Critical IE vulnerability found, browser switch recommended

Critical Internet Explorer vulnerability found, browser switch is recommended.

Serious security flaw found in IE

The flaw in Microsoft’s Internet Explorer could allow criminals to take control of people’s computers and steal their passwords, internet experts say.

Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it.

Internet Explorer is used by the vast majority of the world’s computer users.

Said Mr Ferguson: “If users can find an alternative browser, then that’s good mitigation against the threat.”

But Microsoft counselled against taking such action.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group.

He added: “We’re trying to get this resolved as soon as possible.

“At present, this exploit only seems to affect 0.02% of internet sites,” said Mr Curran. (Source: BBC)

Browsing vigilantly is not something a normal user can do unless only use your web mail. The internet is filled with links all around. Even once in a while I ended up on phishing sites I try hard to avoid. It could be just an innocent advertisement.

Description:

A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.

The vulnerability is caused due to a use-after-free error when composed HTML elements are bound to the same data source. This can be exploited to dereference freed memory via a specially crafted HTML document.

Successful exploitation allows execution of arbitrary code.

NOTE: Reportedly, the vulnerability is currently being actively exploited.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected. (Source: Secunia)

I would recommend a temporary switch to a competing browser.

Why Ubuntu is better than Windows XP

Here’s a screenshot of a website for Windows XP:

Trojan in Windows XP

(Trojan in Windows XP.)

There is an animation of a Windows scanning utility discovering lots of trojan, an anti-spyware tool would be offered at the end. It tricks users into install something that they claim secure.

Here’s the same website in Ubuntu with the same animation:

Trojan in Ubuntu

(Trojan in Ubuntu.)

The screenshot would probably look realistic to a naive Windows XP user. And when you install the additional checking tool, who knows, you may end up with a virus.

I tried installing it in Ubuntu and couldn’t. Me sad.

[Thanks Irene for showing me the site.]

Chrome and the refreshing issue

These days I am pretty much using Google Chrome which I think is probably a little faster than Firefox. It actually loads faster than Firefox and the Pokéball inspired Chrome logo is lovely for Pokémon lovers like me.

But the thing that pisses me off is the refreshing. Firefox has Ctrl + F5 which does a forced refresh. Is there something similar in Chrome?

Also missing in Chrome is the beloved Delicious and Firebug plugins.

Next release on HTML specification aims year 2022

TechRepublic asks Ian Hickson, “It’s been nearly 10 years since HTML 4 was published as a spec, about the same amount of time that it took to get to HTML 4. How do you think that this timeline affects HTML 5?”

HTML 5 Editor Hickson outlines:

  • First W3C Working Draft in October 2007.
  • Last Call Working Draft in October 2009.
  • Call for contributions for the test suite in 2011.
  • Candidate Recommendation in 2012.
  • First draft of test suite in 2012.
  • Second draft of test suite in 2015.
  • Final version of test suite in 2019.
  • Reissued Last Call Working Draft in 2020.
  • Proposed Recommendation in 2022.

Hickson explains, “This may look ridiculous (2003 to 2022 is 19 years!), but it’s worth considering how this compares to HTML4, DOM2 HTML, and XHTML1, the three specifications that HTML5 is intended to update and replace.” (Source: TechRepublic)

Read more at the article “HTML 5 Editor Ian Hickson discusses features, pain points, adoption rate, and more”.

Wow that sure take long. But that’s okay, if it takes too long, browsers would begin their premature implementations anyway.

Super Mario Bowser

By the way I just realized I have a tag erroneously named ‘bowser’. Above is Bowser.

Google launching new browser – Google Chrome

Google is coming out with Google Chrome, an open source browser that takes cues from Apple WebKit and Mozilla Firefox. Does the world need another browser?

We will be launching the beta version of Google Chrome tomorrow in more than 100 countries.

The blockquote represent statements from Google blog. And just so you know, the world does not need another browser.

So why are we launching Google Chrome? Because we believe we can add value for users and, at the same time, help drive innovation on the web.

Ahahaa, love what they wrote there. Isn’t every product development about adding value to consumers and driving innovation. What a cliché.

We also built a more powerful JavaScript engine, V8, to power the next generation of web applications that aren’t even possible in today’s browsers.

Yay, one more browser to optimize.

We’ve used components from Apple’s WebKit and Mozilla’s Firefox, among others — and in that spirit, we are making all of our code open source as well. We hope to collaborate with the entire community to help drive the web forward.

It’s great that they’re taking cues from WebKit. You can see some Google Chrome comics here.

In general, an additional browser is a good thing for innovation. It’s probably the worst thing that could ever happen to web design or developing. Okay, actually the second worst, the worst being developing an additional skin for the iPhone just so to prettify things.

There was a time when Microsoft Internet Explorer is the de facto browser. While everyone’s not happy, remember that back then we only had one browser to test in. And that time Internet Explorer this version does not look the same as Internet Explorer that version, isn’t that just like what is happening right now?

Review: AT&T Pogo browser (it sucks)

And yeah, it wasn’t all that good. I got the invite some time back. I was preoccupied that time and I didn’t really explore well till today. Pogo is another one of those browser that does the 3D thingy (not that we actually need another more of those).

Pogo web browser

I wish the browser makers could wake up one day and understand that 3D browser is not something humans want – maybe cyborgs could’ve totally drool all over – but not humans.

Collections in Pogo

Pogo does a few things wrongly, they tried to reinvent the way people bookmark without a strong social element. They put all the 3D engine into this collections thing that look really cool if not for my 770 delicious link that basically hung the browser for a couple of minutes ’cause it’s generating screenies for the bookmarks. The 3D uses JavaScript which tends to give warnings due to script running too slowly.

And what’s with different names to the word ‘bookmark’. Internet Explorer calls it ‘Favorites’. Firefox calls it ‘Bookmarks’. Pogo calls it ‘Collections’. If I wrote a browser, I’ll call it – let me think, okay – ‘Elephants’. Whatever.

Pogo browser history

Another cool thing is the history browser, also uses screenshots of web sites. Pogo, unfortunately, is not intelligent enough to know how to give the appropriate screenshots, the offset is usually wrong and the screenies are either too big or too small never just right.

To worsen what already is bad enough, it uses Firefox 2 instead of 3 as the back end. Firefox 3 sorts out lots of memory issues and it’s amazing that I can now open 50 tabs and till smile. By the way, in Firefox 2, I used to open 50 tabs and chat with my friends on MSN just ’cause the browser is taking eons to respond. In Pogo, opening 12 tabs makes me cry.

Pogo logo

On the lighter note, Pogo does have a nice logo. (Somehow reminds me of string theory.) I felt it could’ve been packaged into a Firefox plugin instead of compiling a whole browser out of it. Associating a web site with a screenshot is not enough, the screenshot is just too small to allow me to know what I am clicking on.

My impression of the browser wasn’t good, it’s trying too hard to be different but has not necessarily succeeded in the usability department. Good try on aesthetics. The social element is missing too and there is no way to way any Firefox Add-ons which is just a deal breaker. Stars! Yea, 2 stars out of 5.

[Pogo is just a project name and would probably be called AT&T Freestyle, AT&T Lenz or AT&T Bezel.]