Posted by The Blogging Desk on Mon, May 16, 2011
ComputerWorld:
Mozilla plans to push 12 million users of the aged Firefox 3.5 to a newer version next month by taking the unprecedented step of automatically upgrading their browser.
Firefox 3.5, which debuted in mid-2009, is already on life-support: Mozilla gave users their last version 3.5 security patches three weeks ago. But in June, Mozilla will use another strategy to make Firefox 3.5 "being dead," as one page on the company's site said.
While it will continue to "dangle the carrot" of Firefox 4 to those users -- Mozilla started offering an upgrade to Firefox 4 to people running Firefox 3.5 and Firefox 3.6 last week -- it will "force 3.6 on 3.5 stragglers not choosing to update to Firefox 4 or 3.6 (give them the stick)," wrote Christian Legnitto, the Firefox release manager, in a message posted to a developer mailing list.
Later, Legnitto said his choice of the word "force" was ill-advised, and noted that only Firefox 3.5 users who had left the default automatic updates setting enabled would be moved to Firefox 3.6 automatically.
That's one way of getting rid of those browser lolly-gaggers. But seriously folks, this is a great step in the interest of modern standards across the web. So many websites still look poor mainly because of the number of people that still use IE 6.
Many large sites withhold advancing their platform because they realize that many of the newer, fancy tools just won't work in IE 6.
I wonder what would happen in Microsoft "forced" IE 6 users to upgrade along the same lines? I'd expect mass chaos and paranoia. Many client side web apps only work on older browsers. Lazy engineers? Perhaps. I fell asleep writing this blog 4 times, so I'm just as guilty.
I use Chrome as my main browser of choice and it seems like that application has a new update every 5 minutes. Have you seen their new Chromebooks? That's a laptop with just a browser and nothing else. Imagine using a laptop with an outdated browsers such as Netscape and you'll soon understand why it's important to upgrade your applications at SOME point. The enterprise would be the main reason MS wouldn't do something like this. Well, unless Microsoft wants to make our jobs harder. Hip hip, hooray for web standards!
Posted by The Blogging Desk on Tue, Mar 22, 2011
- by Chad, "Dream", Weaver
This month was one of my favorite events in the internet security field, the annual Pwn2own contest. This is where the companies that produce all the different operating systems and web browsers from old standards like Apple and Microsoft, to the phone OS makers including RIM and Google, put up money to see if their respective systems get compromised. This organized event also gives the complete details of the exploits to the vendor providing them information on how it was completed and time to patch the holes before the details of the exploit are released to the general public. This like always was filled with successful attacks and some interesting ones too. I just want to recap the results now that the event is over and some of the implications and general thoughts that come out of an event like this.
This is the 5th year for this contest all the big players had different systems lined up to see if anyone could compromise them, prize money is awarded to the person or team that can complete a successful exploit and they get to keep the device, hence the name of the contest. The very first one to fall was Apple’s Safari, running on a fully patched MacBook Pro, it was 5 seconds after having a user directed to a specially crafted link that the exploit was able to escape the sandbox mode. This has some important implications and should stand as a reminder that because you own a Mac you are no safer than a Windows user, just because there are few viruses and bad programs now does not mean that they can’t be created. The false sense of security that owning a Mac provides a user needs to be addressed in the near future, as they grow in popularity so too will exploits such as this, and unlike MS which has been under fire for years forcing them to create and maintain a patch schedule to address these exploits, Apple does not have the same system.
Don’t think that MS made it out unscathed either, though. IE 8 also fell after the winner used 3 separate exploits. Two to execute code with in the browser, but the most interesting part was the third helped escape Internet Explorers protected sandbox mode. This was unexpected as there is only one publicly known way to do this, and Microsoft is very interested in the details. This was running on Windows 7 64 bit which also increased the difficulty.
The other two big browsers escaped unscathed, Chrome and Firefox with Google offering even more money to anyone that could compromise its browser. This doesn’t mean that they are any safer just that no one attempted to attack these browsers; some contestants opted to try other systems or pulling out before the contest for various reasons. This is the 3rd year that Chrome has left the contest without anyone successfully compromising it.
Lastly was the mobile OS part of the contest. The iPhone and RIM’s blackberry both fell in the contest, surprisingly Android was not compromised in the contest. It would have fallen, as a successful exploit was pulled just before the contest because the creator thought that it would violate the rules of the contest and reported it to Google instead. Google did rule that it would not have violated the rules and would have won but patched it before the contest, he did win the “1337” that Google awards the community for alerting them to security holes, although not as good as the 15k he would have won if he had entered the contest with the exploit. Important other items to note, that the iPhone that was hacked was not running IOS 4.3. Also as a result of the exploit found on the Blackberry Torch, RIM is recommending that users disable JavaScript for the near future until a patch can be crafted to address the security hole. If you have questions about your the security for your own business, don't hesitate to contact Trigon!
