First time accepted submitter carlypage3 writes "Benefits claimants in the UK are being forced to use Microsoft's now obsolete Windows XP and Internet Explorer 6 software. The Department of Work and Pensions (DWP) states that its online forms are not compatible with Internet Explorer 7, 8, 9 and 10, Safari, Google Chrome or Firefox. As if that wasn't unnerving enough, the Gov.UK website says that users cannot submit claims using Mac OS X or Linux operating systems, either." (Note: as we noted not long ago, it's not just the DWP that's stuck using IE6.)

AmiMoJo writes "It looks like Mozilla are finally going to remove the much hated blink tag from the Gecko rendering engine that powers Firefox. Work to remove support for the tag, which was always non-standard and is not supported by the most popular HTML layout engines WebKit and Blink (Chrome, Safari, Opera, Android), is progressing and should show up in a future version of the browser." A comment attached to the discussion of this (not completed) move points out the odd possibility that Google's new Blink rendering engine may feature the blink tag via CSS animation, which would be "hilarious/awesome."

An anonymous reader writes "A new trojan specifically for Macs has been discovered that installs an adware plugin. The malware attempts to monetize its attack by injecting ads into Chrome, Firefox, and Safari (the most popular browsers on Apple's desktop platform) in the hopes that users will generate money for its creators by viewing (and maybe even clicking) them. The threat, detected as "Trojan.Yontoo.1" by Russian security firm Doctor Web, is part of a wider scheme of adware for OS X that has "been increasing in number since the beginning of 2013," according to the company."

Freshly Exhumed writes with an "inconvenient truth" as reported at Internet News: "Google Chrome running Chrome OS was hailed as being a survivor in the Pwnium/Pwn2own event that hacked IE, Firefox and Chrome browsers on Windows. Apple's Safari running on Mac OS X was not hacked and neither (apparently) was Chrome on Chrome OS. Google disclosed [Monday] morning that Chrome on Chrome OS had in fact been exploited — albeit, unreliably. The same researcher that took Google's money last year for exploiting Chrome, known publicly only as 'PinkiePie' was awarded $40,000 for exploiting Chrome/Chrome OS via a Linux kernel bug, config file error and a video parsing flaw." Asks Freshly Exhumed: "So, was it really Google Chrome, or was Linux to blame?"

New submitter jgb writes "WebKit is, now that Opera decided to join the project, in the core of three of the five major web browsers: Apple's Safari, Google's Chromium and Opera. Therefore, WebKit is also a melting pot for many corporate interests, since several competing companies (not only Google and Apple, but also Samsung, RIM, Nokia, Intel and many others) are finding ways of collaborating in the project. All of this makes fascinating the study of how they are contributing to the project. Some weeks ago, a study showed how they were submitting contributions to the code base. Now another one uncovers how they are reviewing those submitted contributions. As expected, most of the reviews during the whole life of the project were done by Apple, with Google as a close second. But things have changed dramatically during the last few years. In 2012, Google is a clear first, reviewing about twice as much (50%) as Apple (25%). RIM (7%) and Nokia (5%) are also relevant reviewers. Code review is very important in WebKit's development process, with reviewers acting as a sort of gatekeepers, deciding which changes make sense, and when they are conforming to the project practices and quality standards. In some sense, review activity reflects the responsibility each company is taking on how WebKit evolves. In some sense, the evolution over time for this activity by the different companies tells the history of how they have been shaping the project."

Dystopian Rebel writes "A Stanford comp-sci student has found a serious bug in Chromium, Safari, Opera, and MSIE. Feross Aboukhadijeh has demonstrated that these browsers allow unbounded local storage. 'The HTML5 Web Storage standard was developed to allow sites to store larger amounts of data (like 5-10 MB) than was previously allowed by cookies (like 4KB). ... The current limits are: 2.5 MB per origin in Google Chrome, 5 MB per origin in Mozilla Firefox and Opera, 10 MB per origin in Internet Explorer. However, what if we get clever and make lots of subdomains like 1.filldisk.com, 2.filldisk.com, 3.filldisk.com, and so on? Should each subdomain get 5MB of space? The standard says no. ... However, Chrome, Safari, and IE currently do not implement any such "affiliated site" storage limit.' Aboukhadijeh has logged the bug with Chromium and Apple, but couldn't do so for MSIE because 'the page is broken" (see http://connect.microsoft.com/IE). Oops. Firefox's implementation of HTML5 local storage is not vulnerable to this exploit."

Orome1 writes "Adobe has pushed out an emergency Flash update that solves two critical vulnerabilities (CVE-2013-0633 and CVE-2013-0634) that are being actively exploited to target Windows and OS X users, and is urging users to implement it as soon as possible. According to a security bulletin released on Thursday, the OS X exploit targets Flash Player in Firefox or Safari via malicious Flash content hosted on websites, while Windows users are targeted with Microsoft Word documents delivered as an email attachments which contain malicious Flash content. Adobe has also announced its intention of adding new protections against malicious Flash content embedded in Microsoft Office documents to its next feature release of Flash Player."

theodp writes "Earlier this week, hackers gained access to Twitter's internal systems and stole information, compromising 250,000 Twitter accounts before the breach was stopped. Reporting the incident on the company's official blog, Twitter's manager of network security did not specify the method by which hackers penetrated its system, but mentioned vulnerabilities related to Java in Safari and Firefox, and echoed Homeland Security's advisory that users disable Java in their browsers. Sure, blame everything on Larry Ellison. Looks like bad things do happen in threes — Twitter's report comes on the heels of disclosures of hacking attacks on the WSJ and NY Times."

Dupple writes "After settling with the FTC, Google is under pressure again regarding user privacy. From the BBC: 'A group of Apple's Safari web browser users has launched a campaign against Google over privacy concerns. They claim that Google bypassed Safari's security settings to install cookies which tracked their movements on the internet. Between summer 2011 and spring 2012 they were assured by Google this was not the case, and believed Safari's settings to be secure. Judith Vidal-Hall, former editor of Index On Censorship magazine, is the first person in the UK to begin legal action. 'Google claims it does not collect personal data but doesn't say who decides what information is "personal,"' she said. 'Whether something is private or not should be up to the internet surfer, not Google. We are best placed to decide, not them.'"

Press2ToContinue writes "Amazon has found a simple way around Apple's tight-fisted App Store rules: give users a web app to buy MP3s that runs in Safari. This way, they have no need to pay 30% per tune to Apple. Freedom of choice of vendor in Apple-only territory? Is this a big breach of Apple's walled garden? I wonder if Apple with have a response to this."

DeviceGuru writes "Although IE remains the one of the top browsers on desktops, it's being trounced on tablets and smartphones by browsers based on WebKit, including Safari, the Android Browser, and Google Chrome. Faced with this uphill battle on handheld mobile devices, Microsoft MVP Bill Reiss has suggested that it might be time for Microsoft to throw in the towel on Trident and switch to WebKit (though Reiss later decided he was wrong). But although there are lots of points in favor of doing so, there are also some good reasons not to, including security and a need for healthy competition to avoid having mobile developers begin to target WebKit rather than standards."

itwbennett writes "Judge Susan Illston has said she will approve a $22.5 million settlement deal between Google and the FTC over the company's practice of circumventing privacy protections in Apple's Safari browser to place tracking cookies on user's computers. Judge Illston also expressed concern about what will happen to the tracking data Google collected, since the settlement doesn't call for Google to destroy the data."

Trailrunner7 writes "A security researcher has submitted to Oracle a patch he said took him 30 minutes to produce that would repair a zero-day vulnerability currently exposed in Java SE. He hopes his actions will spur Oracle to issue an out-of-band patch for the sandbox-escape vulnerability, rather than wait for the February 2013 Critical Patch Update as Oracle earlier said it would. Adam Gowdiak of Polish security consultancy Security Explorations reported the vulnerability to Oracle on Sept. 25, as well as proof-of-concept exploit code his team produced. The vulnerability is present in Java versions 5, 6 and 7 and would allow an attacker to remotely control an infected machine once a user landed on a malicious website hosting the exploit. Gowdiak said his proof-of-concept exploit was successfully used against a fully patched Windows 7 machine using Firefox 15.0.1, Chrome 21, IE 9, Opera 12, and Safari 5.1.7."

An anonymous reader writes "cHTeMeLe is a board game about writing HTML5 code. In cHTeMeLe, players endorse their favorite web browser (Firefox, Safari, Chrome, Opera, or IE) and then score points by correctly laying out HTML tags, while also trying to bug or crash their opponents' code. From the article: 'Despite cHTeMeLe's technical theme, its developers claim you don't need any web programming experience to play. The game takes web design standards and boils them down into game rules that even children can learn. To help less technical players keep everything straight, the tag cards use syntax highlighting that different parts of code have unique colors — just like an Integrated Developer Environment. No one is going to completely pick up HTML5 purely by playing cHTeMeLe, but it does have some educational value for understanding basic tags and how they fit together.'"

jcatcw writes "Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco, researchers from the Polish firm Security Explorations disclosed yet another critical Java vulnerability that might 'spoil the taste of Larry Ellison's morning ... Java.' According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software, Java 5, 6 and 7. It could be exploited by apps on Chrome, Firefox, Internet Explorer, Opera and Safari. Wow, thanks a lot Oracle."

New submitter SquarePixel writes "Microsoft is urging Safari users to switch to Bing after Google was fined $22.5 million for violating Safari privacy settings. 'Microsoft is keen to make sure that no-one forgets this, let alone Safari users, and the page summarizes the events that took place.' It tells users how Google promised not to track Safari users, but tracked them without their permission and used this data to serve them advertisement. Lastly, it tells how Google was fined $22.5 million for this and suggests users to try the more privacy oriented Bing search engine."

New submitter spac writes "AllthingsD has an interesting story about how a startup called Wajam requires users of their service to download a script that sets up a proxy to handle all network requests for the purpose of providing 'Social Recommendations' within built-in apps. The privacy implications of using this profile script isn't clearly presented to users. Are we really to entrust our data to a company founded by a man who comes from the world of browser toolbars? And for social search?!" The company rushes to counter privacy concerns by pointing out that their service has "received security certifications from TRUSTe, McAfee and Norton."

Trailrunner7 writes "Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy 'red team,' a group of people charged with finding and resolving privacy risks in the company's products. The concept of a red team is one that's been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area."

wiredmikey writes "The US Federal Trade Commission fined Google $22.5 million for violating the privacy of people who used rival Apple's Safari web browser even after pledging not to do so. The FTC said Google had agreed with the commission in October 2011 not to place tracking cookies on or deliver targeted ads to Safari users, but then went ahead and did so. 'For several months in 2011 and 2012, Google placed a certain advertising tracking cookie on the computers of Safari users who visited sites within Google's DoubleClick advertising network,' the FTC said in a statement. 'Google had previously told these users they would automatically be opted out of such tracking.' While Google agreed to the fine, it did NOT admit it had violated the earlier agreement."

TrueSatan writes "iOS 6 beta 4 has removed the YouTube application that existed on iOS since the first version in 2007. Apple confirmed that YouTube is gone from iOS 6. Google is apparently building its own app saying: 'Our license to include the YouTube app in iOS has ended, customers can use YouTube in the Safari browser and Google is working on a new YouTube app to be on the App Store.'"