by certifiedbug on October 8, 2008
in Browser
Opera 9.60 fixes two vulnerabilities.
Advisory 901:
Specially crafted addresses can execute arbitrary code
Severity: Extremely Severe
Problem Description
If a malicious page redirects Opera to a specially crafted address (URL), it can cause Opera to crash. Given sufficient address content, the crash could cause execution of code controlled by the attacking page.
Advisory 902:
Java applets can be used to read sensitive information
Severity: Highly Severe
Problem Description
Once a Java applet has been cached, if a page can predict the cache path for that applet, it can load the applet from the cache, causing it to run in the context of the local machine. This allows it to read other cache files on the computer or perform other normally more restrictive actions. These files could contain sensitive information, which could then be sent to the attacker.
Download Opera 9.60 for Windows.
by certifiedbug on October 8, 2008
in Browser
Google aims to save you from sending an email you may regret in the morning.
When you enable Mail Goggles, it will check that you’re really sure you want to send that late night Friday email. And what better way to check than by making you solve a few simple math problems after you click send to verify you’re in the right state of mind?
Mail Goggles is active late night on the weekend by default, but once enabled you can adjust the General settings. Anyone who burns the midnight oil and is feeling testy at the boss might want to set Googles to cover the work week. Just to avoid a feeling of self-loathing and “OMG I can’t believe I sent that” the next day.
http://gmailblog.blogspot.com/2008/10/new-in-labs-stop-sending-mail-you-later.html
June 28, 2007-CIO:
Web Rage: Why It Happens, What It Costs You, How to Stop
by certifiedbug on October 8, 2008
in Browser
by certifiedbug on September 27, 2008
in Browser
Fast on the heels of the 3.0.2 release, Mozilla has updated Firefox to version 3.0.3.
Fixed a problem where users were unable to retrieve saved passwords or save new passwords (bug 454708)
Download
Release notes
by certifiedbug on September 24, 2008
in Browser
by certifiedbug on September 9, 2008
in Browser
CNET, Google fixes Chrome vulnerabilities–but won’t say which
The new version, 0.2.149.29, replaces the 0.2.149.27 that was released when Google launched the Chrome beta version last week. Google started releasing the update Friday, initially to a small number of users, but didn’t make much of an announcement about the change.
Google believes it’s best if Chrome applies security updates not only without a description of what’s changing, but also without an opportunity for users to decide whether to accept the patch.
by certifiedbug on September 3, 2008
in Browser
Shortly after the release of Google’s Chrome, researcher Aviv Raff discovered he could combine two vulnerabilities to trick users into launching executables directly from the new browser.
I really wonder why Google have taken several features from other browsers and mixed them all together. Security wise, it’s very problematic.
They’ll have to track all security vulnerabilities in those features, and fix them in Chrome too. This will probably be only after those vulnerabilities were fixed by the other vendors or were publicly reported. It will put Chrome users at risk for a long time.
Raff’s proof-of-concept shows how a malicious hacker using a social engineering lure can drop malware on Windows desktops.
Aviv Raff On .NET
Contributing to the innovation of browsers through openness
“While we see this as a fundamental shift in the way people think about browsers, we realize that we couldn’t have created Google Chrome on our own,” said Linus Upson, Director of Engineering, Google Inc. “Google Chrome was built upon other open source projects that are making significant contributions to browser technology and have helped to spur competition and innovation.”
Google Press release
Previous Certifiedbug: Safari update fixes “carpet bomb”
by certifiedbug on September 2, 2008
in Browser
A few first impressions, Chrome on a Vista machine.
The Incognito window is interesting, although businesses may not take to employees surfing without leaving a browsing history.
The UI is clean and compact. This beta does not give the option to set a master password to hide passwords from other users.
Opening a tab shows the nine most recently opened tabs and on the right-hand side, “Recent bookmarks” and “Recently closed tabs”.
As this is Google I’d expect contextual sponsored search items may be placed on the page at some point.
Chrome uses a “powerful engine” built for handling Javascript, named ‘V8′, which sandboxes the code running in each tab and prevents one tab from crashing another. Each tab opens a page that is self contained.
Installed on Vista, Chrome is a whopping 46.5 MB.
In contrast, my Firefox is 23.7 MB and Opera-5.61 MB.
Google’s Comic book. Chrome Download
by certifiedbug on August 22, 2008
in Browser
Opera 9.52 is a recommended security and stability upgrade.
The patch closes 7 holes in Opera for Windows, 5 holes in Opera for Mac OS X, and 6 holes in the Linux version.
Extremely Severe Advisory, Opera for Microsoft Windows.
When Opera is registered as a handler for a given protocol, it can be started by external applications. In some cases, being started in this way can cause Opera to crash. To inject code, additional techniques will have to be employed.
This vulnerability is fixed by upgrading to Opera 9.52.
Download
Changelog for Windows
by certifiedbug on July 28, 2008
in Browser
Cuil (pronounced kewl)
Cuil is an old Irish word for knowledge. For knowledge, ask Cuil.
http://www.cuil.com/
http://www.cuil.com/info/
The layout is very different from Google, Live Search and Yahoo’s, it’s a magazine style popular with bloggers, complete with tabs.
Typed spyware into the search box.
We didn’t find any results for “spyware”
Some reasons might be…
* a typo. Please check your spelling.
* your search includes a term that is very rare. Try to find a more common substitute.
* too many search terms. Please try fewer terms.
Finally, try to think of different words to describe your search.
Update
A few hours later Cuil produced 317,325,062 results for spyware.
Google produced results 1 - 10 of about 94,900,000 for spyware. But Cuil was just launched and looks promising, especially with the founders’ credentials.
The super-stealth search project was founded by highly respected search experts. Husband and wife team Tom Costello (CEO) and Anna Patterson (VP Engineering) were joined by Russell Power. Patterson and Power are also ex-Google employees, and the company has been the subject of intense speculation over the last couple of years.
TechCrunch.com: Cuil Exits Stealth Mode With A Massive Search Engine
