"I just read your piece on IE 7 security. One statement that I found interesting was:
'the filter will also look for sites incorporating content or scripts from another domain'
Since most ad placement systems use scripts that point to another site, like Googles AdSense does this mean Microsoft will effectively be able to block ads from all their competitors... "
Short answer: no. But they might be able to spot redirect ad fraud scripts…
For one thing they're not actually that stupid ;-) At MIX 06, I think the two things I heard most from the IE team were 'sorry' and 'balance'. Sorry we didn't work on the browser as a new release for five years and we want to get the balance between features and security, between ease of development and security - or between just about anything and security - right. And while some search providers don't think supporting OpenSearch and highlighting every OpenSearch compatible site you visit to add as a search provider is enough (question: should the Google toolbar let me add other search sites to the drop-down so I could repeat the image search on Flickr?), the browser team are talking to too many of the ecosystem of Web sites and services to do something so obviously, cluelessly stupid.
Cue the usual distinctions between restricting the dangerous use of a legitimate thing without stopping the everyday use. What you're looking for here is scripts, content and links that divert you from what looks like a real site to the fake one – cross-site scripting attacks, scraping real images from paypal to make your phishing site look legitimate, replacing legitimate HTTP content on a mixed HTTP/HTTPS site (why that's so deprecated) so the instructions tell you to type into the insecure box rather than click the secure button.