With little fanfare, an important security change has arrived on the web. Now, all major browsers (except Safari) block non-secure downloads from a secure page. Browser Version Behavior Edge 94+ Block with right-click “Keep” button Chrome 94 Block Silently Firefox 93 Block with “Allow download” button Brave 1.30.89 Block Silently Opera 79.0.4143.72 Block Silently SafariContinue reading “MoarTLS: Non-Secure Download Blocking”
Category Archives: security
Inspecting Certificates in Edge
Curious about how to see a website’s HTTPS certificate in Microsoft Edge? You’ve got two options: A companion post to 2017’s post Inspecting Certificates in Chrome.
Offline NetLog Viewing
A while back, I explained how you can use Telerik Fiddler or the Catapult NetLog Viewer to analyze a network log captured from Microsoft Edge, Google Chrome, or another Chromium or Electron-based application. While Fiddler is a native app that runs locally, the Catapult NetLog Viewer is a JavaScript application that runs in your browser.Continue reading “Offline NetLog Viewing”
Web Proxy Authentication
Last year, I wrote about how the new Microsoft Edge’s adoption of the Chromium stack changed proxy determination away from the Windows Service (WinHTTP Proxy Service) to similar but not identical code in Chromium. This change mostly goes unnoticed, but it can have performance and functionality implications. In today’s post, I want to explore anotherContinue reading “Web Proxy Authentication”
Sandboxing vs. Elevated Browsing (As Administrator)
The Web Browser is the most security-critical application on most users’ systems– it accepts untrusted input from servers anywhere in the world, parses that input using dozens to hundreds of parsers, and renders the result locally as fast as it can. For performance reasons, almost all code in almost all browsers is written in memory-unsafeContinue reading “Sandboxing vs. Elevated Browsing (As Administrator)”
text/plain 