If you write browser extensions, such as ActiveX controls or BHOs, FUNL03 is a must-see. 11:45-12:30 tomorrow in Halls C&D. Rob Franco and Walter VonKoch will be talking about the security enhancements to IE7 on Vista. If you always thought it was a truism that “the web browser runs in user space, so if you exploit a bug in the browser or an extension, you can run your code as user”, you’ll need to update your worldview for IE7 on Windows Vista. User Account Protection (UAP) on Windows Vista is a huge change in the default security paradigm for the world’s most widely used client OS, and IE7 on Vista goes even further, fundamentally changing the rules of the game for malware authors.