1. Disable XPS Documents. Disable that new image format found in Vista. “Attackers have been having a field day exploiting image/document formats and parsers, so the fewer formats your browser supports, the better.”
2. Disable Font Download. “If you don’t tend to browse websites outside your normal language, then you really don’t need this.”
3. Disable inclusion of local file directory path when uploading files to a server. “This results in a mild privacy concern because the file path can include identifying information such as your computer’s login account name. Sending ‘c:\Users\jforristal\Pictures\blog.gif’ exposes [the] username ‘jforristal’.”
4. Disable prompting if you are prone to just clicking “yes”. “If you are prone to always selecting ‘yes’ whenever a popup box is presented to you (note: not a good habit!), you can remove the temptation by simply switching all the ‘Prompt’ options to ‘Disable.’”
5. Always prompt for username and password. “For home users and others using computers that are not in a business environment that uses Active Directory, there is no advantage to having auto-logon enabled since there is practically nothing you would want to auto-logon to out on the Internet, he said.” (Note: this doesn’t disable auto logon for your websites)
6. Disable SSL 2.0 support. “SSL2 has been long declared insecure and not suitable for use by the regulators of financial institutions”.
7. Enable TLS support. “TLS is the evolution of SSL, offering more security enhancements and extensions than SSL3. Its use is warranted, and thus this feature should be enabled.”
8. Disable searching from the URL bar. “Forristal personally doesn’t like the idea of every cut and paste error, typo, and other items entered into the URL bar to be automatically sent off to search engines as search terms. There is the possibility of an information disclosure situation happening.”
9. Disable unnecessary add-ons. “There are a lot of third-party tools that hook themselves into your browser. Each one technically is a way for an attacker to potentially hack you, and as such, you want to disable as many of them as possible.”
10. Uninstall old Java installations. “While you’re in there, it’s also a good time to browse the list and remove anything else you don’t use anymore — again, less attack surface overall”.

For details on how to do all that (some of them are only useful and work in Vista), go here.

Post from: The Gadget Blog

The legacy of Microsoft continues to be Internet Explorer 6. The widely-used browser continues to cause nightmares for both web developers and visitors alike. The former needed to take special, arbitrary steps to make their creations work properly, while the latter discovered the dangers of the online world through IE6’s security flaws.

Because of this legacy, Microsoft’s dropping of (or at least stopping support for) IE6 has some wide-reaching consequences. As The Inquirer opines:

[Microsoft] has a few other problems if it wants to kill off IE. The first is the awful lot of investment some outfits have put into Active X. The other is that too much of the Web was tweaked to handle IE 6 and there would be some difficult HTML problems for any new browser.

So if the rumor is true, good luck Microsoft!

Post from: The Gadget Blog