Firefox 1.5 is out and has already been downloaded 2 million times. Have you got your copy yet?
- Automated update to
streamline product upgrades. Notification of an update is more
prominent, and updates to Firefox may now be half a megabyte or
smaller. Updating extensions has also improved.
- Faster browser navigation with improvements to back and forward button performance.
- Drag and drop reordering for browser tabs.
- Improvements to popup blocking.
- Clear Private Data feature provides an easy way to quickly remove personal data through a menu item or keyboard shortcut.
- Answers.com is added to the search engine list.
- Improvements to product usability including descriptive error pages, redesigned options menu, RSS discovery, and “Safe Mode” experience.
- Better accessibility including support for DHTML accessibility and assistive technologies such as the Window-Eyes 5.5 beta screen reader
for Microsoft Windows. Screen readers read aloud all available
information in applications and documents or show the information on a Braille display, enabling blind and visually impaired users to use equivalent software functionality as their sighted peers.
- Report a broken Web site wizard to report Web sites that are not working in Firefox.
- Better support for Mac OS X (10.2 and greater) including profile migration from Safari and Mac Internet Explorer.
- Many security enhancements.
The Burning Edge has more detailed lists of new features and notable bug fixes.
BT's new vehicle tracking system found its first stolen car before the system had gone live.
The car, an Audi A4, belongs to David Thomas–project manager for the
new BT Trackit system. It was stolen outside his house on Nov. 2 and
was recovered, undamaged, the same day.
Thomas was alerted to the theft by BT's Secure Operating Centre. Using satellite-based tracking technology,
the car was pinpointed and the local police were informed and were able
to recover the vehicle. The car had been abandoned six miles away.
They insist they didn't invent the story, but damn, what a coincidence.
You can add Encarta to your MSN
Messenger buddy list and ask it questions. The answers are totally
fascinating. But first… here's how to get this going..
1. Open MSN Messenger and sign in.
2. Add Encarta as a contact: firstname.lastname@example.org
3. Double click Encarta from your Contact List.
4. Ask a question!
[23:00] Xavier: Are you a real person?
[23:00] Encarta® Instant Answers: No Xavier, I am a robot.
[23:00] Xavier: Would you like to be a real person?
[23:00] Encarta® Instant Answers: I guess I'd like to be, but I'm not sure I'd like to be a real person.
[23:00] Xavier: I can turn you into a real person.
[23:00] Encarta® Instant Answers: Thank you, but I think I'll remain as a robot.
In a situation when a host is located on the trusted side of the network
behind the PIX firewall, there is a possibility to prevent a new
legitimate TCP connection to be established to the host located on the
other side of the firewall. In order to execute such an attack, an
attacker would send a specifically crafted TCP packet with a set
incorrect cheksum through the PIX firewall pretending to be originated
from a legitimate host. S/he would need to specify the source and
destination IP and port, and once such packet is received by the PIX
firewall, there is no possibility to establish a new TCP session with
the credentials specified in the malicious packet. The downtime of the
connection is around 2 minutes 2 seconds, after which the new connection
can be established again and the PIX resumes the normal operation mode.
Such attack does not affect the connections that are already established
through the PIX.
Although, it would take a lot of packets to disrupt the communication
between the hosts completely, we assume that the attacker's aim is to
prevent the communication to a specific service on the remote hosts,
e.g. SSH, SMTP, TCP-syslog, and it takes around 15 seconds to generate
and spit out 65535 packets with a custom source port on a 100mbit lan.
Get the details on SecuriTeam.com (or see the original post on Full Disclosure). This look to affect versions
6.3 and below. There is a related exploit for version 7.0.
Syskey also enables you to configure the machine to prompt for the
computer startup key at boot time (this can be up to 128 characters
long) – this is a great option for laptops as it simply takes the form
of a password(phrase) that you enter before logging into Windows. The
beauty of this approach is that the key nor any form of the key (such
as a hash) are actually present on the machine so there's nothing to
crack unless you count brute forcing the encryption of the Master Keys
which would take significant computational effort – read (a very long
time!) = longer than the data's likely to be of value
Nice little hack from Steve Lamb's Blog.
A computer hacker will be trying to break into one of California's
electronic voting machines next week, with the full cooperation of the
secretary of state.
Harri Hursti, a computer security expert from Finland, will be trying to
demonstrate that voting machines made by Diebold Election Systems are
vulnerable to attacks by computer hackers seeking to manipulate the results of
Last May, Hursti and another computer security expert tested a Diebold
system for the elections supervisor in Leon County, Fla. They quickly broke
into the system, changed the voting results and inserted a new program that
flashed the message “Are we having fun yet?” on the computer screens.
Interesting stuff. Get the full article on SFGate.com. If you are really interested in the security of voting machines, check out Washburn's World.
John's a friend of mine that has worked his tail off to improve our
voting rights by exposing the errors in our voting systems… both
technical and bureaucratic systems.