AKS™ – Feel The Change!

    A bug discovered earlier this week in Firefox 3.5’s Just-in-time (JIT) JavaScript compiler was disclosed publicly by S.Berry on milw0rm. Just after three days worth of testing later, Mozilla has pushed out Firefox 3.5.1, with a fix for this error as well as corrections for several other bugs.

    “ Firefox user zbyte reported a crash that we determined could result in an exploitable memory corruption problem. In certain cases after a return from a native function, such as escape(), the Just-in-Time (JIT) compiler could get into a corrupt state. This could be exploited by an attacker to run arbitrary code such as installing malware.”

    The vulnerability was introduced in TraceMonkey, the JavaScript engine used in Firefox 3.5 that actually offers a decent speed boost to the browser. Oddly enough, TraceMonkey was already set to be patched this month by Mozilla, as bugs in the newest engine were listed in a July 1 meeting as the sole topcrash issue for Firefox 3.5. In other words, while vulnerabilities like this are horrible, this one came at a perfect time as developers were already giving TraceMonkey a thorough cleaning.

Features:-

• Super Speed new
  View Web pages way faster, using less of your computer’s memory.
• Anti-Phishing & Anti-Malware improved
  Enjoy the most advanced protection against online bad guys.
• Session Restore improved
  Unexpected shutdown? Go back to exactly where you left off.
• One-Click Bookmarking
  Bookmark, search and organize Web sites quickly and easily.
• Easy Customization improved
  Thousands of add-ons give you the freedom to make your browser your own.
• Tabs improved
  Do more at once with tabs you can organize with the drag of a mouse.
• Instant Web Site ID
  Avoid online scams, unsafe transactions and forgeries with simple site identity.

      I strongly recommend that all firefox 3.5 users upgrade to this latest release. If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting “Check for Updates…” from the Help menu. You can download Firefox 3.5.1 from official Mozilla site.

Download Firefox 3.5.1

         If you want to upgrade your Firefox to the latest 3.5 then think again.

     SBerry released code on Milw0rm, has issued an advisory warning of a memory corruption error in Mozilla’s newest version of Firefox, version 3.5. The vulnerability, if exploited, allows code execution that could lead to system compromise.

       The vulnerability is caused due to an error when processing JavaScript code handling e.g. "font" HTML tags and can be exploited to cause a memory corruption.

Here is SBerry Posted code.

     Secunia is offering advice to Firefox users that until this newest vulnerability is patched, they should avoid untrusted websites and links. However, Brian Krebs took the smart road in his advice on the issue. Krebs, who is a reporter for the Washington Post, advised his users to disable "javascript.options.jit.content" in about:config. This fix has a drawback however, it will lower the rendering speeds of JavaScript, which is one of the major performance improvements in Firefox 3.5. If you are willing to take the trade, then his fix should work fine.

DNS INFORMATION LEAK

     There is another little glitch in firefox that exposes DNS information for users wanting to remain anonymous using proxy settings.

    Tw1zl3r reports that, “The DNS Leak issue in FireFox 3.5 is a BIG BUG because even if you use the about:Config force remote DNS look ups using a proxy the requests are still sent to your local DNS. The local DNS query leaks your web searches out for anyone with a brain cell and WireShark to view a users web query’s in plain text. FireFox 3.5 has the toggle network.proxy.socks_remote_dns option in it but when adding the option in about:Config it does nothing and is all show no go. The setting does nothing and allows DNS to Leak.”

      However, some users who tested his point wonder if the DNS leak has more to do with an add-on than Firefox itself. However, if it is a Mozilla issue, then it would need to be addressed as soon as possible.

[Source]

     After a huge success of Google Chrome, Google in extension to Google Chrome started a new project called Google Chrome Operating System.

     Google Chrome OS is an open source, lightweight operating system which is linux based that will initially be targeted at netbooks. Later this year Google will open-source its code, and netbooks running Google Chrome OS will be available for consumers in the second half of 2010.

     This is not only for Consumers but also for application developers have their role to play. For developers the web is the platform. All web-based applications will automatically work and new applications can be written using your favorite web technologies. And of course, these apps will run not only on Google Chrome OS, but on any standards-based browser on Windows, Mac and Linux thereby giving developers the largest user base of any platform.

     It was stressed that the main aspects of the system should be the speed, simplicity and safety, and despite Google Chrome OS initially be geared to low-cost laptops, could be used on any computer architecture based on the X86 as well as ARM chips .

    Now one thing is certain, if not Google will not be anyone else. . 

What you think will Google Chrome OS end the reign of Microsoft ?

What you have to say? Share your views via Comments

For more information – Google Official Blog | Google Chrome OS FAQ

        Just as we were getting ready to declare victory over Conficker (and settling in for a long battle with Gumblar), along comes Nine-Ball, another difficult-to-defeat offensive that hijacks Web sites and tries to load malware onto a user’s PC. The worm has a trick up its sleeve, repeat visitors to infected sites are dumped to Ask.com, a sneaky move that prevents security experts and investigators from being able to discover too much about the host of the malware.

What is Nine-Ball?

     Nine-Ball is a multi-layered Web browser attack targeting legitimate Web sites to redirect users to malicious sites owned by the attacker. The downloaded malware attempts to infect user’s computer through a number of exploits including Adobe Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy.

     The attack name "Nine Ball" refers to the name of the final landing page which is full of malicious drive-by exploits that are automatically downloaded to computers without user’s consent or knowledge. Once infected, anything the victim types could be monitored and used to commit identity theft, such as stealing credit card numbers, passwords or other sensitive data.

How does the threat work?

1. Victim visits legitimate infected site.

2. Victim is redirected to a series of different sites owned by attacker.

3. The final redirect is to a malicious drive-by download site, which attempts to download malware to victim’s computer through a number of exploits including MDAC, AOL SuperBuddy, Adobe Reader, and QuickTime exploits.

4. The malicious programs typically attempt to steal information from the victim via a keystroke logger.

5. Once a user has already visited the malicious web page, these repeat visitors are re-directed to the search engine site Ask.com. We assume this design is a technique to evade investigation.

       According to Internet security firm Websense , Nine Ball has already compromised over 40,000 Web sites.

      There is currently no sure-fire way to protect yourself from or clean up an infection by Nine-Ball (except reinstalling Windows). All you can do is to make sure that all your software packages, including those targeted by the attack, are up-to-date, and to install the appropriate security software.

For More Visit Here and here

     Want to shorten your URLs, upload photos, and spread the news? Virl is the place where you can do all that.

     The first thing you see when you check out the site is this blue monster guy asking you what you would like to do?  You can tell it you want to upload a photo or shorten a URL.  Pretty simple right?

     Well that is only half the web site.  The other half gives you the popular posts from a number of different resources, like Digg, Delicious, Reddit, Hulu, Yahoo Buzz and more. 

     A virtual mix of both link sharing and shortening – this web site has a lot of potential, however my first suggestion would be to shrink down their monster guy on the top of the page.   Why?  There is no way I would want to scroll that far down every time I check out the page to see some of the popular headlines out there from their various news sources listed on the site.  Go see how Virl is viral for you.