Daily Bits

By Leave a Comment

Mozilla Add-on Collusion Allows You to Spy on Who’s Watching

Mozilla Add-on Collusion

Mozilla Add-on Collusion


We all know that the Internet is anything but private. Sure, there is still the high degree of anonymity, hence the cyber bullies and people who say things that they wouldn’t dare say to a person’s face. However, there is also the known fact that more and more, entities are watching what we do online. They have various reasons, but Google’s updated privacy policy is blatantly all about gathering data from users in order to better target their advertisements. (Nah, it’s not all about the money. Why would anyone think that?) [Read more…]

By Leave a Comment

5 kinds of programs you should install on a new Windows PC

So you’ve unpacked your new desktop or laptop, or just finished a reformat. What programs should you install on your brand new Windows installation? Here are 10 suggested application categories, listed in the order they should be installed.

Keep in mind that the following suggestions are meant for a new Windows installation. As a long-time user of Microsoft’s operating system, I’m aware that even Windows 7 has many disadvantages compared to Linux and Mac OS X. Yet in terms of versatility and availability of programs, Microsoft’s OS remains supreme. [Read more…]

By 4 Comments

Firefox 4: Not Going to See the Light of Day in 2010

I still haven’t made up my mind whether I should use Safari as my main browser. I have been using Firefox for the longest time, but Safari does have its advantages. I guess old habits die hard! In any case, I just might be making the switch before the end of the year if things continue the way are going with the release of the new Firefox.

Earlier this year, Mozilla got Firefox enthusiasts all excited about the news that Firefox 4 should be out by October or November 2010. Unfortunately, the most recent announcement has pegged the release of the latest version of the popular browser to 2011. The news does not come as a surprise to many. The beta version has been released, but it seems that glitches regarding stability are being encountered, hence the delay.

Late last week, Mike Beltzner posted the announcement:

Development on Firefox 4 has not slowed down and strong progress is being made daily. However, based on the delays in completing the “feature complete” Beta 7 milestone against which our Add-on developers and third-party software developers can develop, as well as considering the amount of work remaining to prepare Firefox 4 for final release, we have revised our beta and release candidate schedule: https://wiki.mozilla.org/Firefox/4/Beta

The frequent beta releases have been extremely helpful in identifying compatibility issues with existing web content, so we plan on continuing to release beta milestones through the end of December. Our estimate is now that release candidate builds will ship in early 2011, with a final release date close behind. Please note that, as always, this schedule is subject to change based on feedback from users and community members.

So should I switch to Safari and forget about Firefox?

By 1 Comment

Get Ready for Firefox 3.5, Beta 4 Available Now

Just a few days after I’ve updated my Firefox installation, here comes a new announcement on the release of Firefox 3.5 Beta 4. If you’ve been closely following Mozilla’s development of Firefox, you’d know that it won’t  be long until the official Firefox 3.5 browser will be available.  Still, if you couldn’t wait for the full version release, you might want to download the beta 4 version right now. [Read more…]

By 1 Comment

Security Friday: February 29

Disable ActiveX altogether, advises US-CERT

The U.S. Computer Emergency Readiness Team (US-CERT) has advised users to completely disable ActiveX from their internet browsers owing to vectors that were spotted in many recent web applications including social networking sites Facebook and MySpace.

ActiveX seems to enjoy the status of melting pot of vulnerabilities in the security community. The wide spread adoption of Microsoft’s product adds a lot more to the problems. Its just in the scheme of things that the popular software gets targeted most.

An except from the security article at InfoWorld

“The issue goes beyond ActiveX. Any plug-in architecture that has a lot of users will suffer from these same issues; anything where you have third party developers writing code that runs inside the browser,” said Max Caceres, director of research and development at applications security firm Matasano Security. “As long as developers are building things without putting security at the top of their list of objectives, we’ll have these problems, regardless of the plug-in architecture.”

Cross-browser attack exposes user personal data

A flaw that affects the way in which FireFox and Opera browsers handle images may let an attacker view a users browsing history. Versions 2.0.0.11 of FireFox and 9.50 of Opera are affected by the attack.

An excerpt from the article at TechWorld

A malicious bitmap file can be created that pulls other information from the browsers’ memory. Some of the information that can be captured is random, but at other times could be valuable, the advisory said.

“The harvested data contains various information including parts of other websites, users’ favorites and history and other information,” Vexillium said.

AJAX is super cool but a raises uber concerns on security

And to round off the security article this week, here are some tips for AJAX programmers on what to keep in mind when designing web applications – which is working on a whole slew of new technologies. The article from RegDeveloper brings to focus the point that the more technology you use, more is the increase in the ‘attack surface area’.

To put the points concisely:

  • Know well the tools that you would use developing AJAX based code. You would not want the security and authentication based code to go over to the client side.
  • Beware of injection based attacks. Always validate the user input. Demarcate code and data.
  • Never rely on encoding alone for considering incoming data safe.

An excerpt from the security article

One major security challenge for AJAX applications is that moving your code to the client involves a ton of data formats, protocols, parsers, and interpreters. These include JavaScript, VBScript, Flash, JSON, XML, REST, XmlHttpRequest, XSLT, CSS and HTML in addition to your existing server-side technologies. As if that wasn’t enough, each of the AJAX frameworks has its own data formats and custom framework formats.