[ news_security_news ]
IE Gets Some Security Changes
Chris Crum
Staff Writer
2005-10-26
 Security News RSS Feed
Microsoft is making some changes to the security of Internet Explorer with its upcoming version 7. These changes involve enhancing HTTPS connections.
The SSLv2 protocol will be disabled, while TSLv1 will be implemented by default according to Microsoft's IE program manager Eric Lawrence.
"Generally, IE users will not notice any difference in the user-experience due to this change; it's a silent improvement in security," wrote Lawrence on the IE blog. PC World reports:SSLv2 was the first public version of SSL, and suffers from several well-known weaknesses--for example, it doesn't provide any protection against man-in-the-middle attacks during the handshake, and uses the same cryptographic keys are used for message authentication and for encryption. These and other problems have been fixed in SSLv3, but the older version is still supported by most browsers and is in use on some systems.
IE 7 will introduce some changes to the user experience, including blocking navigation to sites with problematic security certificates. The problems include certificates issued to a hostname other than the current URL's hostname--for example, secure.example.com instead of www.example.com; the certificate issued by an untrusted root; and expired or revoked certificates. Aside from IE, Windows Vista is getting some changes. Advanced Encryption Standard (AES) security will be added to Vista as well as the default enabling of certificate revocation checking.
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
RSS
Archive
Contact Us
Advertise
