Microsoft Defender SmartScreen provides protection against the most common forms of attack: phishing and malware. SmartScreen support is built-in to Microsoft Edge and the Windows 8+ shell. The SmartScreen web service also powers the Microsoft Defender Browser Protection extension for Chromium-derived browsers. While SmartScreen provides powerful controls to block attacks, the user remains in fullContinue reading “Enforcing SmartScreen with Policy”
Category Archives: tech
Attack Techniques: SMS Gift Card Scams
Last week, I had the chance to fly to Redmond to meet my new teammates on the Protection team in Microsoft Defender. I also had the chance to catch up with a few old friends from the Edge team, one of whom I met for coffee on Friday morning. As we sat down with ourContinue reading “Attack Techniques: SMS Gift Card Scams”
Browser SSO / Automatic Signin
Last Update: 8 March 2024 Over the years, I’ve written a bunch about authentication in browsers, and today I aim to shed some light on another authentication feature that is not super-well understood: Browser SSO. Recently, a user expressed surprise that after using the browser’s “Clear browsing data” option to delete everything, when they revisitedContinue reading “Browser SSO / Automatic Signin”
Improving the Microsoft Defender Browser Protection Extension
Earlier this year, I wrote about various extensions available to bolster your browser’s defenses against malicious sites. Today, let’s look at another such extension: the Microsoft Defender Browser Protection extension. I first helped out with extension back in 2018 when I was an engineer on the Chrome Security team, and this spring, I was taskedContinue reading “Improving the Microsoft Defender Browser Protection Extension”
Detecting When the User is Offline
Can you hear me now? In the web platform, simple tasks are often anything but. Properly detecting whether the user is online/offline has been one of the “Surprisingly hard problems in computing” since, well, forever. Web developers often ask one question (“Is this browser online?”) but when you dig into it, they’re really trying toContinue reading “Detecting When the User is Offline”
text/plain 