Browser Security News

Gmail to drop IE6 support this year

thebrowser — Fri, 05 Feb 2010 13:38:40 +0000

Google will suspend Internet Explorer 6 (IE6) support for its Gmail and Calendar services later this year, the company said today. The move will come at some point after March 1, when Google will start scaling back IE6 support for Google Docs and Google Sites.

Google announced that decision on Friday, two weeks after the company admitted that hackers had breached its network and stolen information. "We plan to stop supporting older browsers for the rest of the Google Apps suite, including Gmail, later in 2010," a Google spokesman confirmed today. Gmail to drop IE6 support this year

Older IE Versions Maintain Sizable Market Share Despite Security Concerns

thebrowser — Fri, 05 Feb 2010 13:36:30 +0000

While Microsoft is touting the fact Internet Explorer 8 is the single most widely used Web browser, the combined percentages of IE 6 and 7 users surpass it. The use of the older browsers means many users aren’t taking advantage of the latest browser security protections.

Arguably one of the most interesting elements of the cyber-attack that affected Google and more than 30 other companies was the primary attack vector—Internet Explorer 6. Older IE Versions Maintain Sizable Market Share Despite Security Concerns – Security from eWeek

Facebook CEO: Privacy Not the Social Norm

thebrowser — Fri, 15 Jan 2010 11:51:52 +0000

Facebook CEO Mark Zuckerberg told the audience at the 2009 Crunchies Awards in San Francisco that Web users have become more accepting of information sharing in the past several years – a change he said has guided Facebook’s privacy strategy.

Facebook CEO Mark Zuckerberg recently declared that privacy has become less of a "social norm" on the Internet as users have become more comfortable sharing information. Facebook CEO: Privacy Not the ‘Social Norm’ – Security from eWeek

Mozilla fixes upgrade flaw in Firefox

thebrowser — Fri, 08 Jan 2010 12:35:09 +0000

Mozilla has fixed a flaw in Firefox’s upgrade mechanism that had prevented many users from migrating to the newer version 3.5.

The new Firefox 3.5.7 and Firefox 3.0.17 also included a patch for a bug that Mozilla’s programmers introduced in mid-December, when they last issued a security update. Mozilla regularly offers the newer Firefox 3.5 to users running the older Firefox 3.0 with prominent billboard-like dialog boxes as part of a process the company calls "major update." The uptake on the several major updates offered since last summer, however, has been well under Mozilla’s estimates. Mozilla fixes upgrade flaw in Firefox – Techworld.com

Chrome grabs market share from IE and Firefox, passes Safari

thebrowser — Wed, 06 Jan 2010 04:58:48 +0000

We predicted it would happen, and it finally has: Internet Explorer 8 has surpassed IE6, easily the most hated version of Microsoft’s browser among the tech-savvy, after passing IE7 the month before that.

At the time, we also predicted that Firefox’s steady gain would result in the browser passing the 25 percent mark in 2009, but alas, that will have to wait until sometime in 2010. Chrome grabs market share from IE and Firefox, passes Safari

Adobe To Surpass Microsoft As Hacker Target

thebrowser — Wed, 06 Jan 2010 04:55:37 +0000

Adobe Reader and Flash will surpass Microsoft Office applications as favorite targets of cybercriminals, a security vendor predicted Tuesday.

In unveiling its 2010 Threat Predictions report, McAfee said the growing popularity of the Adobe products has attracted the attention of cybercriminals, who have been increasingly targeting the applications. Adobe Reader and Flash are two of the most widely deployed applications in the world. Adobe To Surpass Microsoft As Hacker Target — Security — InformationWeek

Microsoft plugs zeroday IE hole

thebrowser — Fri, 18 Dec 2009 05:22:57 +0000

Microsoft released fixes on Tuesday for critical vulnerabilities in Internet Explorer, including one for which exploit code has been released.

Adobe, meanwhile, was scheduled to release a critical update affecting Flash Player and Adobe AIR, following news of exploit code being released for a vulnerability in Illustrator CS3 and CS4 on Windows and Mac last week. Microsoft’s regular Patch Tuesday release includes six security bulletins addressing 12 vulnerabilities in IE, Windows, Windows Server, and Office. Microsoft plugs zero-day IE hole | InSecurity Complex – CNET News

Google Chrome could reshape PC experience

thebrowser — Fri, 18 Dec 2009 05:18:51 +0000

Google’s closely watched foray into computer operating systems could speed the development of a new class of cheaper laptops and dramatically advance the netbook paradigm of Web-based computing.

Computers running Google’s less-demanding Chrome OS should be even leaner, simpler and more inexpensive than the already no-frills netbooks that have flooded the market in past years. In a sign of things to come, some analysts have begun using terms such as "thin client" and "Web appliance" to describe Chrome PCs, likely a year away from store shelves. Google’s Chrome could reshape PC experience – Software – Technology – News – iTnews.com.au

Microsoft introduces browser shuffle ballot in Windows 7

thebrowser — Fri, 18 Dec 2009 05:15:19 +0000

The beleaguered EU edition of Windows 7 has taken another twist, with Microsoft agreeing to randomise the list of the most popular browsers during the operating system’s setup.

The previous plan, hatched earlier this year, arrayed the five leading browsers according to alphabetic order of the vendor or parent company. This saw Apple’s Safari in pole position followed by Google’s Chrome, Microsoft’s Internet Explorer, Mozilla’s Firefox and Opera’s Firefox Opera. Microsoft introduces ‘browser shuffle’ ballot in Windows 7

Microsoft aims at IE6 holdouts, highlights security

thebrowser — Mon, 07 Dec 2009 04:59:55 +0000

One of the ways Microsoft plans to push Internet Explorer 6 and Internet Explorer 7 users to upgrade to Internet Explorer 8 is convincing them the latest version is much more secure, which it is. Dean Hachamovitch, general manager of Internet Explorer, last week posted a story on the IEBlog about how IE8 managed to block a malicious webpage he was linked to by one of his close friends on Facebook.

What we found more interesting though, was when Hachamovitch put this feature a bit more into perspective: "IE8’s SmartScreen now blocks malware sites over two million times a day." So far, the browser has blocked 275 million pieces of malware since it launched. Microsoft aims at IE6 holdouts, highlights security

Security Hardware & IT Security Software

thebrowser — Mon, 07 Dec 2009 04:57:05 +0000

In its third annual report on the riskiest Web domains, McAfee says attackers are using Cameroon’s domain name as part of typo-squatting schemes to infect users with malware. McAfee’s list of the most dangerous Web domains has a new leader.

Africa’s Cameroon(.cm) domain has taken the top spot from Hong Kong(.hk) as the riskiest domain on the Web, according to McAfee’s third annual Mapping the Mal Web report (PDF). Japan(.jp) was found to be the safest country domain, and ranked among the top five safest domains for the second year in a row. The .com domain, which is the most heavily trafficked Web domain in the world, jumped from ninth place to second on the most dangerous list while .gov was found to be the safest non-country domain on the Web. McAfee Most Dangerous Web Domain List Topped by Cameroon – Security from eWeek

Opera patches extremely severe security hole

thebrowser — Fri, 27 Nov 2009 11:31:00 +0000

Opera has shipped a new version of its browser to fix three security vulnerabilities, one rated “extremely severe.” The most serious flaw could allow a malicious attacker to take complete control of a system, Opera said in an advisory.

Passing very long strings through the string to number conversion using JavaScript in Opera may result in heap buffer overflows. This also affects the dtoa routine, and was reported in CVE-2009-0689. In most cases Opera will just freeze or terminate, but in some cases this could lead to a crash which could be used to execute code. To inject code, additional techniques will have to be employed. Opera patches ‘extremely severe’ security hole | Zero Day | ZDNet.com

Firefox web browser locks down rogue addons

thebrowser — Fri, 27 Nov 2009 11:25:07 +0000

Mozilla will add a new lockdown feature to Firefox 3.6 that will prevent developers from sneaking addons into the program, the company said.

The new feature, which Mozilla dubbed "component directory lockdown," will bar access to Firefox’s "components" directory, where most of the browser’s own code is stored. The company has billed the move as a way to boost the stability of its browser. Firefox web browser locks down rogue addons – Techworld.com

Mozilla to protect Adobe Flash users – Update 2

thebrowser — Mon, 14 Sep 2009 13:15:54 +0000

The upcoming Firefox 3.5.3 and Firefox 3.0.14 releases, currently in beta, will check the version of Adobe Flash plug-in installed in the browser and warn the user if that plug-in is out of date.

Johnathan Nightingale, "Human Shield" (Security Lead) at Mozilla confirmed the new security feature to The H and said that the Flash version check was part of a wider commitment to "protect users from emerging threats online". Mozilla to protect Adobe Flash users – Update 2 – News – The H Security: News and features

Opera 10 faster with new features

thebrowser — Fri, 04 Sep 2009 12:36:56 +0000

Today, Opera has announced the release of the Opera 10 Web browser for Windows, Mac OS X, and Linux platforms.

Are the new features and performance increases enough to beat out other popular browsers? The answer: it depends mostly on your choice of platform. Opera has a history of introducing new features long before they become mainstream, and often failing to receive credit for doing so. First look: Opera 10 faster with new features – Ars Technica

Beware fake Snow Leopard sites

thebrowser — Tue, 01 Sep 2009 13:00:49 +0000

People eager to get a copy of the latest version of the Mac operating system, Snow Leopard, should be wary of sites offering free copies because they are likely to get some nasty malware instead, according to antivirus company Trend Micro.

Trend Micro said in a blog posting on Wednesday that it had discovered several fake Snow Leopard download sites that serve up a DNS (domain name system) changer Trojan dubbed OSX_JAHLAV.K instead. Beware fake Snow Leopard sites | InSecurity Complex – CNET News

Google fixes severe Chrome flaws

thebrowser — Tue, 01 Sep 2009 12:58:07 +0000

Google has been forced to release new security fixes for multiple high severity vulnerabilities in its Chrome browser which could lead to an attacker taking over a victim’s PC remotely.

The flaws, which were issued as part of the Chrome 2.0.172.43 update sent automatically to users, include two rated ‘high severity’ and one ‘medium risk’, according to a security advisory posted by Google engineering programme manager Jonathan Conradt. Google fixes severe Chrome flaws – Security – Technology – News – iTnews.com.au

One in four hackers runs Opera to ward off other criminals

thebrowser — Tue, 01 Sep 2009 12:55:52 +0000

Hackers using multi-exploit attack "toolkits" take defensive measures of their own against other criminals, a security researcher said today.

"Exploit kit operators do use mainstream browsers, but they’re much more likely to use Opera than the average user, because they know that the browser isn’t targeted by other hackers," said Paul Royal, a principal security researcher with Atlanta-based Purewire. One-in-four hackers runs Opera to ward off other criminals

Users not patching third party apps

thebrowser — Wed, 22 Apr 2009 13:32:44 +0000

Research by vulnerability specialists Secunia suggests that third party applications are increasingly being used by malware writers in preference to using operating system attacks.

The Danish company said that data from its free Personal Software Inspector (PSI) tool showed that there were far more unpatched applications than operating systems among users. Furthermore application patches were left open to abuse for far longer than operating system patches. Users not patching third party apps – Security – iTnews Australia

Mozilla patches 12 Firefox bugs, a third of them critical

thebrowser — Wed, 22 Apr 2009 13:30:41 +0000

Mozilla Corp. on Tuesday patched 12 security vulnerabilities in Firefox 3, just days before it hopes to roll out the newest beta of its next open-source browser, Firefox 3.5.

Of the dozen flaws fixed in Firefox 3.0.9, four were rated "critical," two "high," two "moderate" and four "low" in Mozilla’s four-step ranking system. It was the most vulnerabilities Mozilla has patched since December 2008, when it quashed 13 bugs. Mozilla patches 12 Firefox bugs, a third of them critical