September 8, 2008
Browser Wars!
There’s a new browser in town and his (or her) name is … Chrome.
And it’s by Google. Not content with having a finger in about two billion pies, the Mountain View Internet pioneers have muscled their way in amongst a crowded marketplace that includes Microsoft, Mozilla, Opera, Apple and Flock. For someone like me, who gazed in wonderment at NCSA’s Mosaic in the mid-nineties, it’s all getting a bit head-scratching.
Google’s own press release talks about Chrome in glowing terms – surprisingly - championing its combined search and address bar (which Firefox 3.0 does very well), isolated tabs to limit browsing disruption from a crash and a new JavaScript engine which makes everything very quick.
(Link)
Linus Upson, Direct of Engineering at Google was quick to praise the open-source community:
“While we see this as a fundamental shift in the way people think about browsers, we realize that we couldn’t have created Google Chrome on our own. Google Chrome was built upon other open source projects that are making significant contributions to browser technology and have helped to spur competition and innovation.”
But how is the security? P2pnet.net were not overly impressed, entitling their column on the new browser “Chrome? Meh.” One of their readers reported finding more password manager flaws than any other browser.
The “incognito” mode sounds quite identical to the Internet Explorer’s new “InPrivate Browsing” mode that we reported on last week. Apparently this will flush away all evidence of your browsing when engaged in this mode. As p2pnet’s journalist amusingly observes: “…where Google is concerned, nothing is incognito”.
ZDNet report on security researcher Aviv Raff’s claim that a “carpet bombing” vulnerability exists. Raff combined two known security holes (a flaw in Apple Safari and a Java bug) to trick users into launching executables direct from the new browser.
Aviv goes in to it on his entertaining blog.
Meanwhile, I’m going back to Firefox.
Scapegoat of the month
Back to Gary McKinnon, the British hacker who perused US military computers in the search for an Excel spreadsheet detailing alien inventory. McKinnon, possibly only days from extradition to the US (read about it here) has been labeled a “scapegoat” by Mathew Bevan, a reformed hacker accused of similar crimes in the 1990s. (Link)
"Clearly, lessons have not been learned since I breached similar systems and, as I have always suggested, perhaps stopping the intrusions is not the goal of the administration. Tacitly allowing access to machines by ensuring that default passwords or in fact access methods without passwords is suggestive of a system that really does not care too much about many of the machines connected to it."
What Bevan is insinuating is that the US military have nothing worth seeing on the hacked computers and they are simply a tool used to lure and capture hackers like a mousetrap with some freshly diced cheddar. He argues that McKinnon is unlucky to be pursued when – according to Bevan - he was only one of many people who regularly hack those machines.
In a conspiracy theory straight from the mind of “Falling Down” character William Foster, Bevan suggests that the actions are used by the US military to boost their funding.
"I think it's all about timing and whether or not the hacker will make a good scapegoat whilst allowing the administration to request further money. The fear machine can keep churning out propaganda as per normal, but don't expect those machines to actually get better security. They are not businesses, have no shareholders and therefore do not have to answer to the same stringent rules and tests that the computer systems of corporations would."
Bevan has a lot to say which equally seems plausible and paranoid.
Botnet bits
I think that any subject, no matter how dull, can be made interesting if it’s written about in an entertaining fashion. But even I know that there’s only so much mileage to be gotten out of the topic of botnets before eyelids descend.
So therefore, with an eye on the word count, I’ll simply report that the Shadowserver Foundation have revealed the number of compromised zombie PCs in botnet networks has quadrupled in the last three months. (Link)
They go on to talk about SQL injections, drive-by download attacks, tracking email-based malware and throw in the snazzy use of the word “honeypot” which I always enjoy. In fact “honeypot” would be a good way to describe the method used to attract Gary McKinnon in the above story. I wish I’d thought of using it a few paragraphs ago rather than the mousetrap/cheddar simile.
|
