It looks like this year’s Pwn2Own hacking contest was pretty eventful and all web browsers got their asses kicked.
On the first day, a team from France has successfully hacked Internet Explorer 11, Firefox and Adobe Flash Player. The very same research firm also managed to find a vulnerability in Google Chrome, which affects both WebKit and Blink rendering engines.
Next day Sebastian Apelt and Andreas Schmidt have demonstrated a browser based exploit against Microsoft’s web browser, followed by a Chinese team that managed to bypass Safari’s sandbox and run remote code execution through it.
“Add to Feedly” and “Tweet this Page”.
Following the recent outrage that some companies are sneaking malware serving code into Google Chrome extensions that are updated silently, the search giant took some steps and removed at least two of them.
So how exactly did this happen? Well, according to Amit Agrawal, the guy behind “Add to Feedly” extension said that an unknown company has acquired his extension and inserted the malicious code afterwards.
Who needs encryption anyway?
If you’re still using Safari 6.0.5 on Mac OSX 10.8.5 or 10.7.5, then it’s a good time to ditch it.
According to the recent discovery by Kaspersky Labs, there is a serious issue with the way Safari handles last session data. Basically, to gain access to your passwords and IDs, all you have to do is open LastSession.plist file and that’s it.
Focuses on the use of encryption on the Web.
With never ending news about spying, Internet freedom and such, Mark Nottingham, the web infrastructure developer and the chairman of W3C group, has listed a couple of proposals that relate to the HTTP 2.0 protocol.
Most importantly, if everything goes as planned, HTTP 2.0 will only be used with https:// URIs, thus enhancing the overall security. Not only that but it looks like the web browser makers are the ones pushing for more use of encryption and support the idea, which is a good sign.
It looks like Microsoft is following Google’s steps and will be rewarding those that dedicate their days and nights seeking various security flaws.
According to Katie Moussouris, Senior Security Strategist at Microsoft, the software giant is paying $28,000 in bounties for the vulnerabilities that were discovered in IE11.
If you are wondering what effect money has on people, Microsoft said that during first 30 days of the IE10 beta they did not receive any bulletin class reports, compared to “several” security vulnerabilities reported in Internet Explorer 11.
Better privacy control as long as you trust Google.
If you haven’t heard about the AdID before, it’s because there is no such thing yet. However, according to USAToday, Google is working on an anonymous identifier (AdID), which would eventually replace everyone’s beloved cookies.
As stated in the article, AdID would allow ad companies to target various web browser users but there are certain guidelines that would give consumers more control over their privacy, which does sound good on a paper.
It seems like the release of PirateBrowser has made quite a splash in the tech community.
According to the recent report, the anti-censorship browser by ThePirateBay has been downloaded over 100,000 times and that’s just in the last 72 hours.
For those interested in the PirateBrowser, it should be noted that it only combats censorship and does not actually make the Internet experience fully anonymous.
Now here’s something awesome.
If you don’t feel like entering your real email or phone number when signing up with some (especially dodgy) web site, then MaskMe is the extension you’ve been waiting for.
Here’s how it works:
When you install the add-on and signup on any new website, it will allow you to generate “fake email” address, which then will forward confirmation link (or any other information) to your real inbox. The result? You real email address won’t be sold to email marketers and when you do start receiving spam, you can delete the fake one at any time.
Took us five years to figure that out.
Now here’s something that you wouldn’t expect from the 1st class software. According to Elliott Kember, the software develoepr and director at Riot, Google does an absolutely horrible job at protecting your sensitive data.
As it turns out, extracting your Google Chrome passwords is so easy, it’s actually mind boggling. All you have to do is type chrome://settings/passwords in the URL bar and that’s it. There are no master passwords, security prompts or anything of that nature.
Time to switch or is it?
It’s been a while since the last NSS Labs report and as it turns out, instead of comparing malware block rates like they always do, the guys have decided to do something different: find out which browser has the best built in privacy protection.
As it turns out, Safari and Internet Explorer users are protected better than those of Chrome and Firefox (if we ignore 3rd party extensions and NSA) and here is why: