Archive for the ‘browser’ Category

IE8 just launched and immediately hacked

Friday, April 10th, 2009

The final code for the Internet Explorer 8 by Microsoft was introduced recently. This was hacked by a researcher from Germany in the PWN2OWN contest eventually winning $5000 and a Sony VIAO laptop. Nils is a student of computer science from Germany. He ruined into Sony in just a few minutes by taking benefit of an undisclosed weakness in the new Internet Explorer 8. Tipping point was the sponsor of this hacking contest. The laptop used by the researcher was running on the Microsoft internal build for the Windows 7. IE8 is the final version of Microsoft which can be used for Windows Vista, XP, as well as Server 2003 and 2008. It has been tagged as the final edition to their Windows 7. The version has not yet been unconfined to the public.
Microsoft conducted the hacking contest to find out the bug and deal with it. This has helped them to build a more secure and safe Internet Explorer which is hacker free. There are situations when some vulnerability arises during the product development which will obstruct the release of the product. Microsoft wanted to evaluate any vulnerability which existed in the new Internet Explorer 8. Tipping point has bought these vulnerabilities and its rights and has awarded a cash prize to the hacker who cracked IE8. This helps in knowing about the low points of the browser and makes the necessary changes. Microsoft was brought down to ground zero by the hacker who hacked through the product even before its release. Microsoft just watched how a researcher from Germany hacked through their system and went away winning a cash prize and a laptop. Nils only took five minutes to hack through the all new IE8. Tipping Point has handed over all the codes and details to the operation manager Mike Reavey of Microsoft Security Research Center. Reavey was at CanSecWest where the security conference of PWN2OWN was being held.
The code was taken back to the company and it has been filed as a bug. It is said to be a real winner story for Tipping Point as well as Microsoft who had the chance to interact with Nils and know more about the problem. The bug has been reproduced in the labs of Microsoft and they are working to make IE8 more foolproof. The vulnerability has not yet been confirmed by Microsoft. After the vulnerability will be confirmed, Microsoft has claimed to take necessary action to protect all its customers. It is said that the build which was used in the contest is not original RTW build that was released. Nils after successfully hacking the IE8 has moved to the Safari browser by Apple Inc and the Mozilla Firefox. He has successfully attacked both these codes which he created earlier. Nils gathered total prize money of $15,000 by hacking some of the popular internet browsers. The contest opened up new avenues for Microsoft, Mozilla and Apple to make their internet browsers foolproof.

Apple post new round of updates

Friday, February 27th, 2009

Although maintaining Java and its updates is the work of the professionals at Sun Microsystems, Apple has decided to release their own sun for their Apple product’s platform. You might be well aware about the numerous vulnerabilities that are recently found in the Java Plug-in and Java Web Start application and so Apple has rolled our their two first and separate updates for all their Mac Leopard and OS X Tiger users. These two updates as recommended by the US Computer Emergency Response Team are free to be downloaded which can be installed right away.

The support team of Apple has revealed that the Update 3 for Java Mac OS X 10.5 would update Java Web Start and also all the Java Applet components in order to address compatibility and security issues. Additionally Apple has also added that these update releases would support all the PowerPC and Intel based Mac systems but it requires that the Java for Mac OS X 10.5 update 2 has already been installed. However Apple says that as for java Updates for Mac OS X 10.4 release 8 that this new software would offer several improvements to the compatibility and security of all the Java on Mac OS X 10.4 and the later ones.

Therefore as it does for all the security updates, the company has also linked them to a knowledge base document that reveals what exactly was going wrong or what might go wrong while also explaining why these updates are necessary. This means that the release 8, Java for Mac OS X 10.4 would be available for Release 7, Mac OS X Server v.10.4.11 system with Java for Mac OS X 10.4 and Release 7, Mac OS X system v10.4.11 with Java for Mac OS X 10.4. These updates would address all the numerous vulnerabilities in Java Plug-in and Java Web Start application.

According to Apple, these numerous vulnerabilities already exist in most Java Plug-ins and Java Web Start applications which is found to be the most serious issue which might allow untrusted java Applets and untrusted Java Web Start applications to obtain prominent privileges. The company also said that visiting web pages that contain a spitefully crafted Java applet might lead to uninformed code execution with all the privileges of the present user. Therefore this update would provide patches or solutions for all the Java Bud IDs 6767668, 6727081, 6707535 and 6694892 from Sun Microsystems.

The same thing also applies to Java for Mac OS X 10.4 update 3. The Mac Leopard and Mac Tiger system users can both download the new releases software which can be found on their official website. At the same time the Mac system users and also download and install the software update mechanism which is also offered at Apple’s official website. The users don’t have to do much as the updates would be automatically installed as you download them thereby not just keeping your Mac system away from all the vulnerabilities in the Java application but also improving your compatibility and security issues.

Apple issued massive security update for Max OS X

Monday, February 23rd, 2009

Apple Inc have recently issued several updates for Java and Mac OS X which patches nearly 55 bugs and also an update for their Safari web browser which prompted a security researcher to harm the company for a feeble approach to the security issues. They are the most updates to be released by Apple in almost a year.

The first update from Apple for the year patches around 48 security vulnerabilities in the operating system of the company and its components, while 4 in the implementation of Sun Microsystems’s Java in Apple, including 2 updates for non-security flaws they admitted which they had introduced with faulty codes in Mac OS X 10.5.6 and also one patch it said for the protective security measures. Being 32 altogether, the majority of bugs were found in software adopting open source components and not originally designed by Apple like in the case of foursome of Java flaws.

However Brian Mastenbrook, who is one of the 3 researchers Apple had qualified with the reporting of Safari bug, said that Apple Inc. actually had information about these flaws several months ago and as months passed away without a fix he decided to post a warning according to his judgment that this problem could be oppressed at any time until it is kept unfixed. He had said this in his blog entry that after Apple had delivered their updates. He had posted some information regarding this bug and also a workaround to provisionally disable the RSS feed service in the browser.

This RSS vulnerability feature that is present in both the browsers of Windows and Mac versions, they could be used to attach code from a malicious website. Mastenbrook said that the criminals just have to trick users to visit these sites. Attacks based on alluring users to unfavorable websites are commonplace on the net, although a huge majority of them are aimed to Windows uses. According to him these factors should have specified to Apple that these vulnerabilities carried high risk. It had taken several months for Apple to patch a latest vulnerability in Safari, although several opportunities for them to be addressed in updates which are already scheduled.

Therefore, Apple has addressed the Safari issue in both the security update for windows uses and security update 2009-001 for Mac OS X which knocks up the browser to 3.2.2 version. As the recent data places overall browser use share of Safari at 8.3 percent, the Windows addition accounted for around 0.3 percent with about a quarter of the share of Chrome of Google Inc. the company had last patched Safari in November 2008 by twice updating the browser in less than a week. Additionally some other parts which Apple patched of Mac OS X ranged from the Pixlet codec that includes a bug which would be activated by the malformed movie file and also the folder manager to the printing module with several updates for the Remote Apple Events application that could be subjugated to seal important information.

Surf the net in your hands

Tuesday, December 23rd, 2008

By the year 2020, cell phones would be amongst the primary net-surfing devices for majority of people across the globe, as per a board of experts. They have also moved a step ahead by predicting that internet technologies would possibly not cause ‘increased social tolerance’.

“The cell phone, now with noteworthy computing power- would be the main internet connection and sole one for around 90% of the individuals all over the world”, as mentioned by Pew Internet and American Life project in the report headed ‘Future of the Internet”. It has been said that telephony would be presented under a group of universal protocols and standards accepted by almost every operator internationally, thereby making up for considerably effortless movement, that too, from one portion of world to the other.

Around 4 out of 5 experts have agreed with the above-mentioned scenario, as per Pew survey conducted online. Pew went on to survey around 578 people in all, related to internet. They included builders, activists, commentators, and builders, identified via numerous technology associations, along with a widespread canvassing of government, business, and scholarly documents between the period 1990 and 1995 for seeing who had proper predictions regarding internet’s future impact. Some of the experts that were polled included Nicholas Carr, i.e. author of ‘The Big Switch’ and Rough Type blog, havi Hoffman from the network of ‘yahoo Developer’, Michael Botein, i.e. New York University Law School’s Media Law Center’s founding director, and various members of ICANN board.

Experts had been asked if broader exposure to diverse groups via web would significantly go on to advance a thing called ‘social tolerance’ by the year 2020, causing declination in terms of violence, overt acts such as bigotry, sectarian strife, and ‘hate crimes’.

Merely 32%, i.e. 1/3rd of experts agreed that web would bring about social tolerance to a greater extent, whereas 56% of them disagreed. The number of survey participants depicted that divide between intolerant and tolerant could probably be deepened owing to information-sharing tactics used by people on internet.

The respondent of survey, i.e. Adam Peake stressed on the fact that social tolerance isn’t in the nature of mankind. Adam Peake is also one of the policy analysts for ‘Center for Global Communications’. The 1st link-up with regards to global satellite was in the year 1967. Apart from 578 experts, the other 618 respondents who are not regarded as opinion leaders or experts aiding in the construction of web were surveyed by Pew. Results of poll were quite similar within the non-expert as well as expert groups. Let some light be thrown on certain other results of pew report.

Around 55% of the experts are of the opinion that people would interact in superficial faces on the daily basis via virtual worlds as well as the other kinds of ‘augmented reality’. Majority of well-equipped users of internet would be spending certain portion of their hours- at play and at work- at least to augmentations of alternate worlds or the real world…as stated by Pew.

Google launches Chrome to Combat Firefox

Wednesday, October 15th, 2008

Google Chrome is a web browser that has been built with an open source code and it has been developed by techno giants Google. The name of the web browser has been developed from graphical user interface frame of the browser. Chromium is the name given for the source project and it has been released by BSD license. User interface of chrome is not very polished and looks a little distracting. The beta version of Microsoft windows was released in more than 43 languages. It has been released in order to compete with Mozilla firefox. The releasing announcement was made on 3rd September and a comic released by Scott McCloud was sent to the journalists and the bloggers explaining all the features and motivations of the new browser. The main goals behind the design were to improve the security, stability and also speed compared to other existing browsers.

Chrome has a lot of extensive changes in its interface and it was assembled into 26 code libraries of Google even for third parties like Netscape. Chrome will download updates of the blacklists and it will warn the users if they are attempting to browse any harmful sites. The security is good and offers great service to the users. Google offers a service called as safe browsing API that will maintain the blacklists and it will notify the uses to be aware of any harmful softwares. Chrome will have a specific tab that will fit into a process and it will prevent malware of installing itself. The allocation process of the tabs is a little complex. Chrome has a protected mode which is also used by Windows Vista and also Internet explorer 7. Plugins like Adobe flash player is not standardized and it is not sandboxed as a tab. Chrome supports Netscape plug-in application programming interface. Chrome does not have any extension systems like XP install architecture. Incognito is an option where the browser cannot store any history or cookies from the site that has been visited.    

Chrome offers great promise and is considered as the new face of internet browsing. Chrome uses DNS prefetching that will speed up the website lookups. The user interface is very extensive which includes back, forward, bookmark, cancel options, refresh, go and many more. It is a lot similar like Safari and the location settings are like the ones of internet explorer. The design is characterized by minimize, maximize, and also closing window are based on the Windows Vista version. The tab will start appearing in the title bar when the window is not maximized. When it is maximized, the title bar will disappear. The bar will be displayed at the topmost portion of the window. Chrome can be maximized in a standard windows application. Omni box is the URL that will appear at the top of every tab. It will be a combination of all the functionalities of search box and the URL box. The overall rating of Chrome is pretty good and it has succeeded to be a little more innovative and also updated.