Update 4:15 p.m. May 12: The file was actually infected with a remnant part of code from the Xorer Trojan, not with the full Trojan itself, according to a follow-up Mozilla blog post. The remnant "does not infect the user's machine with the virus (and) is a remnant from a virus that most likely infected the language pack developer's machine," Mozilla said. "To minimize the potential of something similar happening in the future, Mozilla is now scanning all add-ons whenever the signatures for the antivirus software are updated."
A Vietnamese language pack infected with parts of a Trojan for the Firefox Web browser was available for download from the open-source Web browser's official add-on site for months.
Mozilla, which oversees the project, announced the problem on its security blog on Wednesday, saying people should disable the add-on pack for now.
"Everyone who downloaded the most recent Vietnamese language pack since February 18, 2008, got an infected copy," Mozilla said. "While we cannot determine the exact number of compromised downloads, there have been 16,667 total downloads of the Vietnamese language pack since November 2007, so we anticipate the impact on users to be limited."
The author of the add-on pack, who acknowledged on Thursday that his machine had been infected, isn't suspected of any intentional harm, according to the discussion of the problem. The author offered a cleaned-up version Thursday that so far appears OK.
Mozilla scans its files for viruses, Trojans, and other problems. But the file had been uploaded nearly two months before the antivirus software could detect the Trojan in question, called Xorer.
(Via SecurityFocus.)
Mozilla released Firefox 3 beta 1 on Monday.
(Credit: Mozilla)A few months later than had been planned, Mozilla released on Monday night the first beta version of an overhauled Firefox, the widely used open-source Web browser.
Firefox 3 beta 1 includes a number of significant features that Mozilla said should improve security, ease of use, rendering of Web pages, and location of previously visited Web pages. And for the new era of rich Internet applications, the browser can run Web-based applications even when the computer is disconnected from a network.
The software is available for Windows, Mac OS X, and Linux at Mozilla's download site in 20 languages. You can also download the English versions for Windows or Mac from CNET Download.com.
Although Microsoft's Internet Explorer remains the dominant Web browser, the open-source rival has achieved a critical mass of users--Firefox has been downloaded more than 400 million times--and it's now common for designers to make sure their Web pages work with the browser. Even Microsoft has bowed to the reality, testing its Live.com Web sites with Firefox and helping with technical issues such as playing Windows Media files from Web pages.
According to the release notes, the core Gecko rendering engine--the component that interprets Web page instructions and draws text and graphics on your screen--has seen major changes in the upgrade to the new version 1.9 used in Firefox 3.
"Gecko 1.9 includes some major re-architecting for performance, stability, correctness, and code simplification and sustainability," the notes said. Those changes "put foundations in place for major performance tuning which have resulted in speed increases in beta 1, and will show further gains in future beta releases."
The Firefox 3 beta had been due to arrive in July, and there's no word yet on when the software will come out of beta. "The final version of Firefox 3 will be released when we qualify the product as fully ready for our users," the release notes said--a polite way of saying it'll be ready when it's ready.
The location bar automatically presents Web pages with the text you type.
(Credit: Mozilla)
A quick test
A quick test of the new browser revealed that various important sites including eBay, Gmail, Amazon.com, and Icanhascheezburger appeared to work fine.
However, I got error messages at two, both with snazzier Web 2.0 user interfaces. Yahoo Mail threw errors and choked, and Adobe Systems' Buzzword online word processor told me the browser wasn't supported. On the other hand, others rich sites were happy, including Picnik and Flickr's Organizr.
Even in just a few minutes of use, I found the location bar's automatic search handy. It popped up lists of previously visited URLs and page titles that contained the words I typed into the location bar, trimming a couple steps out of a few searches.
Yahoo Mail wouldn't work for me with Firefox 3 beta 1.
(Credit: Mozilla)One of Firefox's chief merits is the large collection of extensions that can be downloaded to bring new abilities to the browser. Alas, all four of the ones I use--Fotofox, FireFTP, Delicious Bookmarks, and Foxmarks--don't yet work with the new beta. That's no surprise--the release notes warn such breakage is likely.
Another feature I've been eagerly awaiting is the support for color profiles, which lets people see photos correctly even when they're encoded with color systems besides the long-in-the-tooth sRGB standard. It's not enabled by default, but I switched it on and was delighted to see the test images in a CNET News.com story displayed correctly.
New features
Besides Gecko 1.9, there are a number of areas of change for Firefox 3. Among them:
• Security. New features include the ability to integrate antivirus software with downloads; one-click Web site identity verification; automatic testing to make sure plug-ins aren't older versions found to be insecure and automatic disabling if they are; and support for Windows Vista parental controls.
The location bar indicates bookmarked Web pages with a star.
(Credit: Mozilla)• Ease of use. Touted improvements include downloading that can be resumed after the browser has been restarted or network connection reset; users can zoom in and out of Web pages in their entirety, including layout, text, and graphics; plug-ins can be managed centrally with the Add-On Manager; and mailto links can now launch Web-based e-mail applications such as Gmail, not just local applications on the PC such as Outlook.
• Personalization. Web pages can be bookmarked with one click and tagged with a double-click (though the interface looked rough to me); the aforementioned feature provides a list of possible matching Web pages based on what you type in the location bar; and a new Smart Places folder provides access to pages that are frequently visited or that have been recently bookmarked and tagged.
Correction 10:05 a.m. PST: This blog initially misstated when Red Hat made the announcement. It was Thursday.
Red Hat is working on gaining the Common Criteria certification for its JBoss Enterprise Application Platform for running Java software, the company announced Thursday.
Such certification is a significant step in gaining acceptance among governmental and international customers. The Linux seller is seeking Evaluation Assurance Level 2 across multiple operating systems, not just Red Hat Enterprise Linux, a company representative said.
RHEL 5, the company's main product, currently has EAL 4+ certification, a higher level, on both Hewlett-Packard and IBM servers, and SGI has EAL 3+ and is seeking 4+ certification.
Red Hat has been getting more active in the Java arena. It acquired the JBoss software in 2006 for running Java Enterprise Edition software on servers, though the company has had trouble meeting its JBoss financial targets. And Red Hat announced a partnership with Java creator Sun Microsystems on Monday under which it will contribute to the core Java Standard Edition software project.
Two years after acquiring the company that developed the AppArmor security software for Linux, Novell has laid off team members behind the project, CNET News.com has learned.
AppArmor's founder and leader, Crispin Cowan, joined Novell in 2005 when it acquired his company, Immunix, which developed the software. But he and four others from the project lost their Novell jobs in Portland, Ore., on September 28, Cowan confirmed.
However, he plans to continue AppArmor development. He and two other laid-off AppArmor programmers, Steve Beattie and Dominic Reynolds, launched an AppArmor consulting company on Wednesday called Mercenary Linux.
"I have lots of reputation capital. I can get another job. But I care about AppArmor as a project and I want it succeed," Cowan said in an interview Thursday. However, the change was a surprise: "I'm stunned. I was getting bonuses and raises and awards up until the time I was laid off."
AppArmor, which Novell said will still be hosted on its Web site, is software that grants software only the privileges and access it needs, an approach that reduces the powers a remote attacker can get from a compromised computer. Although leading Linux seller Red Hat is backing an earlier rival technology called SELinux, Canonical is building AppArmor into its next version of Ubuntu, Gutsy Gibbon, and Mandriva has included AppArmor in its new Mandriva Linux 2008.
Novell spokesman Bruce Lowry wouldn't comment on specifics of the layoff, but said job cuts are "part of our ongoing restructuring efforts we've been talking throughout the year." Part of that effort involves "improving our product development process."
Novell will continue updating AppArmor and using and it in its Suse Linux Enterprise Server software, but the development mechanism has changed since Novell released AppArmor as open-source software in 2006. Some companies outsource programming work to India, but with active open-source software projects, there's even lower-cost options.
"An open-source AppArmor community has developed. We'll continue to partner with this community," though the company will continue to develop aspects of AppArmor, Lowry said.
Cowan was concerned that resources need to be focused directly on the project.
"Novell wants the community to pick up maintenance and development of AppArmor. But tossing it in the wind and hoping is not good enough assurance for me, so now it's my business to go find sponsors who are willing to pay for AppArmor development," Cowan said.
Mercenary Linux will write security profiles for software, though that's not a difficult task, as well as translate the software to new hardware, help to embed it in particular devices, and, potentially, revamp it for use on different operating systems, Cowan said.
But chiefly he expects Mercenary Linux to get by on smaller projects. "It's much easier to sell a small chunk of AppArmor development to somebody who needs something specific than it is to sell the whole concept," he said. "If somebody loves us and one day wants to acquire Mercenary, that's great."
I read about some recent teeth-gnashing and eye-rolling by photographers who were distressed by airport security personnel who required them to pull their SLR cameras out of carry-on bags for inspection, as is required for laptop computers, but the official word is that there's no new requirement to do so.
National Association of Photoshop Professionals President Scott Kelby and photographer Richard Wanderman both were required to pull their cameras out for the airport security checks in Minneapolis-St. Paul and Los Angeles, respectively, according to their blogs. Wanderman in particular was concerned because he had two camera bodies and feared that the operation might be a fruitful opportunity for theft.
But it appears their experiences were the exception, not the rule.
"There is no hard and fast requirement for cameras to be removed from bags, though we do reserve the right to ask a passenger or photographer to remove the camera to get a better look at it," said Nico Melendez, a spokesman for the Transportation Safety Administration and an SLR owner himself.
- prev
- 1
- next
