A new Pwn2Own hack contest which should begin in the middle of the March 2009 is set to test Internet Explorer 8, Firefox, Safari and Opera web browsers running on Windows 7 Beta or RC.
Unlike previous year competition, where “white hackers” tried to hack computer operating systems (Mac OS was hacked first), this year it will focus on web browsers and mobile operating systems (Android, iPhone, Symbian, Windows Mobile, RIM).
More details should be announced within the upcoming weeks.
Infoworld inspected all the major web browsers and got some really interesting points to say about each of them.
Here are conclusions for each of the web browsers (also, links to full articles):
How Secure is Internet Explorer?
IE has no peer in enterprise deployment features. Using the Internet Explorer 8 Deployment Guide, administrators can deploy and configure more than 1,300 IE-related settings via Active Directory Group Policy or the Internet Explorer Administration Kit. It is the only browser in the review to support Kerberos authentication over the Web. Continue Reading
Guy Brian has discovered a new Safari vulnerability which affects Mac OS X 10.5 (Leopard) users who haven’t changed default feed reader preferences.
This vulnerability allows phishing sites to silently read all the user data from hard drive without him knowing that.
There is however a workaround for Safari users on Windows OS. Continue Reading
Google Chrome Continue Reading
Now here is something quite informative. Browser Security Handbook published by Google.
As Google explains, the document is meant to provide web application developers, browser engineers, and information security researchers with a one-stop reference to key security properties of contemporary web browsers.
The following browsers are included: Continue Reading
- Google dumps Firefox from download bundle, swaps in Chrome
- Fennec/Mobile Firefox coming to Symbian S60 in 2009
- Time for Mac Antivirus? Apple Safari Users Targeted on Facebook
- Microsoft Gets More Detailed About IE Vulnerability and Workarounds
- Skyfire rolls out UK mobile browser
- Net Applications again: Opera vs. Chrome – actual numbers vs. claimed market share
Internet Explorer 8 — Microsoft’s latest release, currently at the Beta 2 stage — was declared to be the safest (aka more secure than Firefox 3.1 Beta and Chrome Beta) but the least popular browser, according to a browser security survey.
On Wednesday, Utest, a social-networking and software testing company, announced the results of its Bug Battle browser contest. The event included participation from 1,330 security pros, hobbyists and tech enthusiasts, who found an alarming 672 bugs in the world’s top three Web browsers. Continue Reading
BitDefender has identified this new bit of holiday cheer as Trojan.PWS.ChromeInject.A.”
The trojan installs itself into Firefox’s add-on directory, registers itself as Greasemonkey, and begins searching your hard drive for passwords, login details, your World of WarCraft account information, and your library card number.
Once installed, the trojan is capable of identifying over 100 web sites. When an infected user visits a site the trojan recognizes, the parasite comes to life and records the login/password details being transmitted. Presumably it then goes back to sleep, quietly keeping an eye on further system activity.
For more details, check original post by ArsTechnica.
US-CERT is aware of a vulnerability that affects the Google Chrome web browser. This vulnerability is due to a default configuration that allows files to be downloaded without prompting the user. In addition, downloaded files can be opened with a single click, which could allow a user to inadvertently open a malicious file.
US-CERT encourages users to enable the “Ask where to save each file before downloading” option within the “Minor Tweaks” tab in the browser preferences. Continue Reading