Category Archives: browsers

Family Safety Content Filtering

Microsoft Family Safety is a feature of Windows that allows parents to control their children’s access to apps and content in Windows. The feature is tied to the user accounts of the parent(s) and child(ren). When I visit https://family.microsoft.com and log in with my personal Microsoft Account, I’m presented with the following view: The “Nate”Continue reading “Family Safety Content Filtering”

Web Category Filtering

Since the first days of the web, users and administrators have sought to control the flow of information from the Internet to the local device. There are many different ways to implement internet filters, and numerous goals that organizations may want to achieve: Today’s post explores the last of these: blocking content based on category.Continue reading “Web Category Filtering”

Parallel Downloading

I’ve written about File Downloads quite a bit, and early this year, I delivered a full tech talk on the topic. From my very first days online (a local BBS via 14.4 modem, circa 1994), I spent decades longing for faster downloads. Nowadays, I have gigabit fiber at the house, so it’s basically never myContinue reading “Parallel Downloading”

Content-Blocking in Manifest v3

I’ve written about selectively blocking content in browsers several times over the last two decades. In this post, I don’t aim to convince you that ad-blocking is good or bad, instead focusing on one narrow topic. Circa 2006, I was responsible for changing IE so that you could simply add an advertising site to theContinue reading “Content-Blocking in Manifest v3”

Attack Techniques: Encrypted Archives

Tricking a user into downloading and opening malware is a common attack technique, and defenders have introduced security scanners to many layers of the ecosystem in an attempt to combat the technique: With all this scanning in place, attackers have great incentives to try to prevent their malicious code from detection up until the momentContinue reading “Attack Techniques: Encrypted Archives”

Browser Features: Find in Page

For busy web users, the humble Find-in-Page feature in the browser is one of the most important features available. While Google or Bing can get you to the page you’re looking for faster than ever before, once you get to that page, you’ve got to find the information you’re looking for1, and that’s where Find-in-PageContinue reading “Browser Features: Find in Page”

ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox

Recently, many Microsoft employees taking training courses have reported problems accessing documents linked to in those courses in Chrome and Edge. In Edge, the screen looks like this: But the problem isn’t limited to Microsoft’s internal training platform, and can be easily reproduced in Chrome: What’s going on? There are a number of root causesContinue reading “ERR_BLOCKED_BY_CLIENT and HTML5 Sandbox”

Browser Security Bugs that Aren’t: JavaScript in PDF

A fairly common security bug report is of the form: “I can put JavaScript inside a PDF file and it runs!” For example, open this PDF file with Chrome, and you can see the alert(1) message displayed: Support for JavaScript within PDFs is by-design and expected by the developers of PDF rendering software, including commonContinue reading “Browser Security Bugs that Aren’t: JavaScript in PDF”

Attacker Techniques: Gesture Jacking

A few years back, I wrote a short explainer about User Gestures, a web platform concept whereby certain sensitive operations (e.g. opening a popup window) will first attempt to confirm whether the user intentionally requested the action. As noted in that post, gestures are a weak primitive — while checking whether the user clicked orContinue reading “Attacker Techniques: Gesture Jacking”