Simon Willison’s Weblog

Items tagged microsoft in Nov, 2009

Filters: Year: 2009 × Month: Nov × microsoft ×


Negative Cashback from Bing Cashback (via) Some online stores show you a higher price if you click through from Bing—and set a cookie that continues to show you the higher price for the next three months. It’s unclear if this is Bing’s fault—comments on Hacker News report that Google Shopping sometimes suffers from the same problem (POST UPDATED: I originally blamed Bing for this). # 23rd November 2009, 9:24 pm

IE 6 and 7 hit by hack attack code. IE6 and 7 have what looks like a buffer overflow vulnerability caused by a strange intersection of CSS, innerHTML and large JavaScript arrays. No exploits in the wild yet but it’s only a matter of time. # 22nd November 2009, 3:38 pm

Major IE8 flaw makes ’safe’ sites unsafe. IE8 has an XSS protection feature which rewrites potentially harmful code in HTML pages—I think it looks for suspicious input in query strings which appears to have been output directly on the page. Unfortunately it turns out there’s a flaw in the feature that can allow attackers to rewrite safe pages to introduce XSS flaws. Google are serving all of their pages with the X-XSS-Protection: 0 header. Until the fix is released, that’s probably a good idea. # 22nd November 2009, 3:34 pm

Types

Years

Months

Tags