Turner's team didn't scrap the toolbar entirely, but based on user feedback, they did make it much less intrusive. Why look at the buttons when users really want the Web, they reasoned. Letting the toolbars dissolve away when they're at rest is one method for making the most of the screen. Tapping a translucent icon (shown solid here) could bring the command buttons back.… Read more
Mozilla has published a new version of Firefox to address lingering security concerns. The most noticeable problem that Version 188.8.131.52 (for Windows and Mac) hopes to fix are program crashes and corruption of stored passwords.
Other remedies include sealing up a variety of security holes, including browser history and navigation stealing, holes related to multiple file inputs, and URL token stealing.
Opera should be bracing for impact.
Like Opera's cell phone browser, Opera Mini (video), both newcomers are free. However, Opera Mobile, which serves Windows Mobile and Symbian S60 phones, is a commercial product that smartphone users may not want to pay for when handed alternatives gratis.
How does Opera plan to keep current customers and attract new ones when consumers face a choice between paying $24 and $0? I asked the Opera folks if they would consider making Opera Mobile free in anticipation of or in response to oncoming competition.
"The mobile Web is blossoming, and we are strongly positioned to take advantage of its growth," Tatsuki Tomita, Opera's senior vice president of consumer products, responded. "While we watch the industry closely, we have not yet determined the end-user model for Opera Mobile."
What a nicely toned, safely vague statement! It's one any company would be expected to make when challenged on two fronts by a competitive freeware surge. Yet with actual working, marketable products for a range of devices and a business plan that reaches into corporate pockets, Opera is well-positioned. For now.… Read more
Ript is a new, free software application in beta development that lets you collect images and text from the Web, then compile and arrange them into pages you can print or share with friends and family. It's a simple freeware idea that makes sense...and it's from Oprah? Well, sort of. The publisher is the Oprah Winfrey-founded Oxygen Media, recently acquired by Universal.
Ript works via an overlay "Pile"--representing by a stack of documents--that sits on a layer on top of all your applications. You can work with your programs as you normally would, and … Read more
On Tuesday, exploits for the Yahoo apps were reported circulating. There is currently no patch from the individual vendors, so the only workaround is to disable the several specific, vulnerable ActiveX controls. (ActiveX controls were developed by Microsoft for use with Internet Explorer and other browsers.)
The SANS … Read more
On the heels of ActiveX vulnerabilities in the image uploading tools for Facebook and MySpace.com, researchers warned Monday that Yahoo Instant Messenger and Yahoo Messenger are vulnerable to ActiveX-based attacks.
Researcher Elazar Broad has disclosed a Boundary Condition vulnerability within mediagrid.dll, version 2.2.2 56. Researchers Krystian Kloskowski and Broad have disclosed a second Boundary Condition vulnerability within datagrid.dll, version 2.2.2 56c. And Kloskowski alone has disclosed a buffer overflow within datagrid.dll 2.2.2 56, which affects the AddImage function.
The three vulnerabilities are present within Yahoo Instant Messenger version 3.5 … Read more
Secunia says, "The security issue is caused due to the JRE processing external XML entity references even though the 'external general entities' property is set to FALSE. This can be exploited to e.g. access certain URLs or cause a DoS (denial of service) via malicious XML documents."
Sun says that the JDK and JRE 6 Update 4 for multiple platforms is available for download.
Updated at 3:37 p.m. PST with statement from MySpace and Facebook.
Within the last week, researcher Elazar Broad has disclosed two ActiveX vulnerabilities in the tools that MySpace.com and Facebook users use to upload images to their sites. On Sunday, Broad disclosed a buffer overflow vulnerability within the Facebook image upload control. Last week, Broad disclosed a similar buffer overflow flaw within MySpaceAurigma's ImageUploader ActiveX; the MySpace vulnerability also affects Facebook users.
Robert Graham, CEO of Errata Security, who last year found that it's possible to capture someone's session cookie via wireless eavesdropping, now says that even encrypted services such as Google's Gmail can sometimes provide him with a session cookie. This is a departure from his advice last August when he said SSL HTTPS sessions of Gmail should be immune.
Graham, working with David Maynor, created two tools (Ferret and Hamster), which together help him grab session cookies out of thin air, say, at a local hot spot, like an Internet cafe. Session cookies allow you to shop … Read more
After making noise with the reintroduction of its Firefox add-ons directory last year, Mozilla is taking a step closer to integrating it with the upcoming beta of Firefox 3, which is set to go out to beta testers next week. Ryan Wagner over at Cybernet News writes that one of the biggest additions to the public betas of Firefox 3 has been the newly integrated add-on directory, which made its way into the prebeta nightly builds earlier this week. Users can search through add-ons within the settings dialog without visiting Mozilla's site. The feeds are still linked up to … Read more