One of the changes for example regards the Gecko layout engine with improvements in supporting Web standards like W3C Geolocation API, Java Script query selectors, and Web worker threads. Firefox 3.1 Beta 1 also includes support for CSS 2.1 and CSS 3 properties.

Regarding the interface, Firefox 3.1 Beta 1 will have a new tab switching shortcut and improved control over the smart bar.

While on the multimedia side Firefox 3.1 beta 1 will include the support for OGG Theora and OGG Vorbis on all platforms.
Firefox 3.1 beta 1 is currently available for download in more than 35 languages.

Links Firefox 3.1 Beta announcement: http://blog.mozilla.com/blog/2008/10/14/firefox-31-beta-1-now-available-for-download/;
Firefox 3.1 Beta download: http://www.mozilla.com/en-US/firefox/all-beta.html.

The first vulnerability, identified by Bach Koa Internetwork Security, is a buffer overflow that get triggered when a user saves a Web page containing a very long “title” tag. As usual when buffers overflow are exploited, an attacker could use it to inject malicious code to then have control of the victim’s computer.

The second vulnerability fixed is the “carpet bombing” flaw discovered by researcher Aviv Raff. The vulnerability is caused by the use of an outdated version of Apple WebKit by Chrome. The vulnerability causes Windows to download a dangerous Java archive file (JAR) and execute it without any warning to the users.

The vulnerable version released last week is the 0.2.149.27, while the new version is 0.2.149.29.

Links

Google Chrome: http://www.google.com/chrome;

Bach Koa Internetwork Security’s advisory: http://security.bkis.vn/?p=119;

Aviv Raff’s advisory: http://aviv.raffon.net/2008/09/03/GoogleMule.aspx.

According to Google, Chrome’s objective is not to be only a normal web browser, but a platform to better run Web Applications. In order to achieve that objective Google developed Chrome with strong support of JavaScript and AJAX.

One of the various changes that Chrome implements, compared to other browsers, is that each tab behaves as a separate browser with the bookmarks bar, address bar, the menus and the icons inside the tab. Also in Chrome the tabs are grouped by relation. If the user open a new tab from a link in an active page that new tab appears next to the originating page.

The address bar and the search bar are actually merged together in order to save space.

Obviously since Google Chrome is still in beta, it is has many features that are still to be implemented. For example Google Chrome lacks of an interface to manage the saved bookmarks. Chrome is also lacking a progress bar to show how much of a Web page has loaded.

At first only the Windows version is available, but Google is developing a open-source version for Linux.

Links

Google Chrome: http://www.google.com/chrome.

The announcement has been made with a post to IEBlog, the official blog of Internet Explorer.

The privacy will be granted by “InPrivate”, a new technology created my Microsoft. When activated, this function will make all tracks (cookies, history, etc)� volatile; the IEBlog specify that:

• New cookies are not stored
  • All new cookies become “session” cookies
  • Existing cookies can still be read
  • The new DOM storage feature behaves the same way
• New history entries will not be recorded
• New temporary Internet files will be deleted after the Private Browsing window is closed
• Form data is not stored
• Passwords are not stored
• Addresses typed into the address bar are not stored
• Queries entered into the search box are not stored
• Visited links will not be stored

Internet Explorer 8 is currently in beta testing and it is expected to be available close to the end of this year.

Links

Microsoft Internet Explorer: http://www.microsoft.com/windows/internet-explorer/download-ie.aspx;

Microsoft’s announcement: http://blogs.msdn.com/ie/archive/2008/08/25/ie8-and-privacy.aspx.

Links
Microsoft Security Advisory (953818): http://www.microsoft.com/technet/security/advisory/953818.mspx;

Nitesh Dhanjani’s Advisory: http://www.oreillynet.com/onlamp/blog/2008/05/safari_carpet_bomb.html;

Aviv Raff’s Advisory: http://aviv.raffon.net/2008/05/31/SafariPwnsInternetExplorer.aspx.

According to the plan, with this the technology the users set up all the devices they want to use to access the service, upload the documents they want to bring around with any of these devices, and than every time the make a change to these documents the modification will be automatically syncronized to all the devices.

Microsoft is building this technology as a competitor to the more famous Adobe AIR and Google Gears.

The presentation has been made by Ray Ozzie, Microsoft chief software architect, at the Web 2.0 Expo.

Links

Microsoft web site: http://www.microsoft.com;

Live Mesh web site: https://www.mesh.com/Welcome/Welcome.aspx;

According to Sophos, PayPal and its owner eBay were the two most popular phishing targets in 2006 with the 75% of all the phishing e-mails sent.

At first PayPal tried to solve the problem by reimburse the victims for the amount they lost, but eventually this practice was far from be effective and so the company started to work with individual ISPs to create filters against phishing e-mail so they would not reach the users’ mailbox; these filters were based on digital signatures bundled into the PayPal genuine messages in order to prove that these messages were sent in fact from PayPal itself.

But since security plans are never enough, PayPal also started another strategy to protect their users: in order to educate them in the mater of self-protection, PayPal will start to block them if they still use older versions of their browsers and they will be notified that they are required to upgrade to the latest version if they want to continue use the service.

The browsers will be divided in three tiers:

• The first-tier browsers (that currently includes Firefox 2, MSIE 7.0, and Opera 9.25, and successive versions) will be able to log in to Paypal normally.
• The second-tier browsers (the previous to the current version) will be able to log in, but the users will be warned that their browser version is out of date and does not include a phishing filter or does not support Extended Validation SSL certificates.
• The third-tier browsers (that includes all the older versions of the browsers) will be totally blocked from accessing PayPal at all.

For most people this blocking will not be a problem since those browser upgrades are free and usually delivered by automatic-update systems. At first there were concerning for Apple Safari since it does not includes either an anti-phishing feature and the support for “Extended Validation (EV) certificates”, but Friday Paypal stated that it will not ban Safari 2.0 on Tiger until Apple ships the successor to Mac OS X 10.5.

Regarding this plan PayPal states: “In our view, letting users view the PayPal site on one of these [older] browsers is equal to a car manufacturer allowing drivers to buy one of their vehicles without seatbelts.”

PayPal has yet to specify a timetable for when it would switch-on this browser blocking system.

PayPal’s logo is copyrighted by PayPal.

Links

PayPal’s Home Page: http://www.paypal.com;

PayPal’s “Safer Web Browsers Overview” guide: https://www.paypal.com/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/SaferBrowsers-outside;

Edited on 21/04/08: I have updated this article to reflect the PayPal position on Apple Safari.

LAS VEGAS — April 14, 2008 — Today at the NAB Show 2008, Microsoft Corp. announced significant momentum for Microsoft Silverlight resulting from new customers adopting Silverlight to deliver richer, more interactive media experiences on the Web. Building on recent support from major content providers such as AOL and NBC Olympics.com on MSN, Microsoft announced new adoption of Silverlight by media and content companies worldwide, including Madison Square Garden (MSG) Interactive, Tencent, Abertis Telecom, Terra Networks Operations, SBSi, MNet and Yahoo! JAPAN.

“It’s exciting to see broad industry recognition and rapid adoption of Silverlight across the world,” said Scott Guthrie, corporate vice president of the .NET Developer Division at Microsoft. “Silverlight offers customers and partners the highest quality creation and delivery of media, protected content, advertising and rich Internet applications, and we are committed to making it easy for partners to integrate and extend Silverlight capabilities.”

Media Companies Worldwide Choose Silverlight to Power Connected Rich Internet and Media Web Experiences

With an average of 1.5 million daily downloads of the Silverlight plug-in, and growing, adoption of Silverlight around the world continues to accelerate momentum for compelling online media experiences for consumers. Media companies in particular — with an increasing emphasis on utilizing the Internet as a channel for content and new revenue streams — are taking the lead in delivering innovative new Web experiences. Among those media companies announcing Silverlight-based projects are the following:

•	MSG Interactive is using Silverlight as a platform to deliver live on-demand digital content to its huge community of sports and entertainment fans.
•	Tencent, China’s largest Internet portal, with more than 300 million unique viewers, today announced it is developing a series of Silverlight-based next-generation Internet services and media experiences.
•	Abertis Telecom will use Silverlight as the platform for a new video content delivery channel going live this spring, which will provide end users with convenient access to dozens of channels of Spanish-language TV content within a single Web-based application.
•	Terra Networks is using Silverlight as the platform for the new HD channel on Terra TV, its online video and TV platform with service in 18 countries in Latin America and United States reaching millions of subscribers around the world.
•	Announced last week, Yahoo! JAPAN, the most trafficked Web site in Japan, plans to roll out video distribution and Internet services that use Silverlight as the application platform.

“Our implementation of content services enabled by Microsoft Silverlight has significance for both Yahoo! JAPAN and Microsoft,” said Masahiro Inoue, CEO of Yahoo! JAPAN. “We strive to respond promptly and appropriately to the constantly evolving Internet environment and customer needs, and I have high expectations that our use of Silverlight will enable us to provide better services to our customers.”

Recently, at MIX08, Microsoft outlined new capabilities of its end-to-end media platform — including Silverlight 2, Expression Studio 2 and Windows Server 2008 — which offers industry-leading streaming and progressive download capability with Windows Server 2008. In addition, Microsoft presented support for new Silverlight advertising scenarios, and companies such as Microsoft Atlas, DoubleClick Inc., EyeWonder Inc. and Panache were already showing how Silverlight enables next-generation in-stream advertising to better monetize the assets of content owners. At MIX08, Microsoft also announced a strategic alliance with Move Networks, a leading provider of advanced video delivery services. At NAB 2008, Move Networks Inc. is demonstrating a technology preview of Silverlight-based unique branding and navigation elements within, around and on top of Move Networks’ video technology.

New Microsoft Content Protection Support in Silverlight Increases Opportunities for Vibrant Content Marketplace

Silverlight-based content delivery can be protected using a variety of techniques, including Web and streaming playlists, authentication, authorization, stream encryption and digital rights management (DRM). Today Microsoft unveiled details of Silverlight DRM, Powered by PlayReady, the content protection support coming later this year in Silverlight. Silverlight DRM builds on Microsoft’s extensive expertise and experience in content protection and support for hundreds of millions of media players and devices worldwide.

In addition to being compatible with the broadly deployed base of Windows Media DRM 10 content, Silverlight DRM will support live streaming, on-demand streaming and progressive downloads for connected experiences. With the extensibility and openness of Silverlight, third-party solution providers will also be able to build and offer content owners additional choices for their media protection needs.

A number of content owners, aggregators and service providers including BUYDRM, Daum Communications Corp., iMBC Co. Ltd., Limelight Networks, M-Net Media, Netflix Inc., Paramount Pictures, SK Communications, SBSI, a subsidiary of SBS Media Group, and Technicolor have announced their support for the content protection solution to be provided in Silverlight, due to the technology’s proven foundation and support.

“As the dynamics of content distribution continue to accelerate toward the Internet, we need a flexible technology platform that allows us to explore a broad scope of business models and rich user experiences for digital distribution of Paramount Pictures’ wide array of content,” said Dr. Alan Bell, executive vice president and chief technology officer of Paramount Pictures. “With Silverlight DRM, Powered by PlayReady, Microsoft is bringing nearly a decade of heritage in DRM and content access to the table to deliver a solution with a strong technology foundation — allowing us to provide legal alternatives to our audiences enabling them to consume our content in whatever browser or platform they prefer.”

Microsoft will be demonstrating a technology preview of Silverlight DRM at the NAB Show in booth SL5520, and has introduced a preview program for customers to learn more about Silverlight DRM. Additional information, including licensing terms for Silverlight DRM, is available at http://microsoft.com/silverlight.

Many content owners, aggregators and solution providers have announced their support and interest in Silverlight DRM including the following:

“The deployment of Silverlight DRM via the KeyOS Pay Media Platform will offer customers a flexible, robust business-centered rights management solution that will broaden the consumer marketplace for pay media,” said Christopher Levy, CEO of BuyDRM and Microsoft MVP for Digital Media. “We have been working closely with Microsoft to develop one of the industry’s first Silverlight DRM-enabled services offering that is flexible, easy to deploy and provides powerful rights management solutions for a variety of industries.”

“Limelight Networks is a long-time content delivery partner of Microsoft, and was one of the first to support the initial Silverlight experience. We’re pleased today to announce our support for Silverlight DRM, Powered by PlayReady, so that content producers leveraging our high-performance CDN can enable highly secure, profitable streaming experiences through Silverlight 2 technologies,” said Adam Wray, vice president, strategic alliances, Limelight Networks Inc.

“Netflix has used Windows Media DRM 10 to protect the 7,000 choices of movies and TV episodes that our 7.5 million members can watch instantly on the PC,” said Neil Hunt, chief product officer for Netflix. “We look forward to expanding platform coverage using Silverlight with PlayReady, which is expected to satisfy industry requirements for content protection and simplify and improve the end-user experience.”

“The announcement of Microsoft PlayReady and its availability on our platforms will reinforce the position of S60 on Symbian OS as the leading mobile platform for Internet innovation,” said Lee Williams, senior vice president, Nokia Devices Software. “In March we announced that we would bring Silverlight to S60, as well as our Series 40 and maemo platforms. We have also been working with Microsoft for some time on digital rights management. The combination of Silverlight and PlayReady further extends business and monetization opportunities for the industry and raises the bar for rich, interactive consumer experiences.”

“DRM is an integral part of the Technicolor Electronic Distribution Services offer, with Windows Media DRM playing a key role in our technology,” said Mark Langford, vice president, marketing & product management, Thomson Technicolor Electronic Distribution Services. “More recently we’ve expanded our proficiency to include Silverlight, a tool that is exceptionally designed to offer a very compelling user interface for media on the Web. The new support for PlayReady will help us complete the offering of our next generation Live Streaming platform that is based on Silverlight and targeted at tier-one media and entertainment companies.”

“Telstra BigPond, as Australia’s leading provider of audio and video, has been using Windows Media DRM for years and with Silverlight’s support for PlayReady — the latest generation of Microsoft’s media DRM,” said Craig Middleton, group manager, Corporate Relations, Telstra BigPond. “BigPond is looking forward to working with these latest technologies to further enhance its innovative and world-class video and audio content offering to the Australian market place.”

More information on Microsoft’s presence at the NAB Show 2008 can be found at http://www.microsoft.com/media/nab2008.

While the major bug was related to the cross-domain content, the new version included a few other bug fixes as well, like the fix for a streaming content security issue and a “black triangles” issue with full-screen video on ATI video cards.

More information are available on the Security Advisory and the release notes.