Internet Explorer 9 is a powerful, fast, and intuitive interface for browsing the Web and compares favorably with competing browsers such as Google Chrome and Mozilla Firefox.
With the release of Internet Explorer 9, Microsoft has created a powerful, fast, and intuitive interface for browsing the Web. IE 9 is easily the best browser that Microsoft has produced to date and, right now, it compares favorably with competing browsers such as Google Chrome and Mozilla Firefox.
Of course the key part of that statement is "right now." In the next few weeks we'll see the release of Firefox 4 and Chrome 11. If Microsoft sticks by their two year release schedule for browsers, by the time we see IE 10, Chrome will be at version 30 and the Microsoft browser will be far behind competitors and most likely ill suited for surfing the Web of 2013.
However, right now IE 9 is an excellent upgrade, with welcome improvements that make it a solid choice for surfing today's Web.
One of the biggest changes that users will notice is the completely revamped interface, which bears more than a passing resemblance to Chrome. Compared to the often-cluttered interfaces of previous versions of IE, version 9 has a clean and intuitive look and has combined most menu items into a single Tool menu icon.
One small issue I had with the new interface was how it placed tabbed windows and the address bar in the same row. If I opened multiple tabs in the browser, this row quickly became somewhat tight.
IE 9 has changed the window that displays when opening a new tab. Now when opening a new tab, IE 9 displays a list of icons of Web sites that the user visits the most. This worked well, but when compared to browsers such as Chrome and Apple Safari, the ability to customize the new tab page in IE was very limited.
Another feature found in other browsers that has now made its way to IE is the ability to enter search terms and run searches directly from the address bar. This worked well in tests and in general is a very easy and time saving way to run searches in a browser.
A feature available only to Windows 7 users of IE 9 is Pinned Sites. Using this feature, I could add any site to the Windows 7 taskbar simply by clicking on its icon in the browser address bar and dragging it down to the taskbar. With this feature I could quickly launch a pinned site or Web application from the taskbar and also add the Web application to my Startup folder so it would launch when Windows launched. And, when a pinned site is launched, the browser window works almost like a separate application, down to its own unique icons and look based on the Web site's properties.
The notifications feature in IE 9 is also much improved and is one area where I think IE works better than competing browsers. In IE 9, a pop-up notification box displays at the bottom of the browser whenever information on downloads or site loads needs to be displayed. I found this to be informative and an unobtrusive way to handle notifications and superior to the standard browser status bar.
One big improvement in the shipping version of IE 9 is clearly performance. While previous versions of IE performed poorly in almost all benchmark tests, IE 9 is now very competitive and even a leader in some tests. IE 9, at least in the 32-bit version, uses an updated JavaScript engine that provided a huge boost. On tests using the SunSpider JavaScript benchmark, IE 9 32-bit had a slight edge over competing browsers such as Chrome and Opera. Tests run using Futuremark's Peacekeeper benchmark, which is more of an overall browser performance test, showed great improvement, though it was still well behind performance leaders Chrome and Opera.
Tracking Protection, ActiveX Filtering
Internet Explorer 9 Fast, Powerful, Intuitive
(click image for larger view and for slideshow)Another potential performance boost for IE 9 comes from its ability to use the PC's graphics processor to handle video, images, and other graphics-intensive applications within the browser.
IE 9 also includes some new features designed to improve security and privacy control. One of the more interesting is the new Tracking Protection, which uses third-party lists to prevent certain sites from tracking Web activity through cookies. Microsoft doesn't maintain any of these lists, but users can choose one or select sites from their browsing history to create their own list.
Also useful is the inclusion of ActiveX filtering, which blocks any ActiveX applications on the Web from running. That's a good thing as ActiveX is often used to spread malware. I appreciated that it was possible to allow ActiveX to run on certain sites, which is useful for internal or other trusted sites where ActiveX support might be required.
Settings configuration in IE 9 has improved somewhat, though some areas, such as the classic Windows Internet Options, haven't changed much at all. IE 9 does now finally feature a good download manager that made it possible view content downloaded through the browser and also pause in progress downloads and restart failed downloads.
IE 9 also does a good job managing add-ons and plug-ins. One very nice feature makes it possible easily enable or disable add-ons in order to improve browser performance.
When it comes to standards support, IE 9 is certainly improved over previous versions and, like most other browsers, IE is making strides towards supporting the emerging HTML 5 standard. Using the Web Standards Project's Acid3 test, IE 9 scored a 95 out of 100, better than previous IE versions but still behind competing browsers.
As is often the case with Microsoft products, IE 9 has one major weakness when compared to competitors. While browsers such as Chrome and Firefox run on Macs, Linux, and Windows 7 through XP, IE 9 will only run on Vista or Windows 7.
You can find the new Internet Explorer 9 here.
Sunday, March 27, 2011
Windows Phone 7 owners rage at Microsoft over update no-shows
Windows Phone 7 users are not happy about the slow pace of updates to their smartphones.
In more than 130 comments added to a Microsoft blog post, Windows Phone 7 owners mostly raged and ranted about a schedule published Wednesday that showed no U.S. users were yet receiving either February's or this month's updates.
Of the five affected smartphones available in the U.S. powered by Windows Phone 7, three display the "Testing" label, meaning that carriers are conducting their tests before releasing the updates. Two of the five -- Dell's Venue Pro and HTC's HD7 -- show their status as "Scheduling," which means that testing is complete and that Microsoft is prepping the update for rollout.
None are pegged with the much-anticipated "Delivering update."
Angry users flooded the comments section of the blog post, which was written by Eric Hautala, the general manager of Windows Phone 7's customer experience engineering team.
"So when Steve Ballmer says, first half of March, then wait, we want to get it right, second half of March, he really means second half of March to late April, possibly May, maybe later, depending on carrier testing and if we roll the 'here it is' beacon out to your phone that week," said someone identified as "dkb1898" in a comment posted Wednesday.
Dkb1898 was referring to comments made by Microsoft CEO Steve Ballmer last month that the latest update, nicknamed "NoDo," would be released in the first half of March. But two weeks ago, Hautala confirmed that the NoDo update would be delayed until the second half of this month.
Users blasted mobile carriers for dragging their feet and hammered Microsoft for not lighting a fire under those carriers. But mostly they seethed at the delays, no matter who caused them.
"This is wholly unacceptable, and, as we all know, it is also wholly unnecessary," said a user identified as "jimpict" in a Thursday comment. "You have betrayed the trust of early adopters, and your inability to get out a single update with anything even resembling moderate success only shows either how deeply you misunderstand the hostility toward your product you have generated or just how incredibly incompetent you are at a basic and fundamental task."
Jimpict and several others compared the problems Microsoft has updating Windows Phone 7 with the smoother process Apple iPhone owners experience.
"The iPhone is on numerous carriers worldwide, but it doesn't take Apple forever to test, schedule and release an update, yet they have millions more customers then Windows Phone 7," observed "conor.okelly" in a comment Wednesday.
Others wondered how, or even whether, Microsoft would be able to deliver a security update to patch an active vulnerability.
"I wonder if a massive security flaw was found that compromised user data if the update process would be this mind-bogglingly pathetic," commented "curtk" today. "If it happened fast, it would mean that this is all just incompetence on the part of the teams at Microsoft and the carriers. If it happened slow, it would mean that the process is severely flawed and we really backed the wrong horse."
Hautala's post, and the ensuing status tables for U.S. and international users, received praise from some commenters, but they were very much in the minority.
"The status update is exactly what we all wanted," said "Polychromenz."
And more than a few said that while they were loyal supporters of Microsoft and its products, they'd had it with Windows Phone 7 because of the update snafus.
"The thought of it being May or later before I get an update is unacceptable," said "bwgolfer," who claimed he was a supporter of Microsoft, a longtime user of its products and a .Net developer. "I tried, gave it a shot. Tried to be loyal. All I got was disappointment."
Hautala has gotten little love from Windows Phone 7 owners. His post of March 10, in which he announced a delay in the next update, attracted nearly 240 comments, most of them negative.
In more than 130 comments added to a Microsoft blog post, Windows Phone 7 owners mostly raged and ranted about a schedule published Wednesday that showed no U.S. users were yet receiving either February's or this month's updates.
Of the five affected smartphones available in the U.S. powered by Windows Phone 7, three display the "Testing" label, meaning that carriers are conducting their tests before releasing the updates. Two of the five -- Dell's Venue Pro and HTC's HD7 -- show their status as "Scheduling," which means that testing is complete and that Microsoft is prepping the update for rollout.
None are pegged with the much-anticipated "Delivering update."
Angry users flooded the comments section of the blog post, which was written by Eric Hautala, the general manager of Windows Phone 7's customer experience engineering team.
"So when Steve Ballmer says, first half of March, then wait, we want to get it right, second half of March, he really means second half of March to late April, possibly May, maybe later, depending on carrier testing and if we roll the 'here it is' beacon out to your phone that week," said someone identified as "dkb1898" in a comment posted Wednesday.
Dkb1898 was referring to comments made by Microsoft CEO Steve Ballmer last month that the latest update, nicknamed "NoDo," would be released in the first half of March. But two weeks ago, Hautala confirmed that the NoDo update would be delayed until the second half of this month.
Users blasted mobile carriers for dragging their feet and hammered Microsoft for not lighting a fire under those carriers. But mostly they seethed at the delays, no matter who caused them.
"This is wholly unacceptable, and, as we all know, it is also wholly unnecessary," said a user identified as "jimpict" in a Thursday comment. "You have betrayed the trust of early adopters, and your inability to get out a single update with anything even resembling moderate success only shows either how deeply you misunderstand the hostility toward your product you have generated or just how incredibly incompetent you are at a basic and fundamental task."
Jimpict and several others compared the problems Microsoft has updating Windows Phone 7 with the smoother process Apple iPhone owners experience.
"The iPhone is on numerous carriers worldwide, but it doesn't take Apple forever to test, schedule and release an update, yet they have millions more customers then Windows Phone 7," observed "conor.okelly" in a comment Wednesday.
Others wondered how, or even whether, Microsoft would be able to deliver a security update to patch an active vulnerability.
"I wonder if a massive security flaw was found that compromised user data if the update process would be this mind-bogglingly pathetic," commented "curtk" today. "If it happened fast, it would mean that this is all just incompetence on the part of the teams at Microsoft and the carriers. If it happened slow, it would mean that the process is severely flawed and we really backed the wrong horse."
Hautala's post, and the ensuing status tables for U.S. and international users, received praise from some commenters, but they were very much in the minority.
"The status update is exactly what we all wanted," said "Polychromenz."
And more than a few said that while they were loyal supporters of Microsoft and its products, they'd had it with Windows Phone 7 because of the update snafus.
"The thought of it being May or later before I get an update is unacceptable," said "bwgolfer," who claimed he was a supporter of Microsoft, a longtime user of its products and a .Net developer. "I tried, gave it a shot. Tried to be loyal. All I got was disappointment."
Hautala has gotten little love from Windows Phone 7 owners. His post of March 10, in which he announced a delay in the next update, attracted nearly 240 comments, most of them negative.
Bing extends social search features
Microsoft has expanded Bing's social search capabilities, displaying real-time Twitter messages on Bing's News section and simplifying the sharing of Bing entertainment content on Facebook.
The new capabilities build on existing links Bing has to both Twitter and Facebook, highlighting the increased importance of meshing search engines with social networking sites. For some queries, input from people's social circle is very valuable and relevant.
Bing Social already had a section for people interested in searching only through public posts and status updates from Twitter and Facebook. Now, Twitter content will appear in Bing News search results.
"Search for a news item and immediately see what people are tweeting on the topic," wrote Betsy Aoki, a Bing senior program manager, in a blog post.
Meanwhile, Bing now displays a Facebook box in which logged in users can type in a status update and post it to their Facebook profile without leaving the Bing interface.
The feature is now specifically available for "overview" pages in Bing Entertainment, a section of the site that offers information digests on movies, actors, singers and other entertainment categories.
"Whether it's a movie, a video game or even an artist, now you share your thoughts with just one click," Aoki wrote.
Google is also working hard to factor in social signals into some of its queries, and recently gave its Social Search service a revamping, promoting its results from a special section at the bottom of the page into the main results list based on their query relevance and sharpening other features.
While access to Twitter content and feeds seems uniform among search engines, Bing does enjoy preferred status with Facebook, thanks to a partnership between the two companies. That has resulted in Google lacking access to important Facebook functionality that Bing has, like the ability to include in results links to Web sites that one's Facebook friends have "liked."
The new capabilities build on existing links Bing has to both Twitter and Facebook, highlighting the increased importance of meshing search engines with social networking sites. For some queries, input from people's social circle is very valuable and relevant.
Bing Social already had a section for people interested in searching only through public posts and status updates from Twitter and Facebook. Now, Twitter content will appear in Bing News search results.
"Search for a news item and immediately see what people are tweeting on the topic," wrote Betsy Aoki, a Bing senior program manager, in a blog post.
Meanwhile, Bing now displays a Facebook box in which logged in users can type in a status update and post it to their Facebook profile without leaving the Bing interface.
The feature is now specifically available for "overview" pages in Bing Entertainment, a section of the site that offers information digests on movies, actors, singers and other entertainment categories.
"Whether it's a movie, a video game or even an artist, now you share your thoughts with just one click," Aoki wrote.
Google is also working hard to factor in social signals into some of its queries, and recently gave its Social Search service a revamping, promoting its results from a special section at the bottom of the page into the main results list based on their query relevance and sharpening other features.
While access to Twitter content and feeds seems uniform among search engines, Bing does enjoy preferred status with Facebook, thanks to a partnership between the two companies. That has resulted in Google lacking access to important Facebook functionality that Bing has, like the ability to include in results links to Web sites that one's Facebook friends have "liked."
Social networking gets Color but no privacy
If you want to share photos and videos and you don't care about privacy, there's a new social network just for you.
Known as Color, the new network is accessible via a free app for iPhones and Android-based smartphones. The application can detect your location and will share your photos with other Color users within 100 feet of you. It will also show you all of their photos.
Think of it as a social network for voyeurs, or a Twitter-like service that uses photos instead of tweets.
"I think the analogy to Twitter applies," said Ezra Gottheil, an analyst at Technology Business Research. "Some people -- especially, but not exclusively, young people -- like to share what they see, what they're doing, what they like and even what they don't like. And they like to see what other people are doing and liking."
Color, the brainchild of Bill Nguyen, who also co-founded music startup LaLa, has been getting a lot of buzz in the past week. The Palo Alto, Calif.-based fledgling company recently received a $41 million venture-capital investment, then came out with an iPhone app and on Wednesday released a Color app for Android.
Color has raised some eyebrows because it lacks any privacy features. Color is all about being public and being visible to everyone. If someone is using Color and she's near other people using the app, then her photos and videos will be publicly shared with her fellow users.
On Color, every photo and video is public. There is no friending, no choosing to follow only your family and friends. The app shares your images with any nearby stranger who is also using Color.
However, Color will determine who your friends are simply by detecting who is generally near you. If two people are using the app near each other, Color will note that and keep track of how often it happens. If the two of you hang out together often enough, Color will put you both into a social network. Once it establishes such a network, Color will show you pictures and video not only from people around you, but also from people in the social network it set up.
The questions about privacy (or lack thereof) could be a big deal. Facebook executives, for example, have repeatedly been criticized for not keeping users' information as private as the users would like.
The difference with Color, though, is that it makes no pretenses about privacy.
Gottheil noted that while Color could be a fun app for people on a college campus, at a concert or some other event, it also could be a useful business tool. "If this takes off, I guess restaurants in areas with a lot of foot traffic will start taking pictures of their plates," he said. "I know people for whom that would be very effective." Gottheil added that such tactics could also work for supermarkets and other retail stores.
"If the person is looking at his smartphone instead of your shop window, why not put your picture where he or she is looking?" he said.
Known as Color, the new network is accessible via a free app for iPhones and Android-based smartphones. The application can detect your location and will share your photos with other Color users within 100 feet of you. It will also show you all of their photos.
Think of it as a social network for voyeurs, or a Twitter-like service that uses photos instead of tweets.
"I think the analogy to Twitter applies," said Ezra Gottheil, an analyst at Technology Business Research. "Some people -- especially, but not exclusively, young people -- like to share what they see, what they're doing, what they like and even what they don't like. And they like to see what other people are doing and liking."
Color, the brainchild of Bill Nguyen, who also co-founded music startup LaLa, has been getting a lot of buzz in the past week. The Palo Alto, Calif.-based fledgling company recently received a $41 million venture-capital investment, then came out with an iPhone app and on Wednesday released a Color app for Android.
Color has raised some eyebrows because it lacks any privacy features. Color is all about being public and being visible to everyone. If someone is using Color and she's near other people using the app, then her photos and videos will be publicly shared with her fellow users.
On Color, every photo and video is public. There is no friending, no choosing to follow only your family and friends. The app shares your images with any nearby stranger who is also using Color.
However, Color will determine who your friends are simply by detecting who is generally near you. If two people are using the app near each other, Color will note that and keep track of how often it happens. If the two of you hang out together often enough, Color will put you both into a social network. Once it establishes such a network, Color will show you pictures and video not only from people around you, but also from people in the social network it set up.
The questions about privacy (or lack thereof) could be a big deal. Facebook executives, for example, have repeatedly been criticized for not keeping users' information as private as the users would like.
The difference with Color, though, is that it makes no pretenses about privacy.
Gottheil noted that while Color could be a fun app for people on a college campus, at a concert or some other event, it also could be a useful business tool. "If this takes off, I guess restaurants in areas with a lot of foot traffic will start taking pictures of their plates," he said. "I know people for whom that would be very effective." Gottheil added that such tactics could also work for supermarkets and other retail stores.
"If the person is looking at his smartphone instead of your shop window, why not put your picture where he or she is looking?" he said.
Russian security team to upgrade SCADA exploit tool
A Russian security company plans to release an upgraded exploit pack for industrial control software that incorporates a raft of new vulnerabilities released by an Italian security researcher.
The three-person company, called Gleg, is based in Moscow and specializes in vulnerability research. It recently began focusing on problems within SCADA (supervisory control and data acquisition) systems, which are used in factories, utilities and many other kinds of industrial applications, said Yuriy Gurkin, Gleg's CEO.
Gleg works with the Miami company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities, along the same lines as the Metasploit tool.
Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg's main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day, or new, vulnerabilties and those discovered by its research team.
Canvas allows companies to figure out what kind of information a hacker could obtain, said Dave Aitel, CTO for Immunity.
"If you can't test against zero days, then you are not testing against a real-world situation," Aitel said.
About two weeks ago, Gleg released Agora SCADA+, a new add-on for Canvas, Gurkin said. It contains 27 exploits for SCADA software and will mostly likely have around 35 exploits when an upgrade is released next week, he said.
Gurkin said Gleg is incorporating the exploits written by Luigi Ariemma, who found about 50 vulnerabilities in four SCADA products made by Siemens, Iconics, 7-Technologies and Datac. All four companies had products with remotely exploitable vulnerabilities.
On his website, Ariemma self-published vulnerability details, which were also published on Bugtraq. He did not inform the vendors prior to releasing the information, something that is considered bad form by some in the security community. Officials at two of the vendors -- 7-Technologies and Datac -- said earlier this week they were working on patches.
Gurkin said he believes responsible disclosure practices are out of date.
"We, like Luigi, don't notify vendors," Gurkin said. "This is a waste of time."
However, Gleg's partner Immunity does vet organizations that are interested in buying Canvas to verify they are not going to use the product in a malicious way.
Gurkin said he has seen increasing requests from companies for SCADA audits. "Sometimes our partners who use different SCADA software ask us to check something they have, with terms like 'You give us recommendations, we give you access to the system'," he said.
The high-profile Stuxnet malware has also prompted wider concern, he said. Stuxnet is a worm that was designed to target Siemens' WinCC industrial control software. It was packaged with four zero-day exploits for Microsoft Windows. It is now widely believed that Stuxnet was designed to disrupt Iran's uranium enrichment program.
SCADA software was often not intended to be connected to the Internet, but nonetheless more companies have done that anyway, which poses security risks, Gurkin said. Companies in the SCADA field are also not as open as other software companies about exchanging security tips and knowledge, he said.
A three-month subscription for Agora SCADA+ costs $2,250, which includes updates to the exploit pack and a single license for the Canvas framework. A one-year subscription costs $5,400 and also comes with one Canvas license.
The three-person company, called Gleg, is based in Moscow and specializes in vulnerability research. It recently began focusing on problems within SCADA (supervisory control and data acquisition) systems, which are used in factories, utilities and many other kinds of industrial applications, said Yuriy Gurkin, Gleg's CEO.
Gleg works with the Miami company Immunity, which sells a tool called Canvas, which is a framework for penetration testers wanting to try out the latest exploits against software vulnerabilities, along the same lines as the Metasploit tool.
Gleg supplies Immunity with exploit packs, which are add-ons with specific kinds of exploits, for Canvas. Gleg's main product is Agora, which integrates with Canvas. Agora is regularly updated with publicly disclosed zero-day, or new, vulnerabilties and those discovered by its research team.
Canvas allows companies to figure out what kind of information a hacker could obtain, said Dave Aitel, CTO for Immunity.
"If you can't test against zero days, then you are not testing against a real-world situation," Aitel said.
About two weeks ago, Gleg released Agora SCADA+, a new add-on for Canvas, Gurkin said. It contains 27 exploits for SCADA software and will mostly likely have around 35 exploits when an upgrade is released next week, he said.
Gurkin said Gleg is incorporating the exploits written by Luigi Ariemma, who found about 50 vulnerabilities in four SCADA products made by Siemens, Iconics, 7-Technologies and Datac. All four companies had products with remotely exploitable vulnerabilities.
On his website, Ariemma self-published vulnerability details, which were also published on Bugtraq. He did not inform the vendors prior to releasing the information, something that is considered bad form by some in the security community. Officials at two of the vendors -- 7-Technologies and Datac -- said earlier this week they were working on patches.
Gurkin said he believes responsible disclosure practices are out of date.
"We, like Luigi, don't notify vendors," Gurkin said. "This is a waste of time."
However, Gleg's partner Immunity does vet organizations that are interested in buying Canvas to verify they are not going to use the product in a malicious way.
Gurkin said he has seen increasing requests from companies for SCADA audits. "Sometimes our partners who use different SCADA software ask us to check something they have, with terms like 'You give us recommendations, we give you access to the system'," he said.
The high-profile Stuxnet malware has also prompted wider concern, he said. Stuxnet is a worm that was designed to target Siemens' WinCC industrial control software. It was packaged with four zero-day exploits for Microsoft Windows. It is now widely believed that Stuxnet was designed to disrupt Iran's uranium enrichment program.
SCADA software was often not intended to be connected to the Internet, but nonetheless more companies have done that anyway, which poses security risks, Gurkin said. Companies in the SCADA field are also not as open as other software companies about exchanging security tips and knowledge, he said.
A three-month subscription for Agora SCADA+ costs $2,250, which includes updates to the exploit pack and a single license for the Canvas framework. A one-year subscription costs $5,400 and also comes with one Canvas license.
Report: Mysterious Facebook Web search box could be malware
A Web search box some users are seeing on their Facebook interface wasn't inserted by Facebook and could be the result of malware or a rogue browser plug-in or application.
AllFacebook, a blog devoted to Facebook-related news, first reported that a second search box had begun to appear on Facebook interfaces, right next to the legitimate site search bar.
The mysterious Web search box appeared perfectly integrated into the Facebook page layout, as if it were a native Facebook feature. However, Facebook is now saying that it didn't put that second search box there and that it could be a sign of malware infection.
"We are not testing the placement of a separate web search field and have no plans to do so. We believe the second search field or 'Search the Web" box appeared on peoples' accounts as the result of unknown actions by a third party targeting the browser -- potentially a browser plugin or malware -- unrelated to Facebook," a Facebook official told technology news blog Search Engine Land.
As Facebook members, users who think they might be affected by this situation have access to a free, browser-based virus scanning tool from McAfee, according to the company.
As the most popular social network and one of the world's largest sites, Facebook is in a constant battle against malicious hackers and online scammers who want to take advantage of its massive user base to commit fraud and spread malware.
At this point, it's not clear whether the sinister search box is the result of an external malware exploit or the work of a rogue Facebook application.
AllFacebook, a blog devoted to Facebook-related news, first reported that a second search box had begun to appear on Facebook interfaces, right next to the legitimate site search bar.
The mysterious Web search box appeared perfectly integrated into the Facebook page layout, as if it were a native Facebook feature. However, Facebook is now saying that it didn't put that second search box there and that it could be a sign of malware infection.
"We are not testing the placement of a separate web search field and have no plans to do so. We believe the second search field or 'Search the Web" box appeared on peoples' accounts as the result of unknown actions by a third party targeting the browser -- potentially a browser plugin or malware -- unrelated to Facebook," a Facebook official told technology news blog Search Engine Land.
As Facebook members, users who think they might be affected by this situation have access to a free, browser-based virus scanning tool from McAfee, according to the company.
As the most popular social network and one of the world's largest sites, Facebook is in a constant battle against malicious hackers and online scammers who want to take advantage of its massive user base to commit fraud and spread malware.
At this point, it's not clear whether the sinister search box is the result of an external malware exploit or the work of a rogue Facebook application.
Google patches 6 serious Chrome bugs
Google on Thursday patched six vulnerabilities in Chrome, and silently updated users' copies of the browser.
The update to Chrome 10.0.648.204 also included two more entries to the browser's blacklist, a move related to last week's theft of nine digital certificates from a Comodo reseller.
All six bugs were rated "high," Google's second-most-serious ranking in its threat scoring system. Of the half-dozen bugs, two were "use after free" flaws -- a type of memory management bug that can be exploited to inject attack code -- while a second pair were pegged by Google as "stale pointer" vulnerabilities, another kind of memory allocation flaw.
As is Google's practice, the company locked down its bug-tracking database, blocking access to the technical details of the patched vulnerabilities. Google usually unlocks the bug entries several weeks, sometimes months later, to give users time to update before the information goes public.
Google paid out $8,500 in bounties to three different researchers for finding and reporting the six vulnerabilities. So far this year, Google has cut bounty checks totaling $58,145.
Frequent-contributor Sergey Glazunov took home $7,000 for reporting four of the bugs patched Thursday, bringing his 2011 bounty total to $20,634. Glazunov has become the most prolific of the independent researchers who specialize in rooting out Chrome flaws, reporting 14 of the 54 bugs attributed to outsiders.
Yesterday was the sixth time Google patched security vulnerabilities in its browser this year.
Google said the update also added support for the browser's password manager on Linux, and included performance and stability fixes. According to the Chrome change list, it also blacklisted more SSL (secure socket layer) certificates, the digital certificates that encrypt traffic between users and sites. Those new entries appeared to be for reissues of certificates originally blacklisted by Google on March 17.
The additions to the SSL blacklist are connected to last week's theft of several certificates from a Comodo reseller, an event that prompted Comodo to revoke the stolen certificates. Since then, Google, Mozilla and Microsoft have each issued updates
Comodo has cited circumstantial evidence that points to Iran, perhaps the Iranian government, being involved in the certificate theft.
Chrome 10 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.
The update to Chrome 10.0.648.204 also included two more entries to the browser's blacklist, a move related to last week's theft of nine digital certificates from a Comodo reseller.
All six bugs were rated "high," Google's second-most-serious ranking in its threat scoring system. Of the half-dozen bugs, two were "use after free" flaws -- a type of memory management bug that can be exploited to inject attack code -- while a second pair were pegged by Google as "stale pointer" vulnerabilities, another kind of memory allocation flaw.
As is Google's practice, the company locked down its bug-tracking database, blocking access to the technical details of the patched vulnerabilities. Google usually unlocks the bug entries several weeks, sometimes months later, to give users time to update before the information goes public.
Google paid out $8,500 in bounties to three different researchers for finding and reporting the six vulnerabilities. So far this year, Google has cut bounty checks totaling $58,145.
Frequent-contributor Sergey Glazunov took home $7,000 for reporting four of the bugs patched Thursday, bringing his 2011 bounty total to $20,634. Glazunov has become the most prolific of the independent researchers who specialize in rooting out Chrome flaws, reporting 14 of the 54 bugs attributed to outsiders.
Yesterday was the sixth time Google patched security vulnerabilities in its browser this year.
Google said the update also added support for the browser's password manager on Linux, and included performance and stability fixes. According to the Chrome change list, it also blacklisted more SSL (secure socket layer) certificates, the digital certificates that encrypt traffic between users and sites. Those new entries appeared to be for reissues of certificates originally blacklisted by Google on March 17.
The additions to the SSL blacklist are connected to last week's theft of several certificates from a Comodo reseller, an event that prompted Comodo to revoke the stolen certificates. Since then, Google, Mozilla and Microsoft have each issued updates
Comodo has cited circumstantial evidence that points to Iran, perhaps the Iranian government, being involved in the certificate theft.
Chrome 10 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.
Subscribe to:
Posts (Atom)