8 posts • joined 22 Feb 2013
Chinese State espionage + Flash = Fail
Lets see...codes implies Chines speakers + considerable resources + foreign policy websites(not the usual money stealing banking scams). So basically Chinese state espionage. Combined with Flash equals fail.
Some criticial inaccuracies about Firefox
The exploit they used wasn't zero day. It was targeting users with outdated firefox based Tor Browsers. The vulnerabilities were already fixed in the latest Mozilla patches at the time of the exploits.
Nothing unique move along
"craftsmanship, 17 years of hands-on experience and a passion for the web," not seeing that at all. I am seeing a reskinned Chromium version 28 to be exact. Just look at the user agents. I was even able to install Chrome extensions on it. It has been a couple of months since the announcement to move to webkit, I kinda expected more from Opera.
AppleWebKit/537.36 Chrome/28.0.1500.20 (Opera Next)
AppleWebKit/537.36 Chrome/27.0.1453.94 (Chrome)
Don't use even if they are technically good
This company tactics are borderline malware tactics including crippling all other browser on targeted machine except its own, and straight out fraud using the IE logo on its browser to trick people. The Qihoo antivirus has been getting good technical results on the AV review sites, but you gotta ask yourself why in the world would you entrust your security software to such a shaddy company?
Not biggest fan of anything Google but this is good
Especially the statement regarding their intentions to retire vendor specific prefixes in favor to Mozilla's and the W3C approach by keeping them under the experimental flag. The prefix situation especially on mobile was the most pressing for fans of alternate engines like gecko. If Chrome stayed with webkit it would have gotten worse.
You should judge based on active attacks
Just counting the number of vulnerabilities is a lazy way to judge the security of a product. You should count how many days something has been actively exploited.
"If we count just the critical zero-days, there were at least 89 non-overlapping days (about three months) between the beginning of 2011 and Sept. 2012 in which IE zero-day vulnerabilities were actively being exploited. That number is almost certainly conservative.."
The last known active exploit for Firefox was in 2010 for the Noble peace prize which was patched in a day. Chrome has no known history of an active exploit in the wild.
Of course this quote was earlier Windows and Windows 8 is a different especially IE in win32 vs IE in winRT, but the point is Microsoft security record is probably the worst out of all the major browsers, slow to respond to threats and issue patches in part b/c of the whole patch Tuesday nonsense to pamper to lazy control freak IT workers.
Where the Sandbox?
Wasn't the Vista/Seven exclusive sandbox or protected mode supposed to mitigate exposures like this? The fact that they list the exploits on Mac, Linux who don't have protected mode means the sandbox should have done it job right?
Re: Am I the only person...
You should seriously try SumatraPDF. Really small (5 megs) and simple by a fault. The option menu only a total of 7 options, including such bloated options in the "Advanced" section like "automatically check for updates" and "remember opened files," :-).
- Does Apple's iOS 7 make you physically SICK? Try swallowing version 7.1
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Pics Indestructible Death Stars blow up planets with glowing KILL RAY
- Hands on Satisfy my scroll: El Reg gets claws on Windows 8.1 spring update
- Video Snowden: You can't trust SPOOKS with your DATA