UPDATE Nov. 10th: The story about the dog turned out to be a hoax. Pheew.
This weekend I read a somewhat disturbing article on Yahoo News about a Jewish court sentencing a dog to death by stoning by children and decided to share the story on Twitter. Most news sites include buttons to conveniently tweet articles, Yahoo News is no exception. I clicked the "Retweet" button and expected to see the Twitter confirmation screen as I was already signed in to Twitter. But wait!
Yahoo News wants me to let TweetMeme use my account, that was a surprise. Usually I don't bother reading these pop-ups, I just close the window and then go on to share the link manually. But this was Yahoo News, so I started reading the pop-up to see what they were hoping I would agree to. Turns out it wasn't just the article about stoning the dog that was disturbing.
Software security blog by André N. Klingsheim, who's learning to love .NET and Microsoft servers.
Disclaimer
Any opinions expressed here are my own and not necessarily those of my employer (I'm self-employed).
Jun 23, 2011
Jun 21, 2011
Firefox 5 is out and #4 wants to upgrade
Following up on my recent blog post on how auto-upgrade as opposed to auto-update of web browsers can help make the Internet a safer place, here is the prompt I just got from Firefox 4:
Gotta love it! Firefox 5 is a "security and stability update". No lengthy explanations on why version 5 is better than 4, and an "Upgrade Now" button. User's would want to install this! I also like the prompt I get when one of my add-ons won't work with the new version.
Gotta love it! Firefox 5 is a "security and stability update". No lengthy explanations on why version 5 is better than 4, and an "Upgrade Now" button. User's would want to install this! I also like the prompt I get when one of my add-ons won't work with the new version.
Jun 19, 2011
Slides for recent talks now available
I finally got around to publish the slides for the two talks I did in May: the talk about the online banking trojans at the DND/ISACA/ISF member meeting as well as the lightning talk on browser security at the Roots conference. I figured I'd give Google docs a try, so I made a Talks collection available there.
I've sort of reset my talk list, you'll find it at my dedicated talk page.
The lightning talk at Roots was taped (though probably there wasn't any actual tape involved). If you're interested, go check out The browser - your best friend and worst enemy - André N. Klingsheim on the Roots conference channel on Vimeo.
I've sort of reset my talk list, you'll find it at my dedicated talk page.
The lightning talk at Roots was taped (though probably there wasn't any actual tape involved). If you're interested, go check out The browser - your best friend and worst enemy - André N. Klingsheim on the Roots conference channel on Vimeo.
Labels:
Talks
Jun 12, 2011
Making the web safer: From auto-update to auto-upgrade
The Firefox team has decided to stop supporting Firefox 3.5. They've put a great deal of thought into how they will handle the ~12 million Firefox 3.5 installations around the world. Firefox 3.5 will be updated to the latest 3.6 version, through the auto-update system — which really makes it an auto-upgrade. The plan is to start pushing the upgrade on June 21st, in conjunction with the release of the new Firefox 5. The team has shared their assumptions and rationale for the decision in a Firefox 3.5 EOL article on the Mozilla wiki.
The decision to upgrade users' soon to be outdated and unsupported browsers is important. Home users' computers are under constant attack. The stream of software updates is both endless and rapid, especially when taking into account that there are updates to the operating system, web browsers, and commonly installed software such as Adobe Acrobat and the Java Runtime. The average user should be relieved from having to deal with all the different update notifications and procedures. Apple have been leading the way here for many years already. If you do a Google search for "security update" flash you'll see why: They've been supplying updates to the Flash player for many years through their update system. The Chrome team chose the same route in April when they included an updated version of Adobe Flash with their latest Chrome release — fixing a vulnerability in the Flash plugin in addition to three in Chrome. The simpler the job for users to keep their systems up-to-date, the more users will be running the latest, greatest, and safest software.
The decision to upgrade users' soon to be outdated and unsupported browsers is important. Home users' computers are under constant attack. The stream of software updates is both endless and rapid, especially when taking into account that there are updates to the operating system, web browsers, and commonly installed software such as Adobe Acrobat and the Java Runtime. The average user should be relieved from having to deal with all the different update notifications and procedures. Apple have been leading the way here for many years already. If you do a Google search for "security update" flash you'll see why: They've been supplying updates to the Flash player for many years through their update system. The Chrome team chose the same route in April when they included an updated version of Adobe Flash with their latest Chrome release — fixing a vulnerability in the Flash plugin in addition to three in Chrome. The simpler the job for users to keep their systems up-to-date, the more users will be running the latest, greatest, and safest software.
Labels:
Browser security,
Firefox,
security
Subscribe to:
Posts (Atom)
Copyright notice
© André N. Klingsheim and www.dotnetnoob.com, 2009-2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to André N. Klingsheim and www.dotnetnoob.com with appropriate and specific direction to the original content.
Read other popular posts
-
Visual Studio Online looks pretty cool so I’ve decided that I'll use it for the next NWebsec release. The project setup was relatively...
-
I just ran into a weird problem while creating a bootable USB-stick, it was impossible to do a full copy of the files from an .iso. I tried...
-
Security headers in an HTTP response There are many things to consider when securing a web application but a definite "quick win...
-
Microsoft's widely used e-mail service Hotmail was recently overhauled and rebranded Outlook.com. One of the less known services they pr...
-
I guess it was long overdue for me to follow up on my Hardening Windows Server 2003 SSL/TLS configuration and Windows server 2003 vs 20...
-
The release of Firesheep a week ago brought a lot of attention to a problem that has been known for many, many years: cookies sent over both...
-
Though Windows Server 2003 has been around for a while, we'll still see them around the Internet for many years to come. Despite their u...
-
Just a quick note on an error I often run into when I'm working on my Azure applications. I usually create Azure packages and upload the...
-
I just discovered that Facebook reveal to search engines the users who "Like" a page , regardless of their privacy settings. Try a...
-
OWASP recently released their Top Ten 2013 list of web application vulnerabilities. If you compare the list to the 2010 version you’ll see t...