Good bye, ActiveX.
In an effort to improve the overall browser security and reduce user frustration, the software giant has announced that it will start blocking outdated ActiveX controls starting August 12, 2014.
According to Microsoft, “Java exploits represented 84.6% to 98.5% of exploit kit-related detections each month in 2013” and “to help avoid this situation with ActiveX controls, an update to Internet Explorer on August 12, 2014 will introduce a new security feature, called out-of-date ActiveX control blocking.”
Say hello to BoringSSL.
After the recent Heartbleed bug paranoia, it looks like Google took a pretty significant step to minimize such risks in the future. According to the report, the search giant is replacing OpenSSL with its own BoringSSL (yes, they did call it like that) in an effort to streamline security patches and improve overall user security.
Silent mode for everything.
Recently, Opera followed other browsers and revealed a new build, which would automatically update your software to the latest version. Now, it looks like Norwegian browser maker has decided to go an extra mile and silence even more tasks, starting with the latest Developer build (23.0.1522.0), Opera will now scan your PC for other web browser installations / profiles and silently import all data (on the first run) without your permission, including: passwords, cookies, history and bookmarks.
Manages to surprise everyone as well.
After a recent discovery of Internet Explorer vulnerability, where attackers could take over your PC and install malicious software, the software giant has finally released a set of updates to address the overblown issue.
Why would you use XP anyway?
Due to a recently discovered Internet Explorer (6-11) vulnerability, which will likely be patched soon for all but Windows XP users, UK and US governments are advising users to switch to alternative web browsers.
Security firm FireEye have warned users that a group of hackers are already exploiting the vulnerability targeting Internet Explorer 9-11 and Adobe Flash, so in any case, you are better of using something else.
It looks like this year’s Pwn2Own hacking contest was pretty eventful and all web browsers got their asses kicked.
On the first day, a team from France has successfully hacked Internet Explorer 11, Firefox and Adobe Flash Player. The very same research firm also managed to find a vulnerability in Google Chrome, which affects both WebKit and Blink rendering engines.
Next day Sebastian Apelt and Andreas Schmidt have demonstrated a browser based exploit against Microsoft’s web browser, followed by a Chinese team that managed to bypass Safari’s sandbox and run remote code execution through it.
“Add to Feedly” and “Tweet this Page”.
Following the recent outrage that some companies are sneaking malware serving code into Google Chrome extensions that are updated silently, the search giant took some steps and removed at least two of them.
So how exactly did this happen? Well, according to Amit Agrawal, the guy behind “Add to Feedly” extension said that an unknown company has acquired his extension and inserted the malicious code afterwards.
Who needs encryption anyway?
If you’re still using Safari 6.0.5 on Mac OSX 10.8.5 or 10.7.5, then it’s a good time to ditch it.
According to the recent discovery by Kaspersky Labs, there is a serious issue with the way Safari handles last session data. Basically, to gain access to your passwords and IDs, all you have to do is open LastSession.plist file and that’s it.
Focuses on the use of encryption on the Web.
With never ending news about spying, Internet freedom and such, Mark Nottingham, the web infrastructure developer and the chairman of W3C group, has listed a couple of proposals that relate to the HTTP 2.0 protocol.
Most importantly, if everything goes as planned, HTTP 2.0 will only be used with https:// URIs, thus enhancing the overall security. Not only that but it looks like the web browser makers are the ones pushing for more use of encryption and support the idea, which is a good sign.
It looks like Microsoft is following Google’s steps and will be rewarding those that dedicate their days and nights seeking various security flaws.
According to Katie Moussouris, Senior Security Strategist at Microsoft, the software giant is paying $28,000 in bounties for the vulnerabilities that were discovered in IE11.
If you are wondering what effect money has on people, Microsoft said that during first 30 days of the IE10 beta they did not receive any bulletin class reports, compared to “several” security vulnerabilities reported in Internet Explorer 11.