Cool Tech Reviews

I use Internet Explorer as well as Firefox for a variety of reasons and am constantly irritated at IE’s “Find on this page” functionality. You know - where IE pops up that irritating search box, Firefox just adds a search bar to the bottom of the window. In computer science parlance, the IE search box is “modal” and prevents you from doing anything else in that window until it is closed, while the Firefox search bar is “non modal” and allows full functionality of the browser window. However, you don’t need the technical explanation to learn how to fix it.

(more…)

Netcraft reports that MySpace accounts are at risk from a phishing attack that uses MySpace’s own servers:

Netcraft has discovered that the social networking site, MySpace, appears to have been compromised by phishers who have presented a spoof login form on the main site. This modified login form is designed to submit the victim’s username and password to a remote server hosted in France.

(screen shot)

Netcraft has notified MySpace of the issue, although it currently remains live. Because the fraudulent login page is hosted on MySpace’s own servers and does not exhibit any signs of external content, such as cross-site scripting (XSS) or open redirects, it is convincing and even security-conscious users are at risk of becoming victims. The attack is launched from a profile page, where the username is login_home_index_html, and uses specially-crafted HTML in order to hide the genuine MySpace content from the page and instead display its own login form.

More details and the screenshots by following the link, but Netcraft provides a well-regarded, free browser tool bar for IE and Firefox that prevents phishing vulnerabilities including this one via a community reporting process.

As for MySpace, this is yet another peril of allowing users to have in depth control over their own Web space.

Matthew Broersma at ZDNet UK:

Hacktivismo, a well-known group of human-rights advocates and computer security experts, this week officially released a Firefox-based browser designed to allow anonymous Web surfing.

The browser, called Torpark, is a modified version of Portable Firefox, and can be run directly from a USB drive, meaning it can be used on public terminals in cybercafés. The browser creates an encrypted connection to the TOR (The Onion Router) network, which supplies a succession of different IP addresses. The browser is available here.

“Torpark causes the IP address seen by the Web site to change every few minutes, to frustrate eavesdropping and mask the requesting source,” said Hacktivismo in a statement. For example, a user could be in London and Web sites would see an IP address from a university in Germany, or other addresses belonging to the TOR network.

The browser is the work of Hacktivismo, which operates under the aegis of the influential hacking group the Cult of the Dead Cow. Developers said the browser is different from other anonymous browsers, such as Anonymizer or SecretSurfer, in that it doesn’t cost anything and is small and portable.

There’s more on The Onion Router Network here and as always, you need to have some idea of what is really going on:

The Torpark browser uses encryption to send data over The Onion Router, a worldwide network of servers nicknamed “Tor” set up to transfer data to one another in a random, obscure fashion.

Internet traffic, such as Web site requests, carries information on where it came from and where it’s going. But that’s muddled using Tor, which has been endorsed by the Electronic Frontier Foundation, and is hard to trace back to a source.

One minor downside is that surfing with Torpark is slower than with a typical browser over the same connection.

Torpark cautions that data sent from the last Tor server to the Web site is unencrypted. Since only the user’s connection is anonymous, Torpark advises that sensitive data such as username and passwords should only be used when the browser displays a golden padlock, a sign that a Web site is using encryption.

Not everyone needs anonymous browsing but for those that do, Torpark is an excellent option.

Ed Bott has been doing some testing of the phishing filter in the betas of Internet Explorer 7 and Firefox 2 and has some bad news for Firefox fans. While the IE7 filter seems to work very well, the Firefox filter needs a lot of work. And that’s a problem for today’s users of the phishing filter on the Google toolbar:

Frankly, this is baffling to me. Both Microsoft and Mozilla have been testing this feature for a year. In Mozilla’s case, the testing has been done by Google, which developed the technology as part of its Google Toolbar for Firefox. As a control, I installed Google’s Firefox toolbar on the latest official release of Firefox, 1.5.0.6. It failed to detect two obvious phishing sites as well.

He also has a detailed review of the security features of IE7 and Firefox 2 over at ZDNet.

Update: Ed Bott has more here.

It isn’t quite out yet, but Matthew D. Sarrel at PC Magazine reviews Release Candidate 3 of Firefox:

BOTTOM LINE:
The best browser gets even better with improved tab controls, reworked user preferences, a more robust extensions system, faster page loading and better security.

He gives it 4.5 out of 5 The detailed review is here and while there are some UI changes, the big changes are mostly behind the scenes. The only downside I see:

Firefox 1.5 includes an entirely new extension system, which unfortunately means that many older extensions won’t work (Adblock and Forecast Fox worked properly on our test machine). Developers are updating their extensions as you read this, so the updated extensions could be in pretty good shape by the time 1.5 launches. Mozilla has even revamped the extensions-installation system. Although the process worked well in most instances, the installation, upgrade, and uninstall subsystems were prone to error. When it was installing a new version of an extension, it occasionally left files from older versions behind, which could lead to incompatibilities and browser instability.

I guess it’s all to the good, but it still means taking an extension inventory and checking the compatibility or availabilty of new versions before you upgrade.