NewsBot

<img alt="" height="1" width="1"> Sun updates xVM virtualization software InfoWorld, CA - 1 hour ago XVM VirtualBox 2.0 comes with improved performance and platform support, adding support for 64-bit versions of Windows Vista and Red Hat Enterprise Linux. ... More...

<img alt="" height="1" width="1"> Microsoft Gets Serious About App Virtualization CRN, NY - 16 hours ago Additionally, Microsoft is loosening the reins of its Vista Enterprise Centralized Desktop (VECD) licensing to account for virtualized desktops running as ... More...

<img alt="" height="1" width="1"> IE8 is praised but doubts over compliance remain Computing, UK - 1 minute ago To aid IT departments, IE8 can be “slipstreamed” into Windows Vista or Windows Server 2008 rather than being installed separately, while new group policy ... More...

<img src=http://news.google.com/news?imgefp=z6ShKjz6d5IJ&imgurl=technology.timesonline.co.uk/multimedia/archive/00392/chrome_385x185_392565a.jpg width=80 height=38 alt="" border=1> Times Online <img alt="" height="1" width="1"> FAQ: Google polishes up its new browser, Chrome Computerworld, MA - 17 hours ago You can download the beta from Google's Chrome page, which will only offer the download if rendered on a Windows XP or Vista machine, or in a virtual ... Video: Tech Test: Google Chrome Lacks Polish AssociatedPress Mozilla's Thoughts On Google's Chrome Slashdot Google Chrome gives you more time for the other things in life Cnet Asia Computerworld all 3,155 news articles More...

<img alt="" height="1" width="1"> Chrome a serious challenger in browser battle International Herald Tribune, France - 6 minutes ago ... stronger protection than Internet Explorer 8 gives you, especially in Windows XP. (Internet Explorer 8 supplies its best protection only in Windows Vista.) More...

In March I wrote about the Developer Tools in Internet Explorer 8 Beta 1 and outlined three key benefits: Integrated and simple-to-use Provide a visual interface to the platform Enable fast experimentation Internet Explorer 8 Beta 2 brings the Developer Tools closer to realizing the full potential of these benefits with significant improvements to existing features and new functionality meant to make you more productive. Profiling and Debugging JScript Beta 1 introduced a JScript debugger that lets you easily debug Jscript within Internet Explorer. In Beta 2, we’ve made a few great improvements: it now supports Console.log, just-in-time debugging, and has better usability through changes like an improved file chooser. http://ieblog.members.winisp.net/images/debugger2.png However, the debugger only helps get your site working properly and you need to make sure your site works optimally. That’s why Beta 2 includes a built-in JScript profiler. Use it to build high-performance web applications in Internet Explorer by finding hotspots and comparing different design patterns. Simply press ‘Start Profiling’, perform you scenario, and press ‘Stop Profiling’ to view profile data for all JScript, including built-in methods. http://ieblog.members.winisp.net/images/profiler2.png Keep following the IEBlog for more details about these great features. You can also read our online documentation on script debugging and script profiling. Working with HTML and CSS While Beta 1 supported live editing of only HTML attributes, Beta 2 brings this functionality to all of HTML and CSS. With live editing of CSS, just click a property name, value, or selector, type a new value, and press ENTER. http://ieblog.members.winisp.net/images/edit_css2.png If you need to change HTML tag names, reorder, or add/remove elements, use full-text editing. Press ‘Edit’ in the toolbar of the HTML tab to make the full HTML editable. Press it again to commit your changes and return to tree view. This uses innerHTML so the same rules about running script apply as if you made the changes through JScript with innerHTML. http://ieblog.members.winisp.net/images/full_edit2.png Changes made in the tools last only until the page refreshes or you navigate away. While this lightweight editing is helpful, it also makes it easy to lose changes. Beta 2 lets you save the current HTML and CSS to a text file so you have a reference when updating your source. The data in the tools comes from Internet Explorer rather than your source and thus might contain changes beyond edits you made with the tools so the default file format is txt to prevent accidental overwrites of the original source. A good way to identify just your changes is to save the HTML from the page before and after your changes and use a tool like windiff. Testing Compatibility The Developer Tools have two menus for compatibility: “Browser Mode” and “Document Mode”. “Browser Mode” lets you modify how IE behaves as well as how it reports its version to servers and web sites. This lets you use IE8 to test what your site looks like in IE7 and what your site looks like for users in IE8 who pressed “Compatibility View”. “Browser Mode” affects the user agent string, version vector used when evaluating conditional comments, and the rendering mode. “Document Mode” lets you test what your site would look like if you changed its rendering mode by using a different doctype or the meta tag. You’ll also notice that the menus always display the current mode so the information’s available with zero clicks. Simple to Use From the start, we’ve worked to make the tools user-friendly. We made them part of every IE8 installation so you didn’t have to install anything extra, built per-instance script debugging so you don’t constantly find yourself in the ‘Advanced’ tab of Internet Options, and worked to reduce the clicks needed for common tasks. In Beta 2, we’ve made a few important changes that should make the tools even better. If you’re like me, you love using the keyboard. Beta 2 adds extensive keyboard shortcuts for frequently-used functionality and uses common keyboard conventions so you become comfortable with the tools quickly. For example, F12 opens the tools, CTRL+E puts focus in the search fox, and F3 and SHIFT+F3 cycle through results. Check out the full keyboard reference to learn all the shortcuts. Besides some polish to make the tools prettier (even devs appreciate a nice design touch here and there), toolbars within the tabs make access to common tasks fast, and syntax-highlighting throughout the tools makes everything easier to read. You can pin the Developer Tools to the Internet Explorer window as you could with the Internet Explorer Developer Toolbar, but Beta 2 also lets you minimize in window. With the tools pinned, press the ‘Minimize’ button or CTRL+M to reduce the tools to only the menu bar to save screen space while retaining access to the menus and Browser and Document Modes. http://ieblog.members.winisp.net/images/minimize.png Internet Explorer Developer Toolbar Features As promised, we’ve included all the features you’re familiar with from the Internet Explorer Developer Toolbar, including the ‘Attributes’ list view and ‘Resize window’ functionality. More Information Keep watching this blog for more about the JScript tools and check out these articles for more information: Discovering the Internet Explorer 8 Developer Tools Developer Tools: Script Debugging Overview Internet Explorer 8 Developer Tools GUI Reference Developer Tools: Script Profiler Overview Developer Tools: Keyboard Shortcuts John Hrvatin Program Manager edit: image resize http://blogs.msdn.com/aggbug.aspx?PostID=8923370 More...

<img src=http://news.google.com/news?imgefp=Ai_qSG0eMBcJ&imgurl=www.windowsfordevices.com/files/misc/microsoft_livemesh_winmo_demo.jpg width=80 height=67 alt="" border=1> WindowsForDevices <img alt="" height="1" width="1"> Microsoft demos mobile cloud sync client WindowsForDevices, CA - 22 minutes ago To access the Microsoft Live Mesh blog, which has been providing information about regular, incremental updates to the Windows Vista and XP Live Mesh ... More...

<img src=http://news.google.com/news?imgefp=GpIPrVMD_D4J&imgurl=s.wsj.net/media/flash_art_160_20080903131822.jpg width=56 height=80 alt="" border=1> Wall Street Journal Blogs <img alt="" height="1" width="1"> New Microsoft virtualization license lets hosters deliver third ... ZDNet Blogs - 3 hours ago “Contract Workers: Companies can use VECD to deploy a standard, sandboxed, Windows Vista virtual machine for use on contractor machines for $110 per PC/yr. ... Microsoft Gets Serious About App Virtualization CRN all 10 news articles More...

<img alt="" height="1" width="1"> Google Chrome Browser Launched Money UK, UK - 11 hours ago However, while this initial run is only compatible with Windows XP and Windows Vista, Google have confirmed that Max and Linux versions will soon be ... More...

Here's a wrap up of this week's Google Chrome coverage: A hands-on report about the search giant's new Web browser! More...

<img alt="" height="1" width="1"> LiveSide - News blog » New LifeCam models on the way – VX5500 and ... LiveSide - 15 hours ago Thanks to some great work by tophtucker and then BV2312, we managed to catch the new Windows Live Hotmail promotion site as soon as it popped up today. ... On the eve of Wave 3; the promise and the problems LiveSide all 3 news articles More...

<img alt="" height="1" width="1"> Microsoft liberalizes desktop virtualization options, but they ... Computerworld, MA - 2 hours ago 1, the Vista Enterprise Centralized Desktop (VECD) virtualization license will be expanded to accommodate IT managers facing several situations. ... More...

<img alt="" height="1" width="1"> New Microsoft virtualization license lets hosters deliver third ... ZDNet Blogs - 38 minutes ago “Contract Workers: Companies can use VECD to deploy a standard, sandboxed, Windows Vista virtual machine for use on contractor machines for $110 per PC/yr. ... More...

<img alt="" height="1" width="1"> Google Chrome gives you more time for the other things in life Cnet Asia, CA - 8 minutes ago ... I can't help noticing how Microsoft seems to churn out heavier softwares eg Windows Vista to replace Windows XP, where as Google produces lighter ones. ... More...

Cloud Computing Expo - Google Chrome & Browser War III - Sys-Con Italia (Comunicati S <img src=http://news.google.com/news?imgefp=vnGAlwdQdRwJ&imgurl=res.sys-con.com/story/sep08/661517/googlechrome_0.jpg width=80 height=65 alt="" border=1> Sys-Con Italia (Comunicati Stampa) <img alt="" height="1" width="1"> Cloud Computing Expo - Google Chrome & Browser War III Sys-Con Italia (Comunicati Stampa) - 6 minutes ago (http://blogoscoped.com/google-chrome/) Making the best of things, Google said Chrome will initially run only on Windows Vista and XP. ... More...

<img alt="" height="1" width="1"> Windows 7: Can Microsoft get boot time to under 15 seconds? ZDNet Blogs - 25 minutes ago The much-touted official “Engineering Windows 7´´ blog has provided a lot of words about how Microsoft developers think about building an operating system ... More...

<img alt="" height="1" width="1"> Reading Google Chrome's Fine Print Slashdot - 3 minutes ago "I'll take another example: just before Microsoft launched Vista, it invited us [to work with it] so that Firefox works better on Windows Vista. ... More...

<img src=http://news.google.com/news?imgefp=a3LaDybwdwsJ&imgurl=www.welt.de/multimedia/archive/00657/eng_google_teaser2__657125g.jpg width=80 height=53 alt="" border=1> WELT ONLINE <img alt="" height="1" width="1"> Reading Google Chrome's Fine Print Slashdot - 32 minutes ago "I'll take another example: just before Microsoft launched Vista, it invited us [to work with it] so that Firefox works better on Windows Vista. ... Video: Money Minute: Google,Tata and Pfizer AssociatedPress Chrome goes for extreme minimalism International Herald Tribune Google spins web browser eWeek Houston Chronicle - Computerworld all 2,335 news articles More...

Now that Beta 2 has released, I want to provide a short update on some of the smaller security changes the team has recently made. I’ve also linked to a great article on the IE8 XSS Filter implementation written by the architect of that feature. Restricting document.domain The document.domain property initially returns the fully qualified domain name of the server from which a page is served. The property can be assigned to a domain suffix to allow sharing of pages across frames from different hostnames. For instance, two frames running at app1.example.com and app2.example.com can script against one another if both frames set their document.domain to their common example.com. A frame may not set its domain property to a top-level-domain, nor to a different domain suffix. For instance, app1.example.com cannot set its domain property to .com or microsoft.com. The HTML5 proposal formalizes the algorithm used to determine if a given domain property assignment is permitted, and it specifically requires that the assigned value is a suffix of the current value. In Internet Explorer 7, the following set of calls would succeed: // initial document.domain is app1.example.com document.domain = "app1.example.com"; // 1. Domain property set to default value document.domain = "example.com"; // 2. “Loosen” domain document.domain = "app1.example.com"; // 3. “Tighten” domain In Internet Explorer 8 and other browsers, the 3rd assignment will throw an exception, because app1.example.com is not a suffix of the then-current value, example.com. Put simply, once you’ve loosened document.domain, you cannot tighten it. Web Applications that need to interact with data from other domains may wish to consider using the postMessage() or XDomainRequest APIs rather than adjusting the document.domain property. Restricting Frame-Targeting HTML5 also specifies the circumstances in which one frame is permitted to use the targetname parameter of a window.open() call to navigate another named frame or window. The rules are meant to help prevent a window injection vulnerability. In a window injection attack, a malicious website in one browser frame attempts to “hijack” a frame or popup owned by a trusted webpage. For instance, consider the scenario where http://contoso.com opens a popup window with the name helpPage. window.open("helpTopic.htm", "helpPage", "height=200,width=400"); If another page at http://evil.example.com attempts to hijack this window, like so: window.open("spoof.htm", "helpPage", "height=200,width=400"); …instead of navigating the helpPage window owned by Contoso.com, spoof.htm will instead open in a new browser window. While Internet Explorer 7 and 8 always show an address bar on every window, this new restriction makes window injection spoofs even less convincing. MIME-Handling: Sniffing Opt-Out As discussed in Part V of this blog series, Internet Explorer’s MIME-sniffing capabilities can lead to security problems for servers hosting untrusted content. At that time, we announced a new Content-Type attribute (named “authoritative”) which could be used to disable MIME-sniffing for a particular HTTP response. Over the past two months, we’ve received significant community feedback that using a new attribute on the Content-Type header would create a deployment headache for server operators. To that end, we have converted this option into a full-fledged HTTP response header. Sending the new X-Content-Type-Options response header with the value nosniff will prevent Internet Explorer from MIME-sniffing a response away from the declared content-type. For example, given the following HTTP-response: HTTP/1.1 200 OK Content-Length: 108 Date: Thu, 26 Jun 2008 22:06:28 GMT Content-Type: text/plain; X-Content-Type-Options: nosniff This page renders as HTML source code (text) in IE8. In IE7, the text is interpreted as HTML: http://ieblog.members.winisp.net/images/IE7Text.png In IE8, the page is rendered in plaintext: http://ieblog.members.winisp.net/images/IE8text.png Sites hosting untrusted content can use the X-Content-Type-Options: nosniff header to ensure that text/plain files are not sniffed to anything else. XSS Attack Surface Reduction: CSS Expressions Disabled IE8 Standards Mode Also known as “Dynamic Properties,” CSS expressions are a proprietary extension to CSS that carry a high performance cost. CSS Expressions are also commonly used by attackers to evade server-side XSS Filters. As of Beta 2, CSS expressions are not supported in IE8 Standards Mode. They are still supported in IE7 Strict and Quirks mode for backward compatibility. While the IE8 XSS Filter can block attempts to reflect CSS Expressions as part of an XSS attack, blocking them in IE8 Standards Mode brings a performance benefit, improves standards-compliance, and acts as an attack surface reduction against script injection attacks. Deep Dive on the IE8 XSS Filter David Ross, architect of the IE8 XSS Filter has published a technical article on the architectural and implementation details of the XSS Filter over on the Secure Windows Initiative blog. If you’re interested in the nitty-gritty details of how the XSS Filter operates, please take a look. Thanks for reading! Eric Lawrence Program Manager Internet Explorer Security http://blogs.msdn.com/aggbug.aspx?PostID=8921217 More...

<img alt="" height="1" width="1"> LiveSide - News blog » New LifeCam models on the way – VX5500 and ... LiveSide - 59 minutes ago Thanks to some great work by tophtucker and then BV2312, we managed to catch the new Windows Live Hotmail promotion site as soon as it popped up today. ... More...

<img src=http://news.google.com/news?imgefp=a3LaDybwdwsJ&imgurl=www.welt.de/multimedia/archive/00657/eng_google_teaser2__657125g.jpg width=80 height=53 alt="" border=1> WELT ONLINE <img alt="" height="1" width="1"> Mozilla's Thoughts On Google's Chrome Slashdot - 7 hours ago "I'll take another example: just before Microsoft launched Vista, it invited us [to work with it] so that Firefox works better on Windows Vista. ... Video: Money Minute: Google,Tata and Pfizer AssociatedPress Chrome goes for extreme minimalism International Herald Tribune Google spins web browser eWeek Houston Chronicle - Computerworld all 2,017 news articles More...

<img alt="" height="1" width="1"> Chrome goes for extreme minimalism International Herald Tribune, France - 5 minutes ago ... protection than what Internet Explorer 8 gives you, especially in Windows XP. (Internet Explorer 8 supplies its best protection only in Windows Vista.) More...

If you think Google's Chrome Beta looks good on Vista, wait until you see it on Windows XP! More...

<img src=http://news.google.com/news?imgefp=T4aJRyLlHBAJ&imgurl=assets.nydailynews.com/img/2008/09/03/amd_googlechrome.jpg width=80 height=75 alt="" border=1> New York Daily News <img alt="" height="1" width="1"> Mozilla's Thoughts On Google's Chrome Slashdot - 3 hours ago "I'll take another example: just before Microsoft launched Vista, it invited us [to work with it] so that Firefox works better on Windows Vista. ... Video: Money Minute: Google,Tata and Pfizer AssociatedPress Internet Explorer 8 offers some intriguing features Houston Chronicle Browser rivals confident they can compete with Google Computerworld CRN - TECH.BLORGE.com all 1,770 news articles More...

<img alt="" height="1" width="1"> Blogs useful for integrators ITworld.com, MA - 10 minutes ago Microsoft’s new blog from Windows chief Steve Sinofsky dedicated to the engineering of Microsoft Windows 7 (slated for 2010) should be added to your list. ... More...