Contact Me By Email

Friday, March 25, 2011

Google Patches 6 Serious Chrome Bugs - PCWorld

Google Chrome IconImage via WikipediaGoogle Patches 6 Serious Chrome Bugs - PCWorld

Google on Thursday patched six vulnerabilities in Chrome, and as usual, silently updated users' copies of the browser.

The update to Chrome 10.0.648.204 also included two more blacklisted SSL certificates that may be related to last week's theft of nine digital certificates from a Comodo reseller.

All six bugs were rated "high," Google's second-most-serious ranking in its threat scoring system. Of the half-dozen bugs, two were "use after free" flaws -- a type of memory management bug that can be exploited to inject attack code -- while a second pair were pegged by Google as "stale pointer" vulnerabilities, another kind of memory allocation flaw.

As is Google's practice, the company locked down its bug-tracking database, blocking access to the technical details of the patched vulnerabilities. Google usually unlocks the bug entries several weeks, sometimes months later, to give users time to update before the information goes public.

Google paid out $8,500 in bounties to three different researchers for finding and reporting the six vulnerabilities. So far this year, Google has cut bounty checks totaling $58,145.

Frequent-contributor Sergey Glazunov took home $7,000 for reporting four of the bugs patched Thursday, bringing his 2011 bounty total to $20,634. Glazunov has become the most prolific of the independent researchers who specialize in rooting out Chrome flaws, reporting 14 of the 54 bugs attributed to outsiders.

Yesterday was the sixth time Google patched security vulnerabilities in its browser this year.

Google said the update also added support for the browser's password manager on Linux, and included performance and stability fixes. According to the Chrome change list, it also blacklisted two additional SSL (secure socket layer) certificates , the digital certificates that encrypt traffic between users and sites.

The additions to the SSL blacklist may be connected to last week's theft of several certificates from a Comodo reseller, an event that prompted Comodo to revoke the stolen certificates. Since then, Google, Mozilla and Microsoft have each issued updates -- Google was the first off the mark -- to block the certificates and warn users if they tried to connect to fake sites.

Comodo has cited circumstantial evidence that points to Iran , perhaps the Iranian government, being involved in the certificate theft.

Google did not immediately reply to questions Friday about whether the newest additions to Chrome's blacklist were related to the Comodo theft.

Chrome 10 can be downloaded for Windows, Mac OS X and Linux from Google's Web site. Users already running the browser will be updated automatically.

Tuesday, March 22, 2011

First Look: Firefox 4 Web browser Review | Browsers & Add-Ons | Macworld

First Look: Firefox 4 Web browser Review | Browsers & Add-Ons | Macworld

For years, Firefox has trundled along at the back of the browser pack, a beast of burden laden with fancy features but lacking speed. Not anymore. Mozilla has released Firefox 4, and in our preliminary tests, the browser makes a huge performance leap forward.

On a 2GHz Core 2 Duo aluminum MacBook with 2GB of RAM, Firefox 4 roughly quadrupled Firefox 3.6.15’s speed in an XHTML rendering test and the SunSpider JavaScript benchmark. Its Acid3 score improved by 3 points (reaching 97 out of 100), and it gained more than 100 points out of 400 on its predecessor in an HTML5 compliance test (255 and 9 bonus points vs. 155 and 4 bonus points).

Against other browsers, Firefox 4’s XHTML and CSS rendering speed still trails the latest versions of Safari, Opera, and Chrome, and it lacks their perfect Acid3 scores. But its HTML5 compliance outscores Safari’s and Opera’s, and only slightly lags Chrome’s, and in the SunSpider test, Firefox 4’s J├ĄgerMonkey JavaScript engine beats everyone else.

Firefox 4 packs a few other happy improvements under the hood. It now offers full support for CSS3 transforms and transitions, and hugely enhanced support for CSS3 animations. Built-in hardware acceleration vastly speeds up page rendering; however, in a Mozilla-created “stress test,” my computer and browser only eked out 2 frames per second when attempting 3D transformations on multiple 2D images. Firefox 4’s superb support for WebGL 3D graphics, Google’s new WebM open source video codec, and OpenType font rendering left me much more impressed.

Firefox 4’s interface changes are a somewhat mixed bag. Tabs now top the URL bar, Chrome-style, and you can now jump directly to a tab by starting to type its name in the “awesome bar” –nice, but nothing major. I liked the “app tab” feature, which lets you shift Gmail, Google Docs, and other much-used Web apps into tiny, space-saving icon tabs at the far left of the tab list.

The ability to group tabs by dragging and dropping left me cold, though. You must switch to an entirely separate screen, and drag tabs one by one into groups. The whole process just added an extra layer of clutter and confusion to my browsing.

We’re working on a full review of Firefox 4. For now, Firefox 4 looks like a happy compromise between speed-demon performance and a polished interface.

[Nathan Alderman is a writer and editor in Alexandria, Va.]

Monday, March 21, 2011

Apple releases Mac OS X 10.6.7 | Operating Systems | MacUser | Macworld

Image representing Apple as depicted in CrunchBaseImage via CrunchBaseApple releases Mac OS X 10.6.7 | Operating Systems | MacUser | Macworld

If you thought your old friend Snow Leopard was getting a little long in the tooth, fear not: Apple has released Mac OS X 10.6.7, the latest update to the venerable feline.

In addition to providing the standard enhancements for stability, compatibility, and security, 10.6.7 improves the reliability of Back to My Mac, resolves an issue with transferring files to SMB servers, and makes minor updates to the Mac App Store. In addition, the update incorporates a number of security fixes to Snow Leopard, which are also available separately as Security Update 2011-001.

Other fixes packed into the update include additional RAW image compatibility for digital cameras, an issue with MacBook Air (Mid 2010) kernel panics, and AirPort driver issues. In addition, brightness on external displays and projectors is improved, as is a DVD Player playback issue on 64-bit Macs.

Also fixed is a rare issue in Mac OS X 10.6.5 that could cause user accounts to disappear from the Login window and System Preferences after putting the system to sleep.

Mac OS X 10.6.7 is available in both server and client editions via Software Update and directly from Apple’s Website. For the full list of fixes, read on.

Improve the reliability of Back to My Mac.
Resolve an issue when transferring files to certain SMB servers.
Address various minor Mac App Store issues.
Additional improvements

Includes all the improvements in the previous Mac OS X v10.6.1, 10.6.2, 10.6.3, 10.6.4, 10.6.5, and 10.6.6 updates.
Includes Safari 5.0.4.

Includes RAW image compatibility for additional digital cameras.
For information about the security content of this update, please visit article HT1222.
Resolves a window resizing issue with X-Plane 9 on Macs with ATI graphics
Addresses an issue with MacBook Air (Mid 2010) computers that could cause a kernel panic.
Address issues in the AirPort driver for certain devices.
Improves brightness on external displays and projectors.
Addresses an issue where DVD Player may display black video on some Macs using the 64-bit kernel.
Addresses an issue with some NEC displays in which the screen may appear black when connected to a Mac Pro (Mid 2010).
Resolves an issue in which some Multiple Master (MM) fonts were missing from Mac Pro (Mid 2010), MacBook Pro (15-inch & 17-inch Mid 2010), and iMac (Mid 2010) computers.

Addresses various issues with MacBook Air (Mid 2010) computer performance.
Resolves an issue in which clicking the Updates tab in the Mac App Store could cause the Mac App Store to become unresponsive.
Fixes a problem opening an afp:// URL that points to a file, and changes the AFP mount path to conform to previous Mac OS X releases. For details, see article HT4538.
Includes the ability to repair certain issues that may prevent hardware RAID volumes from mounting. For more information, see article TS3631.
Fixes a rare issue in Mac OS X v10.6.5 that could cause user accounts to disappear from the Login window and System Preferences after putting the system to sleep.
Improves the reliability of dragging files or folders to the Trash when using an NFS home directory.

Sunday, March 20, 2011 - AT&T Acquiring T-Mobile, To Become the Largest U.S. Carrier - AT&T Acquiring T-Mobile, To Become the Largest U.S. Carrier

AT&T Acquiring T-Mobile, To Become the Largest U.S. Carrier
by Ed Hardy - 3/20/2011
AT&T has just announced that it is buying struggling T-Mobile USA from Deutsche Telekom AG in a deal that will make it the largest cell phone company in the United States in the number of subscribers.

AT&T is paying approximately $39 billion in cash and stock for T-Mobile USA, who is currently the fourth largest wireless carrier in America. DT will end up owning around 8% of AT&T.

The deal has been approved by the Boards of Directors of both companies, but government regulators will have to sign off on it, too, and there's likely to be considerable scrutiny -- if approved, one of the big four carriers is going away and one of the remaining ones is becoming much larger.

T-Mobile currently has 34 million subscribers, but once these are combined with AT&T's the company will have 129 million. That will make it bigger than Verizon Wireless.

It's All about the Network

Both AT&T and T-Mobile use the GSM standard, and are working on 4G LTE networks, so combining them is a relatively simple process.

Randall Stephenson, AT&T Chairman and CEO, said, "This transaction delivers significant customer, shareowner and public benefits that are available at this level only from the combination of these two companies with complementary network technologies, spectrum positions and operations. We are confident in our ability to execute a seamless integration, and with additional spectrum and network capabilities, we can better meet our customers' current demands, build for the future and help achieve the President's goals for a high-speed, wirelessly connected America."

With the additional cell towers and wireless spectrum it is acquiring with T-Mobile, AT&T is committing to a significant expansion of its future 4G LTE service. It now believes it will eventually be able to reach 95 percent of the U.S. population.

It was no secret that Deutsche Telekom has been looking for a buyer for some time. There had been reports that T-Mobile and Sprint might merge, bringing together the third and fourth largest U.S. carriers -- however, these two use incompatible wireless networks, so a merger wouldn't be any easy one.