I have had my 64 bit OS for several months now and loving the increased speed and stability of everything that I use. I did not realize until a few moments ago that I had been using the 32 bit version of IE. Now this really has not been a problem, but I did purchase a 64 bit OS and would like to take advantage of it.

In my list of programs I started to notice that there were two version…

 

 

 

 

Task Manager was also mocking my naivety…

 

So after updating the all the accessible shortcuts in every location I find myself left with 64 bit goodness, hopefully there are no unfortunate side effects!

 

I was doing some research on design patterns for delegates verses interfaces and one page tab in particular caused an all to familiar message.

Just from habit I started to make a mental note of all the tabs I had open as I figured IE was about to go completely belly up and I would lose everything. Much to my delight, however, a simple message popped up indicating that the tab was about to be restarted and all my other sessions were intact.

I know this is not new to Firefox users but I have stubbornly stuck with IE (through thick and thin) and this marks one of those truly helpfully things that they are ultimately embarrassed to not already have.

 

 

 

 

 

I just realized that IE8 has been released. If like me you were put off by some of the earlier betas you can put your mind at ease. There has been a metric ton off discussion around how slow or how fast it may or may not be. In my anecdotal opinion, IE8 is comparable to the other browsers. Microsoft found it necessary, however, to release a video explaining why the stats and discussions about IE8 were not quite valid. We shall see I guess ;)

Dare I ...

I have been reviewing some of the enhancements and the idea of a Compatibility View concept just makes me cringe. This concept basically lets you view the current site as if your browser were IE 7. Apparently the IE 8 team made a choice that would effectively break some sites, Joel Spolsky goes into some great details about the issue (somewhat verbose but very important for web developers).

I do like the the InPrivate browsing, the idea of not having to necessarily delete my cookies and offline content after purchasing and browsing the web is appealing. Key loggers aside this does make it much safer for people who use public PCs in public locations.

With that said, I am not sure if I really have a choice about downloading this, it will be my professional problem soon enough.

The recent stir in high profile security issues has got me real paranoid about my computer habits. Trying to secure myself from the marauding hordes of criminal hackers has always been a cat and mouse game. I just try to make sure that I have as much information as possible.

The issue of spam is still a really big one, most of the time I get about 20-30 unsolicited mail, mostly harmless, but once in a while I get a piece of mail that gets past my safe guards and makes me worried for all my friends that are little less cautious than I am.

So here are my golden rules for spam detection ... be suspicious if the email sent to you is not able to identify you by first and last name (or maybe your login ID). There should be sufficient hints in the email that let you know that the company emailing you knows enough about you to warrant your trust. For example every email that I get from PayPal has my full name in the email. So I feel d less suspicious that this is a random spamming campaign. When an email begins "Dear <youremail>," then this is a clear indication that I should treat the contents with a healthy dose  of skepticism.

So I recently received an email from "NatWest" the bank, not the real one of course. Some unscrupulous rascal attempting to masquerading as NatWest.

 

Of course they wanted my banking details account numbers, PIN even my credit card information. Thankfully there has been significant adoption of layered security which allows you to setup additional personal questions, and there are some sites that allow you to select personalized pictures that make your login experience uniquely identifiable.

So I noticed that when I open up the phishing site in FireFox 3, I got no indication that it was a spoof site (as above). However, IE immediately let me know that the website was really a poorly disguised phishing attack (below) and warned me to go no further. I am not sure what mechanism keeps track of phishing sites but FireFox was a little slow on this one.

Banks never want you to update security information by email and in fact go to great lengths to only use emails for account related alerts and\or marketing. The easy to use golden rule I have established for my wife and I is to always use our predefined browser favorites to browse to our financial\sensitive information. If there is a legitimate need to ask me to update my details it will have to start and end at our favorites list.

DISCLAIMER: Please do not follow any of the links in the images I show, I am quite certain that are meant to hurt honest hard working people like you and me. Also due to the nature of the post I feel the need to reiterate that all the content I post on my site constitutes my own opinion and is not a reflection of my employer or any of their policies.

I am a 'fan' of IE 7, I actually really like it! I just realized that I have not been using the tabbing options as efficiently as possible. If you hit CTRL-Q you get a summary of windows that you have open. Is there an equivalent in FireFox?

I have been a fan of the ieHTTPHeaders (v1.6) application for a couple of years now, it has been my HTTP sniffer of choice and has helped me debug a myriad of issues! I realized today, quite by accident, that there was a significant update late last year.

The two obvious (and maybe only) updates include the ability to filter your results by Content Type and HTTP Status code. This kind of filtering is critical, just go to any content rich website, like nba.com, and you will be inundated with a series of responses that you will probably have to copy to notepad just to complete an effective search.

 

Download here. This is nice ... very nice!

I had a fascinating email sent to me the other day that shows how one could develop a web page that could access the clipboard of an IE user. Try copying some text into you clipboard and if you navigate to this site with IE it will access the text in the clip board and display it on the page. Pretty scary!!

While this feature is based on client scripting it is obvious that this exploit could be used to snag various things from your clipboard (maybe passwords) and send them back to a server via JSON, AJAX, POST etc.

I am not a JavaScript expert but I think the following would do the trick:

var content = clipboardData.getData("Text")

Turning off the feature is pretty simple (IE 7):

1. Go to Internet Options and select the Security tab.
2. Click custom level
3. Select disable under Allow Programmatic clipboard access.

I noticed now that most free software is note quite as free as the label suggests. Whether you are installing Adobe products or (what I am installing now) Live Writer, applications are trying to install toolbars or change my default search engine.

I guess free software really means free like a puppy!

"The truth is that many people set rules to keep from making decisions." - Mike Krzyzewski

I have been using ieHTTPHeaders recently as my HTTP sniffer of choice, it installs as an explorer tool bar for Microsoft Internet Explorer bar.

 

 

I find it necessary to explain the very basics of HTTP for some reason, it struck me that there are probably many developers who have added a button and a text box to a ASP.NET page without really thinking about the plumbing between the browser and the web server. While these additional layers are designed for ease of use and rapid application development, I do fear the collective is being dumbed down ... so ...

 

HTTP is a request/response protocol between clients and servers. An HTTP client initiates a request by establishing TCP connection to a  port on a web server (port 80 by default). A HTTP server (e.g. IIS) listens for these afore mentioned requests message on the selected port.

Upon receiving the request, the server will send back a status line e.g "HTTP/1.1 200 OK", and a message of its own, the body could be the the requested file or some other information. Resources to be accessed by HTTP are identified using Uniform Resource Identifiers (URIs/URLs) using the http: or https URI schemes.

The request message from the above, requests a JavaServer Page from the /scores directory as follows:
GET /scores/SimpleScoreboard.jsp HTTP/1.1

 

"Knowledge is the life of the mind." - Abu Bakr

IE7 has a reassuring color scheme dedicated to those users who just want a gentle safety reminder for the sites they visit. I have noted previously of web sites that spoof the real thing. This could be catastrophic for someone logging into, for example, PayPal. Even if the site were simply for your email, Imagine the havoc that could be unleashed if someone were to get your email password for just 12 hours. So all IE7 users should bear in mind the following security color schemes:

Red
The certificate is out of date, invalid, or has an error.

Yellow
The authenticity of the certificate or certification authority that issued it cannot be verified.

White
The certificate has normal validation. This means that communication between your browser and the web site is encrypted.

 

 

Green
The certificate uses extended validation. This means that communication between your browser and web site is encrypted and that the certification authority has confirmed the web site is owned or operated by a business that is legally organized under the jurisdiction shown in the certificate and on the Security Status bar (a nice extra step).

It should be noted that even if the connection between your computer and the web site is encrypted, it does not guarantee that the website itself is trustworthy. Any knuckle head can get a URL and pay for a secure certificate. Your privacy can still be in jeopardy if the web site owners are fraudulent or simply do not take the time to secure your information.

 

"We know our friends by their defects rather than by their merits." - W. Somerset Maugham

I had my prayers answered when Don sent this link. IE Inline search is here and works just like Firefox. "A thing of beauty is a joy forever" To be fair they should have released this with IE7 but I will not complain in this post!

IE7 is officially cool...I think it is ok to simply say IE7 is a good browser. I had been holding my breath waiting for the inevitable security update that would herald IE as just another piece of garbage teetering on the border between security and anarchy. Alas IE7 seems very solid.

"Books, the children of the brain." - Jonathan Swift

I was visiting the PropellerHead website, in attempt to get some information about a new piece of music software that I recently installed. As the page loaded I saw some activity in the lower right corner of IE that suggested that I needed to verify a Add-on.

The whole thing about running an Add-on is that you always want to make sure who created it and also to ensure that it can do little or no harm. How much do you trust the source? This issue has been tackled by using a valid signature. A valid digital signature verifies the identity of the publisher (the company, website, or individual that is distributing the file), as well as the fact that the file has not been tampered with since it was signed. If the file has no valid digital signature, you cannot be certain that the file is actually from the source it claims to be from, or that it has not been tampered with. You should not open the file unless you trust the publisher and know that the contents are safe to open.

Unfortunately so few Add-ons appear to be verifiable, or at least only Adobe and Microsoft appears to be bothered enough to setup a Digital signature for their controls.

 

I certainly do not trust ActiveX controls as a rule, but you can now use the Add-on Manager to verify what controls are running and subsequently what resources it may be using. Here is Microsoft's advice:

Before installing any ActiveX control, consider the following:

• Were you expecting to receive this control? - Are you surprised that this website is trying to download an ActiveX control? Has this website required you to use an ActiveX control in the past? If this action is unexpected, you should be very cautious. Make sure you know what the control is for and what it will do to your computer before you save or run the file.
• Do you trust the website providing the control? - Don't install an ActiveX control unless you absolutely trust the website that is giving you the control.
• Do you know what the control is for and what it will do to your computer? - The website providing the file should tell you what this ActiveX control is for and provide any special details you need to know before you install it. If this information is not available, you should not install the control.

 

"Study without desire spoils the memory, and it retains nothing that it takes in." - Leonardo da Vinci

I was searching for hotels in Milan for up coming trip I have, and I was swamped with a truck load of sponsored links. One unsponsored link caught my eye and I selected it hoping to find more information on the central area of Milan, only to be confronted by this...

Now, I was always one of those children that when you told me that fire was hot I had to see how hot it was ... so I chose the 'Continue to this website (not recommended).' options. After ignoring this error, IE7 still does not quit warning you there is potentially a problem (kudos) and you are then shown the page with an angry red background.

IE clearly indicates that there is a certificate error and also explains that this site is apparently masquerading as another web site. By clicking on the view certificate it was clear that this website was trying to pose as www.cia.gov.

"Always and never are two words you should always remember never to use." - Wendell Johnson

The combination of FolderShare, Windows Desktop Search and several other tools have enabled me to search quickly and comprehensively all my relevant data from any machine I own. This has led me to question the search features of both Live Writer and IE7.

My blog serves as a reminder to me of technical issues, that my colleagues and I have overcame. However, I am left with no real way to do a comprehensive search of just my blog. I would suggest that Live Writer provide a search. It apparently pulls down most if not all of your posts to your local machine anyway ... Just realized I can add the .wpost extension to my Windows Desktop Search, I just have to figure out how to download all my old posts before I installed Live Writer.

My second issue is still valid though! When you select text and right click within IE7 you can do an MSN search. I think it would be much more reasonable to use your default search engine, which they now allow you to select. In defense of IE7, FireFox does the same thing by always using Google Search.

I still like it ... I really do. In my last post I wanted to be able to import my feed list from FeedReader, after a quick export of the OPML file, importing to IE7 was really easy.

I found this step-by-step process for backing up\importing feed lists to\from an OPML file in IE7:

- Click on the Add button (the star and plus button next to the Favorites Center button -- Alt-Z is the keyboard shortcut).
- Click on Import and Export in the menu.
- In the wizard, select Export\Import Feeds from the list of options and click Next (You will need to export a list from you current aggregator)
- Select where you would like to (put\get) the file to be import.
- Finish up the wizard.

Upon installing it the second time I also noticed that I agreed to install the Microsoft Malicious Software Removal Tool. A vision of a Microsoft Tool used to detect malicious Microsoft software sprung to mind. Software originating from the same company rejecting itself as malicious ... maybe not but how hilarious would that be?!

Also be advised that this new version is set to be forced down our throats as automated update. While this may be fine for most casual users it is important to realize that many companies may want significant testing before letting this IE7 lose in the wild. Microsoft has provided a toolkit to stop the automatic delivery of IE7.

"My pessimism extends to the point of even suspecting the sincerity of the pessimists." - Jean Rostand