PC World Philippines

Posts Tagged ‘ Safari ’

iPhone’s Safari dials calls without warning, says researcher

By Fei on November 10, 2010

By Jeremy Kirk
November 10, 2010

LONDON – A security researcher is asserting that Apple has made a poor security decision by allowing its Safari browser to honor requests from third-party applications to perform actions such as making a phone call without warning a user.

Safari, like other browsers, can launch other applications to handle certain URL protocols. These might be in clickable links, or in embedded iframes.

An iframe containing a URL with a telephone number, for example, will cause Safari to ask if the user wants to make a phone call to that particular number, wrote Nitesh Dhanjani, a security researcher, on the SANS Application Security Street Fighter blog. Users can tap a button to make or cancel the call.

But Dhanjani found that behavior changes in some cases. For example, if a user has Skype installed and stays logged into the application, Safari does not give an alert when it encounters a Skype URL in an iframe, and immediately starts a Skype call, he said.

“In this case, Safari throws no warning, and yanks the user into Skype which immediately initiates the call,” Dhanjani wrote. “The security implication of this is obvious, including the additional abuse case where a malicious site can make Skype.app call a Skype-id who can then uncloak the victim’s identity (by analyzing the victim’s Skype-id from the incoming call).”

Dhanjani said he contacted Apple about the issue. The company said that third-party applications should be coded to ask permission before performing a transaction. But in the current arrangement, third-party applications can only ask for authorization after a person has been “yanked” out of Safari and the application has been fully launched, Dhanjani wrote.

“A solution to this issue is for Apple to allow third-party applications an option register their URL schemes with strings for Safari to prompt and authorize prior to launching the external application,” Dhanjani wrote.

He posed the question of whether Apple — which maintains a fairly strict auditing of third-party applications — should also check the URL strings before the applications are allowed to be distributed through its App Store.

“After all, Apple is known to reject applications that pose a security or privacy risk to their users, so why not demand secure handling of transactions invoked by URL schemes as well?” Dhanjani wrote.

There are many other third-party applications that register URL schemes that pull a user out of Safari without any interaction.

It is possible to look at the URL schemes allowed by the iPhone and iPad on a device that has been jailbroken. But Dhanjani said it might be good to allow people to take a look at those URL schemes, since it “will help keep the application designers disciplined the same way the user location notification in iOS does. This will also make it easier for enterprises to figure out what third-party applications to provision on their employee devices based on any badly designed URL schemes that may place company data at risk.”

“Third party developers, including developers who create custom applications for enterprise use, need to realize their URL handlers can be invoked by a user landing upon a malicious website and not assume that the user authorized it,” Dhanjani wrote.

Apple could not be immediately reached for comment.

As Internet Explorer Turns 15, We Take A Look Back

By Fei on August 19, 2010

By Chris Brandrick
August 19, 2010

SAN FRANCISCO – Microsoft Internet Explorer marks its 15th anniversary this week. The first version of the browser was launched back in the summer of 1995 and since then the browser–now in its eighth rendition–has undergone numerous updates, revisions and versions.

IE went on to become extremely popular, largely thanks to its deep integration as part of Windows. Within just a few short years, Internet Explorer dominated the browser wars, claiming as much as 95% market share, mainly at the expense of competitor Netscape Navigator.

However, IE’s rise did not continue forever. In 2004, Mozilla launched an open-source alternative, Firefox. As the years went by, Firefox slowly chipped away at IE’s market share.

Today, the browser landscape is a very different one, with Chrome, Safari, Opera and many others all competing for a slice of users’ Web time. But despite the range of choices, IE is–like it or not–still the world’s most popular browser holding a combined market share of over 60%.

Let’s look back over the browser’s past, and look ahead at where it’s headed:

Internet Explorer 1

Internet Explorer 1 launched on August 16, 1995. Based on Spyglass Inc.’s Mosaic browser, version one of IE was built by a team of just five or six programmers and came in at just under 1MB. While IE wasn’t initially included in the OEM version of Windows 95, it came bundled with Microsoft Plus! for Windows 95.

Internet Explorer 2

Released just three months after the first version; IE 2 arrived on November 22, 1995, with versions for Windows NT, Windows 95 and Windows 3.1. Microsoft released a beta version for PowerPC-based Macs in January of 1996. IE 2 added support for HTML tables and cookies–a quaint notion in today’s HTML5 world.

IE 2′s executable size? A whole 1.1MB.

Internet Explorer 3

Microsoft launched IE 3 in August 1996 for Windows PCs. Version 3 saw the introduction of the blue ‘e’ logo that is now synonymous with Internet Explorer. IE 3 came to the Mac in January 1997; version 3.01 of IE later became the default browser on Macs. It was the first mainstream browser to support cascading style sheets (CSS). IE 2 also included an e-mail client known as Internet Mail & News (which eventually became Outlook Express), and added support for GIF and JPEG images.

It could also play MIDI audio files, marking the birth of websites with annoying auto-playing sound files.

Internet Explorer 4

Microsoft released IE 4 during September of 1997. Bundled with Windows 98; Microsoft marketed it with the tag-line “The web the way you want it,” and added more new features, such as support for favicons. As part of the San Francisco launch event, Microsoft planted a giant blue ‘e’ on Netscape’s front lawn. The browser wars were on!
Internet Explorer also made its debut on Sun Microsystem’s Unix OS Solaris in 1998.

Internet Explorer 5

Microsoft’s fifth version of IE arrived in March of 1999, introducing a selection of new features. Microsoft added Compatibility Mode for testing purposes, and bi-directional text support was also added–an important feature for many international users. New search, history and favorite features were also included.

IE5 carried a download size of 37MB for 32-bit PCs, and as of March 2000, Internet Explorer 5 had a market share of over 50%.

Internet Explorer 6

August 2001 saw the release of IE 6, ready for the debut of Windows XP. By late 2003 Internet Explorer accounted for around 90% of the browser market, thanks in part to IE 6′s success. But despite its success in the market, IE 6 was universally slammed for its poor security features–a reputation Internet Explorer still carries to this day. The browser added a number of new features, and it also gained a pop-up blocker with its second service pack.
Now nearly a decade old, IE 6 still has a market share of nearly 17%.

Internet Explorer 7

After nearly six years since the initial release of IE6, in 2006 Microsoft finally graced users with a new version of their browser–IE7. During this gap between releases, Mozilla had released Firefox, and many features seen in Firefox made their way into IE7.

The browser, which was available in both 32-bit and 64-bit versions, brought tabbed browsing to IE,and introduced page zooming, a separate search bar, and support for RSS. For this release the browser was renamed, make a subtle change from Microsoft Internet Explorer to Windows Internet Explorer.

Internet Explorer 8

Version eight saw a general release in March of 2009, it is the default browser for Windows 7 and is the latest available version, coming with support for up-to 63 different languages.

Microsoft detailed that improvements to CSS and Ajax handling were a priority. The new browser also saw the introduction of a private browsing mode, which makes browsing history hard to find. Other browsers offered a similar feature, Microsoft’s is called InPrivate browsing.

A new feature known as Accelerators also debuted, offering access to additional Web information for any highlighted text.

What’s next….

Microsoft’s next browser, Internet Explorer 9, is due to enter beta next month. IE9 promises to have better support for new web standards, such as CSS3, HTML5 and more.

Linux tablets, where are you?

By Fei on June 15, 2010

By Steven J. Vaughan-Nichols
June 15, 2010

SAN FRANCISCO – Apple has long had a history of being arrogant. But, more often than not, they’ve been able to back it up by the quality of their products. But now, with Apple locking out Adobe Flash and Google Ads, not to mention their cute trick of setting up an HTML 5 demo site that only works with Apple’s own Safari Web browser, I think Apple has overstepped their authority. It’s time for Linux-powered smartphones, tablets and devices to give users top-notch alternatives to Apple’s offerings.

Linux, largely thanks to Google Android, has already made progress that way in smartphones. Indeed, even hardcore iPhone users are now thinking about switching to Android phones. There’s also a wave of Linux-powered tablets and would-be iPad rivals on their way. But they’re not here yet.

While I think that these new Linux devices will do well, I also think they need to be more than just tablets that are cheaper and more open than iPads. As Jim Zemlin, the head of the Linux Foundation, wrote in BusinessWeek, “It’s important that open-source products add more value for users than simply being free. Open-source software also needs to be fabulous.”
Exactly.

Zemlin went on to write, “Providing a good user experience isn’t paramount under the white lights of the data center. In consumer electronics, it’s a different story. Mobile Linux vendors must increase their technical investments by working on key open-source projects to make every component used in Linux devices benefit the user experience. That includes making devices boot up faster, connect better, and display graphics more smoothly.”

That’s why I’m encouraged by such moves as Google’s Android team working more closely with the mainstream Linux developers. I’m also really pleased to see that Canonical, the company that makes Ubuntu Linux possible, is now working on enabling touch in Ubuntu, which would make it ideal for tablets.

If any Linux company comes close to appreciating Apple’s appeal to average users with its focus on making the interface a pleasure to use, it’s Canonical. After all, it was Canonical’s founder and Ubuntu’s guiding light, Mark Shuttleworth, who said Ubuntu’s goal was to deliver “a user experience that can compete with Apple in two years.”
Shuttleworth was talking about the desktop. Today, it’s all about competing on devices. The day of the PC is fading into the afternoon. With Apple making enemies of one-time partners and closing its software circle ever tighter, now is the time for Linux not only to push forward with its historical advantages of lower prices and open software and standards, but to show the world that Linux devices can be every bit as attractive and user-friendly as its Apple competition.

Malicious Facebook ad redirects to fake antivirus software

By Fei on April 13, 2010

By Jeremy Kirk
April 13, 2010

LONDON – A malicious advertisement has been found within an application for Facebook that redirects users to fake antivirus software, according to a security researcher.

The banner advertisement for greeting cards is intermittently displayed with an application called Farm Town, which has more than 9 million monthly users according to information published on Facebook.

If the bad Shockwave Flash advertisement is displayed, the user is redirected from Facebook through several domains and ends up on a Web site selling fake antivirus software, said Sandi Hardmeier, who studies malicious advertisements and blogged about the issue.

Farm Town’s developer, SlashKey, has a notice on its Web site saying it has notified its developers of the problem.

“We believe at this time that it is harmless to your computer and a result of one or more of the ads on the site, but you should not follow any links to any software claiming to ‘clean your system,’” the notice reads. “Most good antivirus/malware program will catch and quarantine this malware.”

Hardmeier disagrees that it is harmless. “I’m disappointed that they are trying to minimize the perception of risk,” she said.

Fake antivirus sites usually tell users their computers are infected and implore them to download the software, which is often completely ineffective. Consumers are charged as much as US$70 for the software, which is also difficult to remove, and have trouble recovering their money.

There are hundreds of fake antivirus programs, and security experts estimate it is a multimillion dollar industry. Panda Security wrote in a report last year that as many as 35 million computers worldwide may be infected with fake antivirus programs each month.

Google’s Chrome browser did detect the malicious domains used to redirect the user and blocked the attack. The company has “safe browsing” technology built into its browser that will block users from going to potentially harmful Web sites. Internet Explorer 8, however, did not, Hardmeier said. She was in the process of testing Firefox on Monday morning.

Hackers have been known to figure out ways to slip their malicious advertisements onto ad networks that supply advertisements to innumerable Web sites. Many ad networks have taken steps to ensure malicious ads don’t circulate. But there are ways around using the ad networks.

“The bad guys are going straight to site owners and offering them advertising,” Hardmeier said via instant message. “The responsible networks are monitoring for the bad stuff and catching it and will suspend the bad campaigns immediately.”

Hardmeier said she has notified cubics.com, which delivered the ad to Farm Town, and is in the process of notifying Facebook. Officials at Facebook could not be immediately reached.

Social networking sites such as Facebook are a prime target for scammers due to their high number of users and potential victims.

Facebook Tips and Tweaks

By Fei on February 4, 2010

By Rick Broida
February 4, 2010

SAN FRANCISCO – I like using Facebook to keep tabs on my friends, but I don’t like the endless stream of “so-and-so took this quiz” and “Joe became friends with Jane” messages. I just became a fan of Facebook Purity, an add-on that removes those notifications from your Facebook home page. Facebook Purity is a script that requires Greasemonkey. Once you’ve installed that and restarted Firefox, just install the FP script, start up Firefox again, and fire up Facebook.

The effects are subtle–don’t expect a major makeover–but definitely worthwhile. You may not notice any immediate changes, but you should see a “FB Purity hid” header like the one highlighted in this screen shot. The tally refers to the number of Facebook apps and “extras” hidden from your home page. If you’re curious to see what they are, just click Show for either category.

If you want to edit the list of apps and extras Facebook Purity blocks, see the developer’s FAQ page. Speaking of which, the script doesn’t cost anything, but the developer sure would appreciate a few bucks if you find it useful. (Click the Donate button on his page to make a contribution via PayPal.)

By the way, Facebook Purity is compatible with Google Chrome, Opera, and Safari, but using Greasemonkey scripts with those browsers is a bit more complicated. Again, see the FAQ page for details.

Download Photo Albums in a Flash

For a service as photo-oriented as Facebook, the simple act of downloading photos is annoyingly complicated. In fact, there is no download option; you have to view each photo in turn, right-click it, and choose Save Image As or Save Picture As (depending on your browser).

So what happens if a friend posts a bunch of pictures you want to download? Are you really supposed to go through and save them one by one? Not if you install the FacePAD plug-in for Firefox. Short for Facebook Photo Album Downloader, it does exactly what its name implies: downloads entire albums at a time.
After loading the plug-in and restarting Firefox, select Tools, Add-ons, find FacePAD, click Options, and choose your language. Click OK and you’re good to go.

To use FacePAD, just navigate your way into a friend’s photo library, right-click an album link, and choose Download Album with FacePAD. In a matter of minutes the plug-in will plunk every photo into your default Firefox Downloads folder.

It’s too bad you can’t specify a folder or do any batch-renaming; all the photos end up with cryptic numerical file names. Still, FacePAD works as advertised, and it’s a damn sight easier than retrieving each photo manually.

Add Facebook Chat to Your Firefox Sidebar

Let’s solve another Facebook hassle: When you leave the site, your chat sessions get left behind. Wouldn’t it be nice if you could keep a Facebook chat going regardless of what site you’re viewing?

If you use Firefox as your Web browser, you can add Facebook chat to the Sidebar, thus keeping it alive and active even while you browse elsewhere. (I also find it a more convenient location than the bottom-right corner of the screen, which is where Facebook shoehorns it.) Here’s how to make it happen:

In Firefox, press Ctrl-B to open the Sidebar in Bookmarks view. Right-click the bookmark folder where you want to add Facebook chat, then choose New Bookmark. Name the new bookmark “Facebook Chat,” then paste this URL into the Location field: http://www.facebook.com/presence/popout.php Check “Load this bookmark in the sidebar,” then click OK.

Now just click your new bookmark and presto: Facebook chat in the sidebar. Not too shabby, eh?

Simplify Your Facebook Experience with Brizzly

Brizzly provides a clean, simple, ad-free interface for Facebook (Twitter, too).
Getting started with this free Web service is a snap. Sign up for an account, then supply your user name and password for Facebook and/or Twitter. You’ll have to click through a couple “approval” pop-ups, which is normal for any outside service seeking access to your account.

Now you’ve got a simple front end for your Facebook news feed. You can update your status, comment on friends’ posts, watch posted videos, write on walls, and so on. You don’t get every single Facebook feature–you can’t “hide” a friend or play any games–but you do get a refreshingly streamlined interface.

Chrome Web Browser Inches Past Safari

By Fei on January 5, 2010

By Tony Bradley
January 6, 2009

google-chrome SAN FRANCISCO – In the most recent Web browser market share statistics from Net Applications, Google’s Chrome Web browser sneaked past Apple’s Safari to claim third place. The ascent up the market share ladder is more impressive when you consider that Chrome has only been around a little over a year.

Chrome’s 0.7 percent jump from November to December can probably be attributed to the beta versions of the Chrome Web browser for Mac OS X and Linux finally being released. Google also gave Windows users more reason to switch to Chrome with the release of expanded features and functionality for the Windows version of Chrome.

Chrome was marching pretty steadily up the chart even before the recent releases, though. Since January of 2009, Internet Explorer’s share of the pie has dropped just over seven percent. That seven percent has been snapped up primarily by Firefox and Chrome, with Chrome making the biggest jump of them all. Chrome has increased over three percent since January, more than tripling its share of the Web browser market in under a year.

Google is virtually synonymous with Web surfing, so it stands to reason that Google should know a thing or two about how to optimize the Web surfing experience. The Chrome Web browser is not a revolutionary shift from other browsers like Internet Explorer or Firefox, but the incremental improvements are enough to make it worth taking a look at.

The one thing Chrome offers that all users want is speed. Time after time since its release Chrome has come out on top in tests that compare the speed at which the different Web browsers are able to load pages. The difference in time may be mere milliseconds, but for hardcore Web surfers those milliseconds add up, and faster page loading equates to less frustration and stress.

As with all statistics, these can be taken with a grain of salt. Finnish tech site Afterdawn.com claims that recent statistics for users that visit its sites put Firefox on top with just over 42 percent, Internet Explorer in second place just under 40 percent, and Chrome strongly in third with almost nine percent. That is a more tech-oriented site with a much smaller sampling, though, than the statistics compiled by Net Applications.

What does all of this mean to you? Well, nothing really. At nearly 63 percent of the browser market, Internet Explorer still holds a dominant position even though it has lost a significant chunk in 2009. The real battle is still between Internet Explorer and Firefox–a distant second with less than half of Internet Explorer’s stake…at least for now.

The success of Windows 7, which comes with Internet Explorer 8 pre-installed as the default browser (except within the European Union where Microsoft is providing users with a choice of browsers as part of a settlement to avoid antitrust litigation) may help curb Microsoft’s eroding share of the browser market.

As I mentioned above, though, Chrome is a rapidly rising competitor. Google’s reputation and presence on the Web will contribute to the continued growth of the Chrome Web browser, as will Google’s various endeavors, including the Chrome operating system expected to be released before the 2010 holiday shopping season.

Firefox has been climbing as well, and has five times the share of the Chrome Web browser, but Firefox has also been around for more than five years. Odds are fair that Chrome will pass Firefox and steal second place long before either of them threaten to pass Internet Explorer.

Firefox to Hit 1 Billion Downloads Friday

By Jon on July 31, 2009

By James Niccolai

The Firefox Web browser is fast approaching its billionth download and is likely to hit that milestone some time on Friday.

Mozilla has a Web site and a Twitter feed where people can keep track of the total. On Thursday afternoon, the feed showed more than 999,180,000 downloads, with about 15 more happening each second.

Mozilla said initially that it expected to hit the billion mark some time over the weekend. An hour later, as the news trickled out and the pace of downloads increased, Mozilla revised its estimate to Friday. An enthusiast Web site with a “Firefox Download Guesstimator” predicts it will reach a billion on Friday at noon GMT.

The figure includes all versions of Firefox since the first release in 2004. If a single user downloaded multiple copies for different computers, they are each counted in the total. And if a user goes to the Web site to download an update to an existing version, instead of waiting for the automatic download, that is counted as well. Automatic updates are not included in the total.

So the figure does not mean that 1 billion people are using Firefox. Still, it’s a significant achievement for a piece of software that was unknown to most of the world just a few years ago, and one that has had to compete with Microsoft‘s Internet Explorer, which ships free with every Windows PC.

Figures from earlier this month showed Firefox having just under a third of the global browser market, at 31%. Internet Explorer led the field with 60%, while Safari, Chrome and Opera each had less than 5%, according to Statcounter.

Firefox is stronger in Europe, where it has 40% of the market to IE’s 47%. In Asia, Firefox has 23% to IE’s 72%. In Antarctica, Statcounter says, the browsers are neck and neck.

Mozilla plans to launch a Web site Monday, at www.onebillionplusyou.com, where it will provide more information on the achievement.