If there was ever an indication that virtual reality might make it in the mainstream market it is when the web browsers start to support it. So far we have heard rumblings that Microsoft, Google and even Mozilla will be throwing their lot in with the VR gang. One of the big reasons for this is that Facebook has already pushed into that territory with their purchase of Oculus VR. After buying the virtual reality headset maker there have been multiple rumors of Facebook making a VR social world as an extension of their existing social network.
After almost a year Mozilla was managed by temporary CEO Jay Sullivan, the company finally decided to appoint a person which will be a permanent solution to the position of Chief Executive Officer. It is a developer and former director of Mozilla technology, 53 year old Brendan Eich.
Mozilla has released Firefox 21, fresh edition of the popular Internet browser. Published versions are intended for PCs and Android devices, and are bringing only minor changes in comparison to the predecessor.
Firefox has caught up with Google’s Chrome browser when it comes to insecurity. After forcing updates on unsuspecting users (we turn on the computer the other day to be told it was already updated) the newest version of Firefox apparently takes screen shots of your pages to put them into their Tab-Thumbnail view including sites that might be encrypted or secure connections (like your banking information). This is a pretty big privacy issue and one that has quite a few people upset.
Google has just released an extension that allows remote control of any system that has the Chrome Web Browser installed. Although still in the Beta stages Google claims that this add-in for their browser will help IT organizations to more easily manage systems in their networks and is completely cross-platform allowing access to Windows, Linux, Macs and even Chromebooks. The interface is probably very similar to other free browser based remote software like join.me, got to my pc, and the plethora of others that are out there. We are also pretty sure that it is just as insecure as these services which have all be compromised in one way or the other. In fact to the best of my knowledge only join.me has not been breached and that is because it does not install a permanent client. It is an on demand service that leaves very little to no trace after you close out the session.
Now, there is a danger that in inherent with any remote control software that resides on a computer as there is always the theoretical chance that someone can gain access to that API and exploit it. In fact it is not the remote control extension that I have a problem with (unless Google embeds it in the browser). Instead I am seeing a pattern that I think it being missed by not only the press but by the mainstream users out there.
Let’s take a look at what we have going on and see if you can spot the issue. Not all that long ago Google released a new API called Chrome Frame that allowed elevated permissions to be granted this API. This meant that users who normally cannot install applications would be allowed to install this API. This maneuver is very underhanded and quite shady. Forcing elevated privileges is a technique used by more than a few people with malicious intent and it makes me wonder about Google’s motivations here.
Next up on the Google hit list was and “false” positive from Microsoft’s Security Essentials which identified Chrome as the W32/Zbot Trojan Horse. When you combine this with Google’s known habit of data collection of their users (ever track what Chrome, Google Toolbar and Google Desktop are doing?) it was not a shock to see this happen. In fact I am surprised that it has not happened sooner.
Now we see a remote control API being added in. I am becoming more and more concerned with Google’s motives and what their end-state is. Plus let’s not forget that the ChromeOS is based entirely off of the Chrome browser. Some of you may remember that this bundling of browser and OS got Microsoft into serious trouble, not once but twice. Where is the outcry over this operating system? I see none from the public or the Government. I guess it helps to have your CEO as the President’s technology advisor.
I think it is time for everyone to take a long hard look at that Google is really doing. I have a feeling that if this is done, you might find that you do not like many of the liberties they are taking with your searches, your web habits and even your personal data.
Discuss in our Forum
In what has to be humorous to those of us that called this last year (yes I was one of them) it has now come out that HTML5 is more full of holes than your average sieve. According to a study out now it appears that HTML5 opens up some serious risks including allowing malicious code to execute cross-domain APIs, ClickJacking, Frame impersonation and worse. One of the problems is that HTML5 (like many other things from Apple) is not compatible with other standards on the net. Some of the “security” features that exist on to prevent cross scripting and window framing (where you put a frame inside a legitimate window to execute malicious code) are rendered useless by the technology in HTML5.
Other items that are bundled into the code are vulnerabilities that allow a service to register itself as a content handler without notifying the user, and a caching API that can be skimmed to collect user information (location, time of last visit and possible the actual page visited) in much the same way that Google’s Chrome browser can. In all there are some 50 Vulnerabilities that were listed in the report which is of serious concern considering Apple’s push to put this technology in place. Perhaps Apple feels that they can ignore these and continue on with their charmed life, or that their OS would be impervious to any threats. No matter the cause, considering Steve Jobs’ impassioned rants about Adobe and how their products are security risks it is more than a little amusing.
Source The Inquirer
Talk about this in our Forum