Attackers utilized genuine passwords and usernames to get a hold of nine SSL certificates on the 15th of March via a Comodo certificate reseller. What SSL certificates do is basically prove the authenticity of a site. The log-on websites affected were Yahoo Mail, Google’s Gmail, Microsoft’s Hotmail, Skype, as well as Mozilla’s Firefox extension website.
Comodo revoked the certificates and brought the matter to the attention of Mozilla, Google, and Microsoft between the 15th and the 23rd of March. The breach of its reseller and the theft of the SSL certificates were announced on the 23rd of this month.
- February, 2011 – Internet Explorer, Google Chrome, Safari Share Up; Firefox, Opera – Down
- Web Browsers Usage By Country
- How Would You Change Internet Explorer?
- IE6 Countdown
- Download Firefox 3.6.14 And 3.5.17
- 19 Chrome Bugs Fixed in Preparation for Pwn2Own Hacking Contest
- Safari Adopts WebKit2
- Download Opera with Hardware Acceleration
- Opera 11.10 to Include Password Synchronization
Nine researchers were paid a total of $14,000 in bug bounties for bringing the Chrome bugs to Google’s attention. The company then promptly patched them last Monday.
Pwn2Own, an annual hacking contest that takes place at the CanSecWest security conference in Vancouver, British Columbia, was most likely the trigger for the updates, for Google fixed security flaws a week before last year’s Pwn2Own contest as well.
- IE9 RC: 2 Million Downloads
- Majority Of Web Browsers Are Unpatched
- Director of Firefox Leaves Mozilla
- Firefox 5 First Look
- Firefox 4 RC1 Coming Next Week
- Taking a Look at the New Google Chrome 10 Beta
- Gmail Now Uses Chrome’s Built-In Viewer To Open PDFs
- Introducing Google Chrome Web Search Blocklist Extension
- Download Opera 11.10
- Opera 11.10 Coming
- Windows Phone Internet Explorer 9 Mobile vs. Safari
- Opera Mini for iPad
Don’t forget that you can receive points for asking/answering questions and redeem them for cool prizes.
- Web-browser battle: which are you using and why?
- Suggest some skin/theme for firefox, opera, chrome?
- Why does Opera fail to grab a good per cent of user base like IE/Firefox/Chrome?
- What was the first browser you ever used?
- Help to Disable Panel While Checking Feeds?
Wolfgang Kandek, CTO of security risk and compliance management provider Qualys, revealed that approximately 80% of web browsers are susceptible to exploits of bugs that have already been patched. Kandek attributed this mostly to Windows, saying “All the different patching mechanisms are confusing, a bit of this and some of that.”
As discovered by BrowserCheck (which scans Windows, Mac and Linux machines for vulnerable browsers along with browser plug-ins), Oracle’s Java was the most probable plug-in to be outdated for the second year in a row, comprising a total of 40% scanned systems. Adobe’s Reader and Apple’s QuickTime were second and third, taking up 32% and 25% respectively.
Proposed solutions include:
- Microsoft taking charge of patching crucial third party plug-ins via single updater.
- Moving to HTML5, so browsers would no longer require various audio and video processing plug-ins.
- Download Internet Explorer 9 RC
- Firefox 5, 6 and 7 Coming in 2011
- Firefox 5 with Windows 64 Bit Support Coming
- Download Firefox 4 Beta 11
- Firefox Ignores Font Family?
- Firefox Borrows Google’s Chrome Update Procedure
- Opera: 100 000 000 Mobile Users
- Download Adobe Flash Player 10.2 Final
- CSS Checkbox Styling Nightmare (Pic)
- HTML5: Framerate Fest
The 5th Pwn2Own contest is here and there are some special treats for all you exploiters.
In addition to already offered prizes by Zero Day Initiative (ZDI) (a total is $105,000), Google Inc. will also be giving away a CR-48 laptop running Google Chrome OS and $20,000 to one lucky hacker who will exploit a security hole in Google Chrome web browser.
Contestants are welcomed to hack the following browsers:
Microsoft Internet Explorer
All of them will be running on a 64-bit, Windows 7 or OS X machines.
As for Opera inclusion, it’s still the same “low market share” argument.
• Microsoft to Reveal Internet Explorer Mobile Plans
During the CES, one of the audience members has asked Microsoft’s Dean…
It looks like the database of 44,000 inactive addons.mozilla.org accounts has been mistakenly left on a public Mozilla server.
According to the official blog post, it affects accounts created prior to April 9th, 2009 that use older, md5-based password hashes. As of today, all the data is secured with SHA-512 password hash.
Impacted users were notified on December 27th and potential treat has been already removed.