Category: Internet Explorer
A total of $442,000 paid in bounties to all contestants.
Well, it seems like no one was safe in this year’s Pwn2Own hacking competition as all 4 major web browsers have failed to protect the users.
The star of this contest however was Jung Hoon Lee (lokihardt) who has managed to reap $225,000 in rewards, breaking through Chrome’s security with a buffer overflow (which earned him $110,000) and then exploiting Microsoft’s Internet Explorer ($65,000 in rewards), followed by Apple’s Safari ($50,000 in rewards).
That should be enough to improve his life for good.
Now here’s something that should definitely concern you. According to the recent report, there is a way to reveal typed in passwords in the Internet Explorer 11 (on Windows Phone 8).
All you have to do is:
- Enable Cortana if not yet enabled
- Type the password
- Highlight the password (we’re talking about ******) and then hit the search button
- Congratulations, you are now seeing a supposedly hidden password
I swear we wrote this before.
If you’ve been following Project Spartan news then it should be a pretty common knowledge by now that Microsoft promised to include its new web browser in the “next” Windows 10 build (which was released yesterday). Unfortunately, it did not happen.
Now, it looks like the software giant is ready to make the very same promise again and hopefully deliver this time. While there is no ETA for the next build yet, yesterday’s Windows 10 Preview does include some changes in the new rendering engine, which Project Spartan will utilize.
February, 2015 Desktop Market Share: Google Chrome, Opera – Up; Internet Explorer, Firefox, Safari – Down
It’s time to do the desktop.
As Microsoft continues to work on Spartan, it’s predecessor is in a downtrend as last month Internet Explorer’s market share decreased again (by 0.8 point this time), down from 58.18% to 57.38%
Even though Spartan was not yet released for either Windows 10 or Windows 10 for Phones, it looks like the developer preview build of Internet Explorer includes one of the widely requested and missed features: ability to play live stream videos, at least on YouTube.
On a slightly negative note, the newly leaked pictures of yet unreleased Windows 10 for Phones (Build 10038.12518) still comes with the Internet Explorer rather than much anticipated Project Spartan.
In a newly published post, the IE Team has revealed the steps they took to modernize its rendering engine (aka split it from the original Trident).
That‘s why Spartan is said to be more compatible than IE has ever been, especially due to a new web approach. Instead of analyzing the top 9000 sites that are responsible for around 88% of all web traffic (like Microsoft did in the past), they actually got to the root cause of compatibility issues and looked for patterns of trillions of urls instead.
Recently, Microsoft has announced a couple new things, first of all, their Pointer Events model has now been accepted by W3C and became a recommended standard, which means that other browser vendors should be implementing it in the near future, hopefully.
In addition to that, there have been changes in the new rendering engine that is set to power Spartan. Due to the double tap issue (where a browser must pause for 300ms to see if there will be another one (assuming users want to zoom)), there comes a delay. While there are many workarounds (even for IE10), they are not ideal.
Apple tops the OS chart.
In the recently published study by GFI, which took a database of vulnerabilities that were published in 2014 and created a chart that makes sense, it looks like Microsoft‘s Internet Explorer still has a long way to go until it‘s no longer the most vulnerable web browser out there.
As you can see in the chart below, the top application by vulnerabilities reported in 2014 was indeed Internet Explorer (242), followed by Google Chrome (124) and Firefox (117).
If you have bought a Lenovo laptop this or last year and haven’t heard yet, one of the most successful PC makers has been caught installing adware on a number of machines with reports starting from mid-2014.
Basically, a software called Superfish is injecting third party ads on Google searches. Not only that, it also injects its own certificate, allowing to snoop on secure connections and decrypt them. Just take a look at this screenshot: