IE8 RTW Blocked Ports Set Expanded
With the advent of Internet Explorer 8 Microsoft has expanded the list of ports blocked by the browser, in comparison to previous versions of IE, namely IE6 and IE7. While past releases of Internet Explorer blocked eight ports, with IE8 Microsoft has extended the list to no less than 10. This behavior is by default and is designed as an extra mitigation set up to protect end users. With its 10 blocked ports, Internet Explorer 8 trails behind rival browsers, which are blocking a more extensive list of ports.
“Internet Explorer (actually, WinINET, the network stack beneath IE) prohibits use of certain ports for HTTP(S) connections. The intent of this blocking is to prevent Cross Service/Protocol Request Forgery attacks. For instance, an attacker could use HTML Forms to send a request to an unprotected mail server such that the mail server interprets the request as a poorly-formatted, but valid request, to send an email message. Such attacks are obviously interesting to spammers and other bad guys,†revealed Eric Lawrence, a program manager on the Internet Explorer team. Read More»
Loading ...
