Firefox

Chrome and Firefox Headless Modes May Spur New Adware & Clickfraud Tactics (bleepingcomputer.com) 80

From a report: During the past month, both Google and Mozilla developers have added support in their respective browsers for "headless mode," a mechanism that allows browsers to run silently in the OS background and with no visible GUI. [...] While this feature sounds very useful for developers and very uninteresting for day-to-day users, it is excellent news for malware authors, and especially for the ones dabbling with adware. In the future, adware or clickfraud bots could boot-up Chrome or Firefox in headless mode (no visible GUI), load pages, and click on ads without the user's knowledge. The adware won't need to include or download any extra tools and could use locally installed software to perform most of its malicious actions. In the past, there have been quite a few adware families that used headless browsers to perform clickfraud. Martijn Grooten, an editor at Virus Bulletin, also pointed Bleeping Computer to a report where miscreants had abused PhantomJS, a headless browser, to post forum spam. The addition of headless mode in Chrome and Firefox will most likely provide adware devs with a new method of performing surreptitious ad clicks.
Android

Mozilla Launches Privacy-Minded 'Firefox Focus' Browser For Android (venturebeat.com) 58

An anonymous reader quotes a report from VentureBeat: Mozilla today launched a new browser for Android. In addition to Firefox, the company now also offers Firefox Focus, a browser dedicated to user privacy that by default blocks many web trackers, including analytics, social, and advertising. You can download the new app now from Google Play. Because Google isn't as strict as Apple, Android users can set Firefox Focus as their default browser. There are many use cases for wanting to browse the web without being tracked, but Mozilla offers a common example: reading articles via apps "like Facebook." On iOS, Firefox Focus is basically just a web view with tracking protection. On Android, Firefox Focus is the same, with a few additional features (which are still "under consideration" for iOS):
  • Ad tracker counter -- Lists the number of ads that are blocked per site while using the app.
  • Disable tracker blocker -- For sites that are not loading correctly, you can disable the tracker blocker to fix the issues.
  • Notification reminder -- When Firefox Focus is running in the background, a notification will remind you so you can easily tap to erase your browsing history.

Mozilla

Firefox 54 Arrives With Multi-Process Support For All Users (venturebeat.com) 101

An anonymous reader writes: Mozilla today launched Firefox 54 for Windows, Mac, Linux, and Android. The new version includes the next major phase of multi-process support, which streamlines memory use, improving responsiveness and speed. The Electrolysis project, which is the largest change to Firefox code ever, is live. Firefox now uses up to four processes to run webpage content across all open tabs. This means that complex webpages in one tab have a much lower impact on responsiveness and speed in other tabs, and Firefox finally makes better use of your computer's hardware.
Security

Russian Malware Communicates Using Britney Spears's Instagram Account (welivesecurity.com) 54

JustAnotherOldGuy writes: A key weakness in malicious software is the "Command and Control" (C&C) system -- a central server that the malware-infected systems contact to receive updates and instructions, and to send stolen data. Anti-malware researchers like to reverse engineer malicious code, discover the C&C server's address, and then shut it down. Turla is an "advanced persistent threat" hacking group based in Russia with a long history of attacking states in ways that advance Russian state interests. A new analysis by Eset shows that Turla is solving its C&C problems by using Britney Spears' Instagram account as a cut-out for its C&C servers. Turla moves the C&C server around, then hides the current address of the server in encrypted comments left on Britney Spears's image posts. The compromised systems check in with Spears' Instagram whenever they need to know where the C&C server is currently residing.
Safari

Apple Announces Support For WebRTC in Safari 11 (webkit.org) 46

Youenn Fablet, software engineer at Apple, writes: Today we are thrilled to announce WebKit support for WebRTC, available on Safari on macOS High Sierra, iOS 11, and Safari Technology Preview 32. [...] Currently, Safari supports legacy WebRTC APIs. Web developers can check whether their websites conform to the latest specifications by toggling the STP Experimental Features menu item "Remove Legacy WebRTC API". Legacy WebRTC APIs will be disabled by default on future releases. Websites that need to accommodate older implementations of the WebRTC and Media Capture specifications can take advantage of polyfill libraries like adapter.js. Peer5, a startup that offers serverless CDN for massively-scaled video streaming, writes in a blogpost: This is HUGE news for the computing industry. Since its introduction in 2011, WebRTC has become an incredibly important part of everyone's favorite platforms and applications. It is at the core of a few services that you might have heard of, including Google Hangouts, Facebook Messenger, Snapchat and Slack. WebRTC is also supported natively by most major web browsers, including Chrome, Firefox and Opera. But there were 2 big holdouts -- Microsoft's Edge browser and Apple's Safari. This meant that people using those browsers couldn't access WebRTC-based services without installing some type of plug-in. Well, those days are over given the WWDC news and Microsoft's announcement back in January regarding WebRTC support in Edge. Developers can now create compelling browser-based applications that incorporate real-time audio and video (and maybe even a peer-to-peer component) and know that 99% of the world's Web surfers will be able to use their services without having to install any plug-ins or additional software. This newfound ubiquity for WebRTC might even make a developer question whether he has to build a native iOS or Android app to deliver his service to end-users.
Mozilla

Amazon, Mozilla, Kickstarter, and Reddit Are Staging a Net Neutrality Online Protest (washingtonpost.com) 70

An anonymous reader shares a report: Some of the Internet's biggest names are banding together for a "day of action" to oppose the Federal Communications Commission (alternative source), which is working to undo regulations for Internet providers that it passed during the Obama administration. Among the participants are Etsy, Kickstarter and Mozilla, the maker of the popular Firefox Web browser. Also joining the day of protest will be Reddit, the start-up incubator Y Combinator, and Amazon. On July 12, the companies and organizations are expected to change their websites to raise awareness of the FCC effort, which is aimed at deregulating the telecom and cable industries. Mozilla, for example, will change what users see on their screens when they open a new browser window. Other participants include Demand Progress, Etsy, Vimeo, Private Internet Access, Fight for the Future, EFF, DreamHost, Creative Commons, BitTorrent, American Library Association, ACLU, GreenPeace, Open Media, and Patreon. Find more details here.
Mozilla

Former Mozilla CTO: 'Chrome Won' (andreasgal.com) 272

Responding to Firefox marketing head Eric Petitt's blog post from earlier this week, Andreas Gal, former chief technology officer of Mozilla (who spent seven years at the company) offers his insights. Citing latest market share figures, Gal says "it's safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated." From his blog post (edited and condensed for length): With a CEO transition about 3 years ago there was a major strategic shift at Mozilla to re-focus efforts on Firefox and thus the Desktop. Prior to 2014 Mozilla heavily invested in building a Mobile OS to compete with Android: Firefox OS. I started the Firefox OS project and brought it to scale. While we made quite a splash and sold several million devices, in the end we were a bit too late and we didn't manage to catch up with Android's explosive growth. Mozilla's strategic rationale for building Firefox OS was often misunderstood. Mozilla's founding mission was to build the Web by building a browser. [...] Browsers are a commodity product. They all pretty much look the same and feel the same. All browsers work pretty well, and being slightly faster or using slightly less memory is unlikely to sway users. If even Eric -- who heads Mozilla's marketing team -- uses Chrome every day as he mentioned in the first sentence, it's not surprising that almost 65% of desktop users are doing the same. [...] I don't think there will be a new browser war where Firefox or some other competitor re-captures market share from Chrome. It's like launching a new and improved horse in the year 2017. We all drive cars now. Some people still use horses, and there is value to horses, but technology has moved on when it comes to transportation. Does this mean Google owns the Web if they own Chrome? No. Absolutely not. Browsers are what the Web looked like in the first decades of the Internet. Mobile disrupted the Web, but the Web embraced mobile and at the heart of most apps beats a lot of JavaScript and HTTPS and REST these days. The future Web will look yet again completely different. Much will survive, and some parts of it will get disrupted.
Mozilla

Firefox Marketing Head Expresses Concerns Over Google's Apparent 'Only Be On Chrome' Push (medium.com) 189

Eric Petitt, head up Firefox marketing, writing in a blog: I use Chrome every day. Works fine. Easy to use. There are multiple things that bug me about the Chrome product, for sure, but I'm OK with Chrome. I just don't like only being on Chrome. And that's what Chrome wants. It wants you to only use Chrome. Chrome is not evil, it's just too big for its britches. Its influence on the internet economy and individuals is out of balance. Chrome, with 4 times the market share of its nearest competitor (Firefox), is an eight-lane highway to the largest advertising company in the world. Google built it to maximize revenue from your searches and deliver display ads on millions of websites. To monetize every... single... click. And today, there exists no meaningful safety valve on its market dominance. Beyond Google, the web looks more and more like a feudal system, where the geography of the web has been partitioned off by the Frightful Five. Google, Facebook, Microsoft, Apple and Amazon are our lord and protectors, exacting a royal sum for our online behaviors. We're the serfs and tenants, providing homage inside their walled fortresses. Noble upstarts are erased or subsumed under their existing order. (Footnote: Petitt has made it clear that the aforementioned views are his own, and not those of Mozilla.)
IBM

New OS/2 Warp Operating System 'ArcaOS' 5.0 Released (arcanoae.com) 145

The long-awaited modern OS/2 distribution from Arca Noae was released Monday. martiniturbide writes: ArcaOS 5.0 is an OEM distribution of IBM's discontinued OS/2 Warp operating system. ArcaOS offers a new set of drivers for ACPI, network, USB, video and mouse to run OS/2 in newer hardware. It also includes a new OS installer and open source software like Samba, Libc libraries, SDL, Qt, Firefox and OpenOffice... It's available in two editions, Personal ($129 with an introductory price of $99 for the first 90 days [and six months of support and maintenance updates]) and Commercial ($239 with one year of support and maintenance).

The OS/2 community has been called upon to report supported hardware, open source any OS/2 software, make public as much OS/2 documentation as possible and post the important platform links. OS2World insists that open source has helped OS/2 in the past years and it is time to look under the hood to try to clone internal components like Control Program, Presentation Manager, SOM and Workplace Shell.

By Tuesday Arca Noae was reporting "excessive traffic on the server which is impacting our ordering and delivery process," though the actual downloads of the OS were unaffected, the server load issues were soon mitigated, and they thanked OS/2 enthusiasts for a "truly overwhelming response."
Firefox

Firefox 55: Flash Will Become 'Ask To Activate' For Everyone (bleepingcomputer.com) 114

An anonymous reader quotes a report from BleepingComputer: Starting with the release of Firefox 55, the Adobe Flash plugin for Firefox will be set to "Ask to Activate" by default for all users. This move was announced in August 2016, as part of Mozilla's plan to move away from plugins built around the NPAPI technology. Flash is currently the only NPAPI plugin still supported in Firefox, and moving its default setting from "Always Activate" to "Ask to Activate" is just another step towards the final step of stop supporting Flash altogether. This new Flash default setting is already live in Firefox's Nightly Edition and will move through the Alpha and Beta versions as Firefox nears its v55 Stable release. By moving Flash to a click-to-play setting, Firefox will indirectly start to favor HTML5 content over Flash for all multimedia content. Other browsers like Google Chrome, Brave, or Opera already run Flash on a click-to-play setting, or disabled by default. Firefox is scheduled to be released on August 8, 2017.
Businesses

'WannaCry Makes an Easy Case For Linux' (techrepublic.com) 411

An anonymous reader writes: The thing is, WannaCry isn't the first of its kind. In fact, ransomware has been exploiting Windows vulnerabilities for a while. The first known ransomware attack was called "AIDS Trojan" that infected Windows machines back in 1989. This particular ransomware attack switched the autoexec.bat file. This new file counted the amount of times a machine had been booted; when the machine reached a count of 90, all of the filenames on the C drive were encrypted. Windows, of course, isn't the only platform to have been hit by ransomware. In fact, back in 2015, the LinuxEncoder ransomware was discovered. That bit of malicious code, however, only affected servers running the Magento ecommerce solution. The important question here is this: Have their been any ransomware attacks on the Linux desktop? The answer is no. With that in mind, it's pretty easy to draw the conclusion that now would be a great time to start deploying Linux on the desktop. I can already hear the tired arguments. The primary issue: software. I will counter that argument by saying this: Most software has migrated to either Software as a Service (SaaS) or the cloud. The majority of work people do is via a web browser. Chrome, Firefox, Edge, Safari; with few exceptions, SaaS doesn't care. With that in mind, why would you want your employees and staff using a vulnerable system? [...] Imagine, if you will, you have deployed Linux as a desktop OS for your company and those machines work like champs from the day you set them up to the day the hardware finally fails. Doesn't that sound like a win your company could use? If your employees work primarily with SaaS (through web browsers), then there is zero reason keeping you from making the switch to a more reliable, secure platform.
Chrome

Should You Leave Google Chrome For the Opera Browser? (vice.com) 303

mspohr shares a report written by Jason Koebler via Motherboard who makes the case for why you should break up with Chrome and switch to the Opera browser: Over the last few years, I have grown endlessly frustrated with Chrome's resource management, especially on MacOS. Admittedly, I open too many tabs, but I'd wager that a lot of you do, too. With Chrome, my computer crawls to complete unusability multiple times a day. After one too many times of having to go into Activity Monitor to find that one single Chrome tab is using several gigs of RAM, I decided enough was enough. I switched to Opera, a browser I had previously thought was only for contrarians. This, after previous dalliances with Safari and Firefox left me frustrated. Because Opera is also based on Blink, I almost never run into a website, plugin, script, or video that doesn't work flawlessly on it. In fact, Opera works almost exactly like Chrome, except without the resource hogging that makes me want to throw my computer against a brick wall. This is exactly the point, according to Opera spokesperson Jan Standal: "What we're doing is an optimized version of Chrome," he said. "Web developers optimize most for the browser with the biggest market share, which happens to be Chrome. We benefit from the work of that optimization."

Slashdot reader mspohr adds: "I should note that this has also been my experience. I have a 2010 MacBook, which I was ready to trash since it had become essentially useless, coming to a grinding halt daily. I tried Opera and it's like I have a new computer. I never get the spinning wheel of death. (Also, the built-in ad blocker and VPN are nice.)" What has been your experience with Google Chrome and/or Opera? Do you prefer one over the other?

Microsoft

Microsoft Finally Bans SHA-1 Certificates In Its Browsers (zdnet.com) 38

An anonymous reader quotes ZDNet: With this week's monthly Patch Tuesday, Microsoft has also rolled out a new policy for Edge and Internet Explorer that prevents sites that use a SHA-1-signed HTTPS certificate from loading. The move brings Microsoft's browsers in line with Chrome, which dropped support for the SHA-1 cryptographic hash function in January's stable release of Chrome 56, and Firefox's February cut-off... Apple dropped support for SHA-1 in March with macOS Sierra 10.12.4 and iOS 10.3... Once Tuesday's updates are installed, Microsoft's browsers will no longer load sites with SHA-1 signed certificates and will display an error warning highlighting a security problem with the site's certificate.
Security

Ambient Light Sensors Can Be Used To Steal Browser Data (bleepingcomputer.com) 37

An anonymous reader writes: "Over the past decade, ambient light sensors have become quite common in smartphones, tablets, and laptops, where they are used to detect the level of surrounding light and automatically adjust a screen's intensity to optimize battery consumption... and other stuff," reports Bleeping Computer. "The sensors have become so prevalent, that the World Wide Web Consortium (W3C) has developed a special API that allows websites (through a browser) to interact with a device's ambient light sensors. Browsers such as Chrome and Firefox have already shipped versions of this API with their products." According to two privacy and security experts, Lukasz Olejnik and Artur Janc, malicious web pages can launch attacks using this new API and collect data on users, such as URLs they visited in the past and extract QR codes displayed on the screen. This is possible because the light coming from the screen is picked up by these sensors. Mitigating such attacks is quite easy, as it only requires browser makers and the W3C to adjust the default frequency at which the sensors report their readings. Furthermore, the researcher also recommends that browser makers quantize the result by limiting the precision of the sensor output to only a few values in a preset range. The two researchers filed bug reports with both Chrome and Firefox in the hopes their recommendations will be followed.
The Internet

Newest Firefox Browser Bashes Crashes (cnet.com) 134

Nobody likes it when a web browser bombs instead of opening up a website. Mozilla is addressing that in the newly released v53 of its Firefox browser, which it claims crashes 10 percent fewer times. CNET adds: The improvement comes through the first big debut of a part of Project Quantum, an effort launched in 2016 to beef up and speed up Firefox. To improve stability, Firefox 53 on Windows machines isolates software called a compositor that's in charge of painting elements of a website onto your screen. That isolation into a separate computing process cuts down on trouble spots that can occur when Firefox employs computers' graphics chips, Mozilla said.
Firefox

Mozilla Kills Firefox Aurora Channel, Builds Will Move Directly From Nightly To Beta (venturebeat.com) 49

Mozilla said today it is killing the Firefox Aurora channel, six years after it was first introduced in April 2011. The move comes as, Aurora failed to live up to the company's expectations as a "first stabilization channel." Moving forward, the absence of Aurora will help the company streamline its browser's release process and bring stable new features to users and developers faster. From a report: The Firefox Aurora channel sat between the Nightly and Beta channels. Until now, Firefox development started with Nightly, which consists of the latest Firefox code packaged up every night for bleeding-edge testers, and was then followed by Aurora, which includes everything that is labeled as "experimental," then Beta, and then finally the release channel for the broader public. Going forward, builds will move from Nightly to Beta to Release. The Firefox Developer Edition, which the company calls "the first browser created specifically for developers," will be based on the Beta channel instead of Aurora. Developer Edition users should keep their existing profile, themes, tools, preferences, and "should not experience any disruption," Mozilla promises.
Chrome

Microsoft Edge Beats Chrome By Over Three Hours In New Battery Usage Test (bleepingcomputer.com) 236

An anonymous reader writes: With the launch of the Windows 10 Creators Update and Edge 40 (EdgeHTML 15), Microsoft has released a new battery usage test that, naturally, trashes the company's competition. This new test shows that Edge uses less power than both Chrome 57 and Firefox 52, and is bound to draw a response from its competition, especially Google, who doesn't like it when Microsoft takes a jab at Chrome's efficiency. The same thing happened last year, in June, when a similar test showcasing Edge's longer battery life was met with responses from both Google and Opera.

The most recent tests were performed for the launch of Windows 10 Creators Update. Two tests were carried out until a laptop's battery gave out. For each browser, a minimum of 16 iterations were recorded per test. The first test measured normal browsing performance and the second ran a looped Vimeo fullscreen video. In the normal browsing performance test, Microsoft claims Edge used 31% less power than Chrome 57, and 44% less power than Firefox 52. In the second test, Edge played a looped Vimeo video in fullscreen for 751 minutes (12:31:08), while Chrome lasted 557 minutes (9:17:03) and Firefox for only 424 minutes (7:04:19). That's a whopping three hours over Chrome, and five hours above Firefox.

Firefox

Firefox To Let Users Control Memory Usage (bleepingcomputer.com) 213

An anonymous reader quotes a report from BleepingComputer: Mozilla engineers are working on a new section in the browser's preferences that will let users control the browser's performance. Work on this new section started last Friday when an issue was opened in the Firefox bug tracker. Right now, the Firefox UI team has proposed a basic sketch of the settings section and its controls. Firefox developers are now working to isolate or implement the code needed to control those settings [1, 2, 3]. According to the current version of the planned Performance settings section UI, users will be able to control if they use UI animations (to be added in a future Firefox version), if they use page prefetching (feature to preload links listed on a page), and how many "content" processes Firefox uses (Firefox currently supports two processes [one for the Firefox core and one for content], but this will expand to more starting v54).
The Internet

Server Snafu Exposes Ask.com User Search Queries Via Internal Status Page (bleepingcomputer.com) 10

"The Ask.com search engine went through some sort of technical issue late Friday night, as its servers were exposing the internal Apache server status page, revealing recently processed search queries," reports BleepingComputer. An anonymous reader writes: The issue is now fixed, but a copy of the server status page with some search queries can still be viewed in Google's search engine cache. "Some of the weirdest search queries were collected by users in a Hacker News thread," reports BleepingComputer, adding "As you'd expect, the server page included plenty of searches for porn."

The issue also affected localized Ask.com servers, such as uk.ask.com/server-status, us.ask.com/server-status, and de.ask.com/server-status, but no user data was exposed, as the search queries passed through load balancers and already hid user IPs.

Mozilla

Tor Browser Will Feature More Rust Code (bleepingcomputer.com) 149

An anonymous reader writes: "The Tor Browser, a heavily modified version of the Firefox browser with many privacy-enhancing features, will include more code written in the Rust programming language," reports BleepingComputer. In a meeting held last week in Amsterdam, Tor developers decided to slowly start using Rust to replace the C++ code. The decision comes after Mozilla started shipping Rust components with Firefox in 2016. Furthermore, Rust is a memory-safe(r) language than C++, the language used for Firefox and the customized Tor code, which means less memory corruption errors. Less of these errors means better privacy for all.
"Part of our interest in using safer languages like Rust in Tor is because a tiny mistake in C could have real consequences for real people," Tor developer Isis Agora Lovecruft posted on Twitter, adding "Also the barrier to entry for contributing to large OSS projects written in C is insanely high."

Slashdot Top Deals