Users of the popular (or maybe not so much) web browser Opera no longer have to feel left out.  Now you too can suffer from a security vulnerability!

Though a number of security websites are claiming that this hole in Opera can be used to execute code remotely, Opera officials themselves are playing it down, saying that an exploit really can only be used to cause the web browser to crash; not to actually execute code.  They also say that enabling Data Execution Prevention (DEP) will mitigate any possible damage that an exploit could possibly cause.  (Assuming that you have it turned on.  Which you probably should.)

Time may tell whether the remote execution extremists are right, or whether Opera representatives really are telling the truth when they say it’s a crash-only bug.

And then again, time may not tell.

Because Opera coders are working right now on a fix that should be available shortly.  They have no intention of leaving their web browser insecure.

But also, how many hackers do you really know who target Opera in the first place?  What percentage of net denizens even use the browser?  And what percentage of that percentage use it on an operating system that’s insecure by default?

Yeah.  Kinda puts it all into perspective there, doesn’t it?

Those of you who may remember the Adobe Download Manager ActiveX vulnerability that potentially opens up your computer to risk of having any old software package installed and not just those from Adobe, you’re in for a pleasant surprise.  Adobe fixed it.  Already!

In what can only be described as blazing speed, Adobe has fixed the security flaw in their Adobe Download Manager.  That was like less than a week!  This is how computer security should be handled.

If only Microsoft could be so swift.

Those of you web developers who have been using Google’s Gears API are in for some bad news, you’re going to have to shift your paradigm to something else.  Google is dropping Gears in favor of HTML5 API.

“We will continue to support Gears until such a migration is more feasible, but this support will be necessarily constrained in scope. We will not be investing resources in active development of new features,” says Ian Fette on Google’s Gears blog.

I guess that even the mighty Google can’t really afford to reinvent the wheel in multiple simultaneous ways.  Not really a surprise, that.  Still, I do rather feel bad for anyone who has heavily based their code on Gears.  Looks like it’s time to research your best feasible transition.

Okay, so yes, it’s easy to pick on Microsoft.  They’re a big target.  And by that I actually don’t mean that they’re a big company, even though they are.  Or that they have a large user base, which obviously, they do.  I mean that they screw up a lot.  There’s pretty much always a Microsoft bug or “feature” threatening computer security.  They’re a big target.  And perhaps it is because they’re a big company with a lot of users, meaning they have all sorts of resources that most companies don’t, and yet still put out such faulty software, that makes them so fun to poke a stick at.

But to be fair, other companies have problems too.

Take Mozilla for example.  They just released update version 3.5.8 for their popular web browser, Firefox.  It fixes a memory corruption hole, a heap corruption vuln, and a bug in their HTML parser.  As well as some minor performance tweaks and stability updates.  Which is good.  But they were also just hit with the exploit of a critical vulnerability that triggers a heap corruption in Firefox version 3.6.  It is known to work on Windows XP and Windows Vista.  It is not the same heap corruption flaw that was just fixed by version 3.5.8.  And it is indeed being used in the wild by hackers.  Let’s see how long it takes Mozilla to close this hole.

And then we come around to Adobe.  The Adobe Download Manager ActiveX control to be specific, which is used to install Adobe software such as Flash and their ever popular Reader for viewing PDF files.  (We’ll overlook that this ActiveX control is only used when you download Adobe products using Internet Explorer.)  This Adobe Download Manager suffers from a nasty security hole in which it theoretically allows a hacker to download and install any bit of software that they like onto your PC.  Umm … with one little caveat.  You, the user, have to click on a malicious link on the Adobe.com webpage to make it happen.  And considering how likely Adobe.com is going to be hacked to create these malicious links to lure you in…  Oh, and don’t forget, the Adobe Download Manager also removes itself from your computer once your official Adobe install has completed and you reboot your PC.  But still, it’s potentially dangerous.  If you overlook those mitigating factors anyway.

So, um, yeah.  Other software companies also occasionally have bugs in their code.  Or features that aren’t as secure as they should be.  Microsoft isn’t the only security offender in the world.

But even with that said, and fairness shown, it’s still pretty hard to compete with Microsoft, no?

Though it pretty much goes without saying that a company like Google with a motto of “don’t be evil” will inevitably be caught being just that, it’s still entertaining when it happens, as irony is a dish best served whenever possible.  So it should come as no surprise that the Google Toolbar (versions 6.3.911.1819 through 6.4.1311.42 for Internet Explorer confirmed) has been caught with its pants down by the notable critic of Google, Ben Edelmen.

Specifically, the Google Toolbar was found to continue merrily tracking URLs even after users select the “Disable Google Toolbar only for this window” option.  Which is, of course, quite evil.  It’s a clear invasion of privacy.

Google, of course, claims that it was just a bug that somehow managed to slip past testing all this time.  A likely story.

Either way, whether alleged evil feature or improbably advantageous bug, now that Google can’t claim ignorance with its implied plausible deniability, Google has fixed it.  Updates are available as per normal Google Toolbar means that should correct this issue so that disabling the Google Toolbar actually and honestly keeps it from tracking your web browsing habits instead of secretly continuing to collect and transmit information even when it shouldn’t.