, Adobe 3 in April's Tuesday update

Patch Tuesday

As expected Microsoft released seven important and two critical fixes for Windows, Internet Explorer and other Microsoft products. Adobe followed suite releasing fixes for ColdFusion, Flash and Shockwave. Patch now!

Monday review - the hot 17 stories of the week

Monday review - the hot stories of the week

Catch up with everything we've written in the last seven days - it's weekly roundup time.

Microsoft to issue 9 security updates on Tuesday, critical for all IE versions, reboot required

Microsoft has issued its usual advance notification for the coming week's Patch Tuesday.

If you use Windows you're probably affected, and you'll probably need to reboot all your PCs and most of your servers...

SSCC 105 - HP printers, Google blocks ad blockers, Apple does the 2-step, and more...


Have you joined thousands of others, and become a loyal listener to the "Chet Chat" yet?

Here's the latest Naked Security podcast, Sophos Security Chet Chat 105, discussing a range of recent and newsworthy topics from the world of computer security.

Microsoft to patch security vulnerabilities on Tuesday - including some rated as "critical"

Microsoft to patch security vulnerabilities on Tuesday - including some classed as "critical"

Patch Tuesday is bringing seven security fixes, with Microsoft deeming four of them "drop-everything-and-fix-this-now" critical in Windows, IE, Silverlight, Office and Microsoft Server.

Helping users make better security decisions by design

Helping users make better security decisions by design

When we think of secure programs we think about things like buffer overflows, null pointer dereferences and other technical jargon. Adam Shostack of Microsoft explained the importance of designing usable interfaces to help users make smart security decisions at last week's BSides conference in Vancouver Canada.

Firefox and Chrome patched ALREADY after Pwn2own - now the pressure is on for IE and Microsoft!


Mozilla and Google have already pushed out patches to stop the exploits that got past their browsers at this year's PWN2OWN competition!

That certainly throws down the gauntlet to Microsoft, whose Internet Explorer 10 browser was also successfully breached in the competition.

PWN2OWN results Day Two - Adobe Reader and Flash owned, Java felled yet again

PWN2OWN 2013 finished off today.

A second scheduled attack on IE 10 didn't happen, so IE 10 didn't get owned again, but Flash and Reader fell once each, and Java was exploited for the fourth time in two days...

PWN2OWN results Day One - Java, Chrome, IE 10 and Firefox owned

Of the Big Four browsers, only Apple's Safari has so far survived the onslaught of the browser-breakers at PWN2OWN 2013.

Java fell three times today; Adobe's Flash and Reader meet their attackers tomorrow...

Browser choice - How a "technical error" cost Microsoft over $700 million

"Technical error" costs Microsoft €561 million after Europeans not given choice of alternative browsers

"OK, Microsoft... no more Mr. Nice Guy," the European Commission said to the company that just can't seem to figure out how to give PC users a browser choice.