Development
Yet another vulnerability issue arises for Firefox 3.5.1 [Updated]
Jul 19th
It has been just a few days since we informed you about the Firefox 3.5.1 update that was aimed at resolving a Javascript vulnerability found in Firefox 3.5. Well unfortunately another vulnerability has been found in Firefox 3.5.1. The latest vulnerability appears to be a critical one. This undesirable issue can be exploited remotely. It uses a stack based buffer overflow that is triggered by an overly large and long string containing Unicode data. It has the potential to allow
- Remote code execution
- Crashes
- Freezes
- Allocating huge and I mean huge amount of memory.
A proof of concept that showcases this vulnerability has already been developed. Uptil now no patch has been made available from Firefox team. So it is advised and recommended to disable Javascript until a patch is made available that resolves this critical issue. This is the only way you can protect and avoid your computer being exposed to a remote attack. To disable Javascript just go the Tools tab -> Options -> Content Tab-> Uncheck Enable Javascript option.
Thanks to Mike Shaver who has corrected us and enlightened us on the issue. He has informed us that the latest bug is not capable of code execution and the only thing that it will do is it will result in an unexploitable crash (in the worst case scenario). According to the Mozilla Security Blog:
On Windows, Firefox 3.0.x and Firefox 3.5.x are terminated due to an uncaught exception during an attempt to allocate a very large string buffer; this termination is safe and immediate, and does not permit the execution of attacker code.
On the Macintosh in Firefox 3.0.x and 3.5.x, a crash occurs inside the ATSUI system library (part of OS X), due to what appears to be a failure to check allocation results. This issue is likely to affect any application using the recommended text-handling libraries on OS X. We have reported this issue to Apple, but in the event that they do not provide a fix we will look to implement mitigations in Mozilla code. We recommend that other developers who use these libraries consider a similar practice, and we have added mitigations in the past for similar bugs in these libraries.
As a result of our analysis, we do not believe that this represents an exploitable vulnerability in Firefox.
Facebook launches a wizard for account recovery
Jul 19th
Most of you just like me have not been in the uncomfortable and undesirable situation in which your facebook accounts have become victims of security attacks such as phishing attacks and so on. But since world is not a perfect place there are also those users who have unfortunately become victim of such attacks. Although they can recover their accounts but that process is quite a painful one as many users will tell you. Facebook has realized this fact and has launched a new process that will expectedly make account recovery process more easier and convenient
Previously, Facebook used email as the communication medium for informing the users that their accounts have been compromised. In the same email, Facebook also provided the essential instructions for restoring their account. Well now all that has been replaced with a wizard. This wizard provides a more efficient way of checking security, verifying your account and changing your password. The new wizard looks like this
Speaking about the changes, Jake Brill who is the project manager of Facebook’s site integrity team said
It can be an embarrassing experience to log in to Facebook to find that unauthorized messages have been sent from your account and then face questions from friends who have received spam from you.
We’ve spent the last few months improving the way to guide people through the process of regaining access to their account after it’s been compromised and used to send spam. Currently, we send emails explaining what happened and provide links to remedy the situation. Now we’re moving towards a new model that also involves clear and simple steps taken within Facebook itself. In doing so, we can ensure that the person logging in is the true owner of the account, thereby preventing hackers from using it to send spam in the future.
With facebook’s popularity increasing day by day one feels that the account recovery process will be needed more and more importantly it will be essential that the account recovery process be made smoother and easier to use.
Stream publishing API now open to all developers
Jul 19th
Attention! All those developers who were waiting to use the stream publishing API . I have got good news for you. If you are guessing that now any developer can use the publishing API without requiring acceptance , then you are bang on target. In order to use the stream publishing API, you will no longer be required to have be accepted into the Facebook’s white list in order to use this API for the general public of the facebook
The call to stream.publish API allows a facebook app to publish updates directly into the specific user’s stream. All this happens automatically once they are given the permission.
In the past, when the API was in Beta, it was a requirement for the developers to apply for getting accepted onto the white list if they wanted to increase the domain of the API call besides the developers of the application
Although an official statement is yet to arrive from Facebook (not announced as we write) regarding the upgrade of the API from the Beta status. But it is confirm that the restriction is no longer existent. The white list requirement has been removed from the Developer Wiki page. Currently the applications will have the power and the ability to publish updates to any user’s stream once the app has been authorized by the user to carry out the intended action.
Google growth takes a back seat
Jul 19th
Unfortunately Google‘s performance in terms of growth is not improving or increasing. Instead the growth rate continues to slow down and drop in the second quarter. What this means is that the online ad market is in a bad situation.
Search Engine giant’s revenue dropped down from 6% growth in the first quarter. In the second quarter, it fell below the 39% growth Google saw in the second quarter.
These results do not bring good news for the U.S. Internet Advertising market. It suggests that it will take time for the market to rise again to the desired level. Market research firm eMarketer predicts that U.S. online advertising will show a 4.5 growth for the current year (2009).
Eric Schmidt, Google’s Chief Executive in a conference call stated that the results were good keeping in mind the current recession scenario. In a cautious manner, he stated
it is too early for us to tell when the recovery materializes.
However the Californian based company’s profit increased about 19 percent. Schmidt further identified that some advertisers marketing their products in certain areas/categories were recovering. The categories which showed a positive trend include shopping and travel. However fields such as finance still remain on the weaker side. Sticking to the positive side, Google has managed to perform rather outperform its competitors such as Yahoo and Time Warner‘s AOL even in the economic downslide.
Google in order to manage this slow growth rate might need to consider and perform cost reduction activities. That is what we have observed as Google has released 300 employees, closed a few engineering offices and has delayed its expensive projects like finishing and completing its new data center.
Google continues to invest in new businesses for instance online software for businesses and bringing advertisements to cell phones.
Videos are coming soon on Wikipedia
Jul 18th
Wikipedia- The Free Encyclopedia- is the most popular free web encyclopedia. Wikipedia users will be getting new tools for uploading, editing and viewing videos very soon. From a Beet.TV interview with Erik Moller, the deputy director of the Wikimedia Foundation, news showed up that the expected changes will be available very shortly.
Wikipedia has been working on video support for years. They are putting major effort into making it easier for users to upload video,specifically to bridge a video format divide.
Wikipedia is still planning to use Ogg Theora (an open-source video codec that can be played back natively inside the latest version of Firefox, and will be available soon to Chrome and Opera). Wikipedia also suggested users to convert their videos to Ogg Theora format on their end using FireFogg, a Firefox plug-in which can transcode user videos to Ogg.
Videos on the site are uploaded and watched in a format called Ogg Theora. It is a Flash-like program which is completely open-source. Video producers can render Ogg files in FinalCut and other editing programs by using various plug-ins. Once in Ogg, these files can be uploaded to Wikipedia. said Erik Moller, the deputy director of the Wikimedia Foundation.
Wikipedia’s choice of video format will have a big impact on the web and its standard because of the popularity of the site. Wikipedia’s choice to go for Ogg Theora will put stress on browsers and site creators as HTML 5 video, which is emerging as a hotly-contended Web standard.
Ogg Theora allows for downloading, remixing and re-uploading without licensing fees unlike the H.264 codec, which has been used in both Google and Apple’s product and services.
Microsoft, Apple, and Google seems to be least interest about promoting the Ogg Theora format in their browsers, and have put resources behind H.264 instead. Google’s Chrome supports both Ogg Theora and H.264, however Google has gone on the record as saying its quality was not as good as desired. Google has also used considerable resources into re-encoding YouTube’s entire library of videos into H.264, making the company less likely to switch camps.
The competing formats and standards are still a big question for start-ups. Lengends such as Adobe with its Flash format, and Apple with its streaming QuickTime standard have helped pave the way for many start-ups that rely on the latest codecs to create new and salable parts of their businesses.
Whether open-sourced codec like Ogg Theora will have the same kind of attraction that other pioneers like Adobe, Apple etc had, is still a question mark.
Microsoft and Yahoo close to reaching an agreement
Jul 18th
As we gather from Bloomberg, Microsoft and Yahoo are close to reaching a partnership agreement. According to that agreement both parties will cooperate and collaborate on search and advertising fields. This agreement can be considered as a move to challenge the search Engine giants Google.
The two parties which were involved in communication for the past few months are expected to reach an agreement next week. However prospects of reaching the agreement in the following week is more likely.
While Yahoo and Microsoft are ever closer to reaching an accord than they have been in the past, the chances of the agreement failing and not reaching a common point are still there.
Adam Sohn, a spokesperson from Microsoft, when asked to comment declined to do so. May Petry who happens to be the spokesperson for Yahoo stated in an email:
Yahoo is committed to delivering wow experiences to our users and continue to explore innovative ways to do so. Beyond this, we have nothing to announce and do not comment on rumor or speculation.
Behold Windows Home Server Power Pack 3 Beta is here
Jul 17th
Yes, that is right, Windows Home Server team has announced the Power Pack 3 (PP3) beta for Windows Home Server. This latest release contains interesting features for Windows 7 users. This is how the Windows Home Server team announced it:
We are pleased to announce the Windows Home Server Power Pack 3 Beta which improves the Windows Home Server experience with Windows 7 and Windows Media Center by providing the following new features: Backup and restore of computers running Windows 7, Windows 7 Libraries integration, enhancements for Windows Media Center, and better support for netbook computers.
The features that are targeted for Windows 7 include:
- Full Image-based Backups of Windows 7 PCs. After the Windows Home Server Connector is installed on your Windows 7 PCs, Action Center should no longer display that your files are not being backed up.
- Windows 7 Libraries Support. Music, Photos and Videos shared folders from your Windows Home Server will be added to Windows 7 Libraries. Content saved to these shared folders will be able to be quickly accessed through your Windows 7 Libraries. And any application, like Windows Media Player and Windows Media Center, will be able to access content saved on your Windows Home Server through Libraries as well.
- Windows Search 4 is now included. With Windows Search 4, PP3 offers improved query search times, indexing times and reliability. Easy search through a Library in Windows 7 with files stored in multiple locations.
- Windows Media Center Enhancements. Archive old recorded TV shows onto your Windows Home Server in a variety of formats. Use Console Quick View to see statistics about your Windows Home Server through Windows Media Center.
The team is yet to announce the date for the final release of PP3. However they hope and are pretty determined to release it before the GA date of Windows 7. For existing Windows Home Server users Power Pack 3 will be available to them as a free update via the Windows update.
Tasks graduates from Gmail Labs
Jul 15th
Google launched the Gmail Labs as a forum for delivering useful features that might not be quite ready for prime time. Google claimed that the most popular and viable Labs features would graduate and that some of the less used, less viable features would be discarded.
Yesterday, Google announced that Tasks is been one of the experimental Gmail features and its the first gradute from Labs.
I’m proud to announce that Tasks is in that first bucket — it’s been one of the most popular experimental Gmail features and it’s now the first graduate from Labs. said James Watts, Software Engineer at Google.
Accessing Tasks is very easy. Just click “Tasks” under the contacts link above the chat list. Even there is no need to turn it on from the Labs tab anymore.
Tasks was introduced in Dec 2008. Since the launch Google is continuously improving it. Google describes the improvements as below:
We believe simple and fast is best, so we’ve been working to make Tasks more responsive and get basic interactions working better: we’ve added mobile and gadget views, made improvements to task editing and management, launched in more languages, and integrated with Google Calendar. We’ve also added a printable view for those people compelled to do things away from their computers or mobile devices. said James Watts, Software Engineer at Google.
Google has considered the positive feedback about Gmail Labs. Google claimed that testing something in Labs is a good way to help decide whether it should become a regular part of Gmail or not. Users can add Labs features to their calendar too which will let them see which of their contacts are currently in meeting or World Clock, which will help the users to keep track of different timezones when they schedule meetings.
For more information take a look at Google Apps Blog.
Microsoft to offer its online version of Office for free
Jul 15th
As we reported previously that Microsoft would be making an announcement on Monday that will be considered as a response to Google, well that is what exactly has happened. On Monday, the IT giants said that they plan to offer a free version of its ever popular Office suite, to be more specific its web version.
Analyst took this move by Microsoft as a strategy to send a statement to Google and to protect one of its most profitable business. Sheri McLeish, an analyst with Forrester Research believed Microsoft was forced to provide a free product. Her words were:
It’s a very competitive market out there, and this was Microsoft’s opportunity to one-up Google by offering a much better product. This announcement was made at Microsoft’s developer conference in New Orleans.
Microsoft’s group product manager for Office, Chris Bryant, said that the number of customers using the Web to share and edit document are increasing. Bryant said
It’s something our users have said they’d like,Customers are telling us they expect to use the Web-based applications as companions to their desktop software.
Bryant seemed negligent in revealing the plans associated with making money via this move. However he hinted that there might be advertising and fees for premium services such as storing large size files online.
And as I expected, the free version of Office would not be containing the complete set of features that the desktop version provides. For the upcoming version Office 2010, Microsoft plans to provide users the option to edit videos in PowerPoint and play and manipulate with images in Word. These features sadly will not be available in the free versions. Interestingly on Monday, Microsoft’s share gained 84 cents or 3.7 percent and close at $23.23.
Google is using The super-trustworthy, anti-phishing key, to protect Gmail inboxes
Jul 15th
Google is looking for new ways to protect Gmail inboxes from spam and phishing. Last year, Google took extra steps to protect Gmail from fake eBay and PayPal emails. Google was doing that by checking the “From” header of the emails claiming to be coming from one of eBay’s or PayPal’s domain. If, for example, the header says “ebay.com” it means it really did came from ebay.com. Anything else is rejected and even not posted to the spam folder because Gmail won’t accept it automatically.
Google is reminding its users to turn on “Authentication icon for verified senders” from the Labs tab under settings and they will see a key icon next to verified emails that are super-trustworthy. Super-trustworthy term is explained by Google as below:
“Super-trustworthy” is a technical term I just invented that means: (1) the sender, usually a financial institution, is a target of phishers, (2) all of the sender’s email is authenticated with DKIM, and (3) Gmail rejects any fake messages that claim to come from this sender, but actually don’t. explained Brad Taylor, Gmail Spam Czar.
This feature is limited to just eBay and PayPal right now. The reason is that its senders matter to make their email super-trustworthy.
We hope to add more senders in the future, and when we do, you’ll know because you’ll see the super-trustworthy key icon magically appear by those senders too. Give it a whirl and let us know what you think. said Brad Taylor, Gmail Spam Czar.
Gmail is getting mature day by day which will definitely increase the number of its users.
