Archive for the ‘internet’ Category.

Relief For Firefox + Flash Users

If you’ve been really annoyed with the way your recent update of Firefox has been playing with the Adobe Flash plugin, relief is on the way.  Mozilla responded and released Firefox 3.6.8 on Friday, which is supposed to fix these issues.  Just run a check for updates and you should be good to go once more.

YouTube Virus Quickly Squashed – World Safe For Justin Bieber Once More

To celebrate the 4th of July, hackers found a cross-site scripting (XSS) flaw to exploit on YouTube that allowed them to insert JavaScript code into the comments section of videos.  In theory this XSS vulnerability could have allowed them to do things like steal passwords.  Fortunately however the hackers on a somewhat less than mature roll used the YouTube security hole to do nothing more nefarious than redirect folks looking for Justin Bieber videos to false news reports that he had perished recently in a automobile accident.  Funny perhaps, but not the danger one would expect from such a vuln.

The bug was fixed in mere hours after it first appeared.  First comments were temporarily hidden by default to protect video viewers, and then once that was in place the actual security hole was patched and things returned to normal.

That’s how security is supposed to be done.

Virus Infected Pictures – Nipping PNG In The Bug

It’s almost a movie myth, hiding a highly infectious computer virus inside of a harmless looking image file.  Innocent folks look at the pretty picture, and BAM, they’re infected.  It’s a security nightmare straight out of Hollywood.

Mostly.

Because sometimes it maybe kind-of almost nearly happens.

Sort of.

But there’s a lot less to worry about today, thanks to a a security hole being fixed in the Portable Networks Graphics (PNG) library.  Updates 1.2.44 and 1.4.3 to libpng have fixed a buffer overflow bug which theoretically might have made software using libpng to display PNG graphics files vulnerable to hackers injecting code.

It wouldn’t be the first time.

But it is awfully rare.

And this time it was caught very early.

Expect most web browsers to issue software updates in the near future to incorporate the latest libpng updates into their releases, thereby closing the holes.  And in the mean time, try not to look at too many PNGs.

Firefox Firefix – Running Out Of Processes With OOPP

With the release of Mozilla Firefox 3.6.4 comes a new concept in stability, the ability to run plugins in a separate process from Firefox.  Called Out Of Process Plug-ins or OOPP, this technology allows plugins like Adobe Flash, Apple Quicktime, and Microsoft Silverlight to run outside of the Firefox process so that if these OOPPs crash, lock-up, or fail in any way, they don’t also crash Firefox in the process.

Instead of crashing, Firefox will display a “crash” user interface warning, giving you a chance to reload things from within Firefox.  It even includes a “hang detector” that automatically terminates plugins that have locked up and stopped responding.

Of course, at its inception, this OOPP system is only compatible with a minimum of plug-ins so far.  But future support is expected to include more big names, and as the concept catches on, it should become the new standard.

FaceBook – Now Taking Security Seriously? Err … Maybe…

It’s big news.  Facebook has changed the way they do security.  The question is, are these changes really any good?

On the plus side, the mind-boggling mass of 50 privacy settings and 170 privacy options is being replaced by new controls that are much easier to use.  Heck, throwing darts at a board is probably easier to use than that.

On the minus side, Facebook’s idea of security is to opt out of features that you don’t want, instead of to provide compelling reason to opt in to the features that you do want.  Which is to say, by default Facebook is still insecure.  Their “recommended settings” are still set to disclose as much possible to everyone imaginable.

This model of insecurity by design is further hindered by a lack of fine control.  If, for example, you opt-out of applications, well, that means you’ve just turned off all Facebook games, haven’t you?

And, of course, users are still being bullied into sharing information.  After all, where would places like Facebook even be if you didn’t share?

Still, as bad as the new face of Facebook security is, it at least is better than last December’s snafu of throwing privacy settings completely out the window.  So I guess, for whatever that’s worth, you at least have to grudgingly give them that.

But it remains pretty clear that privacy and security are not exactly big concerns over at Facebook.  So if you have concerns, just don’t use it.