Microsoft rolls out developer preview of IE11 on Windows 7

Right, clearly you know better. It's not like Microsoft is putting a ton of effort into pushing new and current standards and designing tests around them. It's not like other testing grounds like the "browser grand prix" have openly adopted several of their tests. The only BS here is your nonsense.

"Solved" rofl. WebGL security will never be "solved". It's one of those risks that people seem to be willing to take.

Please, it was Microsoft that was pushing for changes to the spec, meanwhile Firefox and Chrome just throw it in there and suffered the consequences when the media's advice was to "disable WebGL". Now Microsoft reaps their own rewards and improves upon it with their own implementation.

It's obvious to anyone with half a brain cell that Microsoft have taken far better steps than anyone else to provide a more secure WebGL experience. This has been obvious from the start by how nervous they were about implementing it until now. But even with that, it will never be "solved". More issues will crop up, that's a guarantee. The in-built SmartScreen will need to be tweaked to compensate against emerging threats.



Nah who am I kidding, WebGL is secure as rocks, it's totally been "solved" and we will never have to deal with WebGL related attacks. /s

LOL.

 

I'm very familiar with Tab defaults for IE 10....
Since you are not even running the preview of IE 11, you wouldn't know about the Tab options in this particular version. I would at least suggest trying it first, before giving advice....

 

There have been multiple callouts by web developers on IE's "benchmarks".

http://featherweightmusings.blogspot.it/2012/12/how-to-win-benchmarks-and-influence.html

That's just one of quite a few. There's a reason you'll have Chrome/Firefox kill IE at every benchmark *other* than Microsoft's own benchmarks...

The attacks that Microsoft pointed at back when WebGL was "oh so dangerous" were solved. CORS was around in 2010, and implemented soon after. You can still exploit an OGL renderer, naturally, but the issue that they had to wait two years to deal with was already solved to a plenty-adequate degree (since that's what they're using now to secure it). But of course IE users have to wait years, slowing down the entire web's progress.

Yeah, journalists really know what they're talking about when it comes to security lol I'd say they're about as informed about the attacks as, say, someone who's read a few articles put out by Microsoft on the subject.

Those horrible consequences of having 0 attacks against them and having uninformed journalists tell users how endangered they are against attacks that have been mitigated for years! How ever will they survive as they continue to eat away at the dying IE's market share?!

lol is that right? Microsoft at the forefront of security? And the evidence of this is that it took them 2 years to implement the standard? I guess that's one approach to security - just don't implement protocols! They have vulnerabilities! OR, you know, put them out there, let security researches hack at them, and then respond... that thing that Chrome/Firefox have been doing for two years now. So whereas Chrome/Firefox have had CORS and various other security techniques used for ages now, and have had attackers going at them for years, Microsoft has only just pushed out this implementation - but you say Microsoft's version is more secure? lol because of smartscreen? Yikes.

You should try to pursue some sort of education that doesn't involve reading Microsoft articles on Microsoft features. You might get a decent view of how these things actually work.

 

Hahahaha linking to a Mozilla developer blog *clap clap*
Here's a GOLDEN quote from his subsequent bug report.

That's the difference when it comes to IE. They do see a reason to optimize these things and they do think it's worth the effort. Then they show off those optimizations with benchmarks. So far, the same seems to hold true with security, whilst firefox trails miles behind. It's easy to ignore things you think are "lesser issues" when you have a tiny deadline, you should know that by now. A 6 week release schedule isn't good for anything.

No, they weren't.

That isn't all they're using.

Yeah, all 2 websites using WebGL, 1 being Google maps and the other being that doom game. If you want to talk about slowing down the web how about Chrome and Firefox's implementation of TLS 1.2, yeah, that took them quite a few years there.

Actually it was recommended by CERT. The media had no choice but to follow that recommendation, Chrome and Firefox haven't left them with any other choice.

There was already a WebGL attack on Firefox fixed in Firefox 5 in 2011, well after the "CORS saviour".

Actually IE is growing marketshare for the past year. This is a result of starting to take the web browser "game" a bit more seriously with IE9+.

You're so impatient you can't see past your own nose. You don't just throw in a half-baked implementation of a new standard when there are KNOWN security issues that need resolved. You wait until the authors behind the spec improve it, fix the standing issues, and then implement the feature.

Correct, and also the extra work they put into it. "We did a lot of analysis of vulnerabilities, we did threat modelling, and we have essentially a pre-screening stage"

Wow, getting agitated much? I guess that's what happens when all you have to bring to this discussion is CORS and nothing else. Like it's some form of saviour to all WebGL issues.

I'll just say I try my best to keep my head out of the Google delusion.

A few things for you to learn before spewing more moronic statements:
http://www.contextis.co.uk/research/blog/webgl-new-dimension-browser-exploitation/
http://www.contextis.co.uk/research/blog/webgl-more-webgl-security-flaws/

 

It's not ready for prime time as it's a Beta Proceed at your own risk & Peril.

 

Agh, I actually read the rest of your post. Literally painful. Learn a low level programming language, take an online class on HTML, do something. It's just embarrassing to read this ****. I feel like I'm talking to a grown man and I have to teach him addition and subtraction. If you care to learn about this stuff, go learn. I'm trying to have a discussion about something that you don't know, we may as well be talking about quantum physics and you're going from reading Science Magazine articles to telling people off for not knowing about quantum entanglement. Again, it's embarrassing.

Honestly, stop talking about **** you don't understand in such a way that will make people think you do. It's annoying, and people who know less won't understand it. You have 0 education in this field, you read blog posts from Microsoft about vulnerabilities that you do not understand.

I could write a proper response back to every non-point you made in that post, but it serves no purpose. To readers of this topic, they should just know that you have absolutely no credibility, and your opinions should never be taken seriously despite your tone

tl;dr: if you're going to post like a tool, at least have some clout to back it up.

 

I'll just end this with "sure thing boss". When the next exploit crops up that affects Chrome/Firefox and doesn't affect IE, I'll be sure to quote your enlightening post.