Update: The October 2018 Cumulative Security Update (KB4462919) brings the RS5 Cookie Control changes described below to Windows 10 RS2, RS3, and RS4. Note: Most of the content about “Edge” in this post describes Edge Legacy– modern Edge is based on Chromium and behaves mostly like Chrome. See more discussion of 3P cookies in 2022’s NewContinue reading “Cookie Controls, Revisited”
Author Archives: ericlaw
Firefox and Fiddler – Easier than Ever
In a world where software and systems seem to march inexorably toward complexity, I love it when things get simpler. Years ago, Firefox required non-obvious configuration changes to even send traffic to Fiddler. Eventually, Mozilla changed their default behavior on Windows to adopt the system’s proxy, meaning that Firefox would automatically use Fiddler when it was attached,Continue reading “Firefox and Fiddler – Easier than Ever”
Chrome Sync
Disclaimer: Hi. I’m an engineer on the Edge browser now, but worked on Chrome Security for a bit over two years. I speak for no one but myself, and I share no internal or confidential information in this post. Update: The Chrome team announced upcoming changes based on user-feedback. This weekend, there were a bunchContinue reading “Chrome Sync”
Cookies and Concurrency, Redux
Note: This post concerns Edge Legacy (aka Spartan) and does not apply to the modern Chromium-based Edge. In yesterday’s episode, I shared the root cause of a bug that can cause document.cookie to incorrectly return an empty string if the cookie is over 1kb and the cookie grows in the middle of a DOM document.cookieContinue reading “Cookies and Concurrency, Redux”
ERROR_INSUFFICIENT_BUFFER and Concurrency
Many classic Windows APIs accept a pointer to a byte buffer and a pointer to an integer indicating the size of the buffer. If the buffer is large enough to hold the data returned from the API, the buffer is filled and the API returns S_OK. If the buffer supplied is not large enough toContinue reading “ERROR_INSUFFICIENT_BUFFER and Concurrency”
text/plain 