Forgot your password?
typodupeerror
Communications

New Trial Brings Skype to (Some) Browsers 55

Posted by timothy
from the video-chat-not-yet-standard-browser-feature dept.
Ars Technica reports that Microsoft has begun giving some users a taste of a new version of Skype, with a big difference compared to previous ones: the new one (tested by users on an invitation basis) is browser based. Rather than using the existing WebRTC standard, though (eschewed as too complex), Microsoft has developed a separate spec called ORTC (Object RTC), which is designed to offer similar capabilities but without mandating this same call setup system. Both Microsoft and Google are contributing to this spec, as are representatives from companies with video conferencing, telephony, and related products. ORTC isn't currently blessed as a W3C project, though the ORTC group has proposed integrating ORTC into WebRTC to create WebRTC 1.1 and including parts of ORTC into WebRTC 1.0. For now at least, video or audio chat therefore requires a plug-in, and requires Internet Explorer 10, or recent Firefox or Chrome browsers, and a current Safari on Mac OS X. Also at TechCrunch, among others, which notes that text chat (though as mentioned, not video or audio) will work with the new Skype under ChromeOS, too.
Android

Popular Smartphones Hacked At Mobile Pwn2Own 2014 52

Posted by timothy
from the keep-it-in-a-faraday-cage dept.
wiredmikey writes Researchers have hacked several popular smartphones during the Mobile Pwn2Own 2014 competition that took place alongside the PacSec Applied Security Conference in Tokyo this week. The competition, organized by HP's Zero Day Initiative (ZDI) targeted the Amazon Fire Phone, iPhone 5s, iPad Mini, BlackBerry Z30, Google Nexus 5 and Nexus 7, Nokia Lumia 1520, and Samsung Galaxy S5. Using various attacks, some Mobile Pwn2Own 2014 Pwnage included: Apple's iPhone 5s (hacked via the Safari Web browser, achieving a full sandbox escape); Samsung's Galaxy S5 (hacked multiple times using near-field communications attacks); Amazon's Fire Phone (Web browser exploited); Windows Phone (partial hacks using a browser attack), andthe Nexus 5 (a Wi-Fi attack, which failed to elevate privileges). All the exploits were disclosed privately to the affected companies. HP promised to reveal details in the upcoming weeks.
Mozilla

Mozilla Launches Browser Built For Developers 74

Posted by samzenpus
from the made-just-for-you dept.
HughPickens.com writes "Mozilla announced that they are excited to unveil Firefox Developer Edition, the first browser created specifically for developers that integrates two powerful new features, Valence and WebIDE that improve workflow and help you debug other browsers and apps directly from within Firefox Developer Edition. Valence (previously called Firefox Tools Adapter) lets you develop and debug your app across multiple browsers and devices by connecting the Firefox dev tools to other major browser engines. WebIDE allows you to develop, deploy and debug Web apps directly in your browser, or on a Firefox OS device. "It lets you create a new Firefox OS app (which is just a web app) from a template, or open up the code of an existing app. From there you can edit the app's files. It's one click to run the app in a simulator and one more to debug it with the developer tools."

Firefox Developer Edition also includes all the tools experienced Web developers are familiar with including: Responsive Design Mod, Page Inspector, Web Console, JavaScript Debugger, Network Monitor, Style Editor, and Web Audio Editor. At launch, Mozilla is starting off with Chrome for Android and Safari for iOS. and the eventual goal is to support more browsers, depending on what developers tell Mozilla they want, but the primary focus is on the mobile Web. "One of the biggest pain points for developers is having to use numerous siloed development environments in order to create engaging content or for targeting different app stores. For these reasons, developers often end up having to bounce between different platforms and browsers, which decreases productivity and causes frustration," says the press release. "If you're a new Web developer, the streamlined workflow and the fact that everything is already set up and ready to go makes it easier to get started building sophisticated applications."
Mozilla released a teaser trailer for the browser last week.
Chromium

Building All the Major Open-Source Web Browsers 106

Posted by Soulskill
from the who-needs-packages dept.
An anonymous reader writes: Cristophe de Dinechin, long-time software developer, has an interesting article on the processes involved in building the major browsers. From the article:

"Mozilla Firefox, Chromium (the open-source variant of Chrome) and WebKit (the basis for Safari) are all great examples of open-source software. The Qt project has a simple webkit-based web browser in their examples. So that's at least four different open-source web browsers to choose from. But what does it take to actually build them? The TL;DR answer is that these are complex pieces of software, each of them with rather idiosyncratic build systems, and that you should consider 100GB of disk space to build all the browsers, a few hours of download, and be prepared to learn lots of new, rather specific tools."
Encryption

Why Google Is Pushing For a Web Free of SHA-1 108

Posted by Soulskill
from the collision-course dept.
An anonymous reader writes: Google recently announced Chrome will be gradually phasing out support for certificates using SHA-1 encryption. They said, "We need to ensure that by the time an attack against SHA-1 is demonstrated publicly, the web has already moved away from it." Developer Eric Mill has written up a post explaining why SHA-1 is dangerously weak, and why moving browsers away from acceptance of SHA-1 is a lengthy, but important process. Both Microsoft and Mozilla have deprecation plans in place, but Google's taking the additional step of showing the user that it's not secure. "This is a gutsy move by Google, and represents substantial risk. One major reason why it's been so hard for browsers to move away from signature algorithms is that when browsers tell a user an important site is broken, the user believes the browser is broken and switches browsers. Google seems to be betting that Chrome is trusted enough for its security and liked enough by its users that they can withstand the first mover disadvantage. Opera has also backed Google's plan. The Safari team is watching developments and hasn't announced anything."
Cloud

Hackers Behind Biggest-Ever Password Theft Begin Attacks 107

Posted by Soulskill
from the 123456-letmein-iloveyou-trustno1 dept.
An anonymous reader writes Back in August, groups of Russian hackers assembled the biggest list of compromised login credentials ever seen: 1.2 billion accounts. Now, domain registrar Namecheap reports the hackers have begun using the list to try and access accounts. "Overnight, our intrusion detection systems alerted us to a much higher than normal load against our login systems. ... The group behind this is using the stored usernames and passwords to simulate a web browser login through fake browser software. This software simulates the actual login process a user would use if they are using Firefox/Safari/Chrome to access their Namecheap account. The hackers are going through their username/password list and trying each and every one to try and get into Namecheap user accounts." They report that most login attempts are failing, but some are succeeding. Now is a good time to check that none of your important accounts share passwords.
Windows

Windows XP Falls Below 25% Market Share, Windows 8 Drops Slightly 336

Posted by Soulskill
from the year-of-something-on-the-somethingtop dept.
An anonymous reader writes: Despite support for Windows XP finally ending three months ago, the ancient OS has only now fallen below the 25 percent market share mark. To add to the bad news for Microsoft, after only nine full months of availability, its latest operating system version, Windows 8.1, has lost share for the first time. For desktop browser share, Chrome is up, taking mostly from Internet Explorer and Firefox. For mobile browsers, Safari continues to fall while Chrome maintains strong growth.
DRM

Netflix Ditches Silverlight For HTML5 On Macs 202

Posted by Unknown Lamer
from the giving-up-freedom-for-tv dept.
An anonymous reader writes "Netflix yesterday furthered its plans to ditch Silverlight for HTML5 on Macs, having already done so last year in IE11 on Windows 8.1. HTML5 video is now supported by Netflix in Safari on OS X Yosemite, meaning you can stream your favorite movies and TV shows without having to install any plugins." Courtesy of encrypted media extensions.
Firefox

Firefox Was the Most Attacked & Exploited Browser At Pwn2own 2014 207

Posted by Soulskill
from the foxes-provide-the-best-sport dept.
darthcamaro writes "Though IE, Chrome and Safari were all attacked and all were exploited, no single web browser was exploited at this year's Pwn2own hacking challenge as Mozilla Firefox. A fully patched version of Firefox was exploited four different times by attackers, each revealing new zero-day vulnerabilities in the open-source web browser. When asked why Mozilla was attacked so much this year, Sid Stamm, senior engineering manager of security and privacy said, 'Pwn2Own offers very large financial incentives to researchers to expose vulnerabilities, and that may have contributed in part to the researchers' decision to wait until now to share their work and help protect Firefox users.' The Pwn2own event paid researchers $50,000 for each Firefox vulnerability. Mozilla now pays researcher only $3,000 per vulnerability."
Microsoft

"Microsoft Killed My Pappy" 742

Posted by timothy
from the and-in-my-day-we-just-modulated-the-electricity-with-our-tongues dept.
theodp writes "A conversation with an angry young developer prompts Microsoft Program Manager Scott Hanselman to blog about 'Microsoft Haters: The Next Generation.' 'The ones I find the most interesting,' says Hanselman, are the 'Microsoft killed my Pappy' people, angry with generational anger. My elders hated Microsoft so I hate them. Why? Because, you wronged me.' The U.S. and Japan managed to get over the whole World War II thing, Hanselman notes, so why can't people manage to get past the Microsoft antitrust thing, which was initiated in 1998 for actions in 1994? 'At some point you let go,' he suggests, 'and you start again with fresh eyes.' Despite the overall good-humored, why-can't-we-get-along tone of his post, Hanselman can't resist one dig that seems aimed at putting things into perspective for those who would still Slashdot like it's 1999: 'I wonder if I can swap out Chrome from Chrome OS or Mobile Safari in iOS.'"
Security

Pwn2own 2014 Set To Hunt Unicorns 66

Posted by samzenpus
from the crack-it-if-you-can dept.
darthcamaro writes "The annual Pwn2own hacking competition has always made short work of all browser vendors' security, shredding perception of safety by hacking IE, Firefox, Safari and Chrome in minutes. This year the competition is adding a twist — for IE on Windows 8.1, hackers will also have to bypass Microsoft EMET, which is a seemingly bulletproof type of sandbox. The competition is calling this the 'Unicorn Exploit' and the first researcher to successful exploit it will pocket $150,000."
Chromium

Google Planning To Remove CSS Regions From Blink 249

Posted by Unknown Lamer
from the good-riddance dept.
mikejuk writes "Google and Opera split from WebKit to create Blink, their own HTML rendering engine, and everyone was worried about the effect on standards. Now we have the first big example of a split in the form of CSS Regions support. Essentially Regions are used to provide the web equivalent of text flow, a concept very familiar to anyone who has used a desktop publishing program. The basic idea is that you define containers for a text stream which is then flowed from one container to another to provide a complex multicolumn layout. The W3C standard for Regions has mostly been created by Adobe — a long time DTP company. Now the Blink team has proposed removing Regions support to save 10,000 lines of code in 350,000 in the name of efficiency. If Google does remove the Regions code, which looks highly likely, this would leave Safari and IE 10/11 as the only two major browsers to support Regions. Both Apple and Microsoft have an interest in ensuring that their hardware can be used to create high quality magazine style layouts — Google and Opera aren't so concerned. I thought standards were there to implement not argue with." Although mikejuk thinks this is a bad thing, a lot of people think CSS Regions are awful. Mozilla has never intended to implement them, instead offering the CSS Fragmentation proposal as an alternative. One major flaw of CSS Regions is its reliance upon markup that is used solely for layout, violating the separation of content and style that CSS is intended to enforce.
Google

Google Seeks To Throw Out UK Safari Tracking Suit 70

Posted by Unknown Lamer
from the international-relations dept.
judgecorp writes "In the latest twist to the saga of Google's tracking of Safari users, the tech giant has asked to have a U.K. lawsuit dismissed. Google says it is bound by California laws, so plaintiffs will have to come to the U.S. and sue there. Law firm Olswang is bringing the suit on behalf of British users whose Safari browser settings were overridden to help Google target ads; it argues that international organizations should respect the laws that apply where their customers live."
Safari

Safari Stores Previous Browsing Session Data Unencrypted 135

Posted by Soulskill
from the security-through-obscurity dept.
msm1267 writes "Users of Apple's Safari browser are at risk for information loss because of a feature common to most browsers that restores previous sessions. The problem with Safari is that it stores session information including authentication credentials used in previous HTTPS sessions in a plaintext XML file called a Property list, or plist, file. The plist files, a researcher with Kaspersky Lab's Global Research and Analysis Team said, are stored in a hidden folder, but hiding them in plain sight isn't much of a hurdle for a determined attacker. 'The complete authorized session on the site is saved in the plist file in full view despite the use of https,' said researcher Vyacheslav Zakorzhevsky on the Securelist blog. 'The file itself is located in a hidden folder, but is available for anyone to read.'"
Google

Google to Pay $17 Million to Settle Privacy Case 109

Posted by Unknown Lamer
from the lemme-dig-that-out-of-my-pocket dept.
cold fjord writes "The New York Times reports, 'Google agreed on Monday to pay $17 million to 37 states and the District of Columbia ... The case involved Google's bypassing of privacy settings in Apple's Safari browser to use cookies to track users and show them advertisements in 2011 and 2012. Google has said it discontinued circumventing the settings early last year, after the practice was publicly reported, and stopped tracking Safari users and showing them personalized ads. ... the case is one of a growing pile of government investigations, lawsuits and punishments related to privacy matters at the company. They include cases involving a social networking tool called Buzz, illegal data collection by Street View vehicles and accusations of wiretapping to show personalized ads in Gmail. '" From the DOJ, the settlement (PDF).
China

Activists Angry After Apple Axes Anti-Firewall App 196

Posted by Soulskill
from the welcome-to-the-world-walled-web dept.
Hugh Pickens DOT Com writes "BBC reports that Chinese web users are criticizing Apple after the company pulled a free iPhone app called OpenDoor, which enables users to bypass firewalls and access restricted internet sites. The developers of OpenDoor — who wish to remain anonymous — told Radio Netherlands that Apple removed the app because it 'includes content that is illegal in China.' 'It is unclear to us how a simple browser app could include illegal contents, since it's the user's own choosing of what websites to view,' say the developers. 'Using the same definition, wouldn't all browser apps, including Apple's own Safari and Google's Chrome, include illegal contents?' Chinese internet users were disappointed by the move by Apple. Zhou Shuguang, a prominent Chinese blogger and citizen journalist, told U.S.-based Radio Free Asia that Apple had taken away one of the tools which internet users in China relied on to circumvent the country's great firewall. 'Apple is determined to have a share of the huge cake which is the Chinese internet market. Without strict self-censorship, it cannot enter the Chinese market,' says one Chinese user disappointed by the move by Apple."
Chrome

Chrome's Insane Password Security Strategy 482

Posted by Unknown Lamer
from the passwords-for-password-locker dept.
jones_supa writes "One day web developer Elliott Kember decided to switch from Safari to Chrome and in the process, discovered possibly a serious weakness with local password management in Chrome. The settings import tool forced the passwords to be always imported, which lead Kember to further investigate how the data can be accessed. For those who actually bother to look at the 'Saved passwords' page, it turns out that anyone with physical access can peek all the passwords in clear text very easily with a couple of mouse clicks. This spurred a lengthy discussion featuring Justin Schuh, the head of Chrome security, who says Kember is wrong and that this behavior of Chrome has been evaluated for years and is not going to change."
OS X

OS X Malware Demands $300 FBI Fine For Viewing, Distributing Porn 173

Posted by timothy
from the receipt-is-useless dept.
An anonymous reader writes "A new piece of malware is targeting OS X to extort money from victims by accusing them of illegally accessing pornography. Ransomware typically uses claims of breaking the law and names law enforcement (such as the CIA or FBI) to scare victims, but it is usually aimed at Windows users, not Mac users. The security firm Malwarebytes first spotted this latest threat, noting that criminals have ported the ransomware scheme to OS X and are even exploiting a Safari-specific feature. The ransomware page in question gets pushed onto unsuspecting users browsing high-trafficked sites as well as when searching for popular keywords."
Mozilla

Firefox Advances Do-Not-Track Technology 148

Posted by Soulskill
from the just-barely-able-to-track-their-progress dept.
CowboyRobot writes "Despite strong advertising industry opposition, Mozilla is advancing plans to have the Firefox browser block, by default, many types of tracking used by numerous websites, and especially advertisers. 'We're trying to change the dynamic so that trackers behave better,' Brendan Eich, CTO of Firefox developer Mozilla, told The Washington Post. According to NetMarketShare, 21% of the world's computers run Firefox. Eich said the blocking technology, which is still being refined, will go live in the next few months. The blocking technology is based on that used by Apple's Safari browser, which blocks all third-party cookies. Advertisers use these types of cookies to track users across multiple websites. Mozilla's cookie-blocking efforts follow a Do Not Track capability being adopted by all major browsers. But the DNT effort stalled in November 2012, after advertisers stopped participating in the program, following Microsoft making DNT active by default in Internet Explorer 10. Advertisers wanted the feature to be not active by default."
United Kingdom

UK Benefits Claimants Must Use Windows XP, IE6 230

Posted by timothy
from the hot-commodity-on-craiglist-london dept.
First time accepted submitter carlypage3 writes "Benefits claimants in the UK are being forced to use Microsoft's now obsolete Windows XP and Internet Explorer 6 software. The Department of Work and Pensions (DWP) states that its online forms are not compatible with Internet Explorer 7, 8, 9 and 10, Safari, Google Chrome or Firefox. As if that wasn't unnerving enough, the Gov.UK website says that users cannot submit claims using Mac OS X or Linux operating systems, either." (Note: as we noted not long ago, it's not just the DWP that's stuck using IE6.)

That does not compute.

Working...