Archive for Safari

Google To Be Fined Millions Over Safari Breach

Posted in Commentary with tags , , , on May 5, 2012 by itnerd

Bloomberg is reporting that the Federal Trade Commission will fine Google for its breach of Apple’s Safari web browser security. You might recall that happened a little while back. Now the word is that the fine could be as much as $19 million.

The FTC is preparing to allege that Mountain View, California-based Google deceived consumers and violated terms of a consent decree signed with the commission last year when it planted so-called cookies on Safari, bypassing Apple software’s privacy settings, the person said.

Sucks to be them. But given the fact that Google has a history of playing fast and loose with the privacy of its users, they deserve it.

Safari For Mac Has A Serious Security Flaw…. Fanbois Cry In Despair

Posted in Commentary with tags , , , on July 22, 2010 by itnerd

As if problems with iPhone antennas wasn’t enough, Apple now has a new worry. A serious security flaw with their Safari browser that only affects Mac users. Jeremiah Grossman found the flaw and describes it in his blog:

Right at the moment a Safari user visits a website, even if they’ve never been there before or entered any personal information, a malicious website can uncover their first name, last name, work place, city, state, and email address. Safari v4 & v5, with a combined market browser share of 4% (~83 million users), has a feature (Preferences > AutoFill > AutoFill web forms) enabled by default. Essentially we are hacking auto-complete functionality.

Charming. But Grossman did the responsible thing and reported it to Apple. But…:

I figured Apple might appreciate a vulnerability disclosure prior to public discussion, which I did on June 17, 2010 complete with technical detail. A gleeful auto-response came shortly after, to which I replied asking if Apple was already aware of the issue. I received no response after that, human or robot. I have no idea when or if Apple plans to fix the issue, or even if they are aware, but thankfully Safari users only need to disable AutoFill web forms to protect themselves.

Lovely. Another example of Apple dropping the ball when it comes to security…. Again. It gets worse. There’s proof of concept code floating around for this. Just go to this website to see the exploit in action. Just bring Safari on your Mac and see what happens next.

If you want to protect yourself, you have two choices:

  • Go to preferences > Auto-fill, and uncheck “Use info from my Address Book card” if you want to keep using Safari on your Mac
  • Switch to another browser. Chrome and Firefox would be my choices.

Choose wisely.

BREAKING NEWS: Apple Releases Safari 5 [UPDATED]

Posted in Commentary with tags , on June 7, 2010 by itnerd

Apple just posted a press release [Link broken: See below] announcing the release of Safari 5 on their website:

Apple today released Safari 5, the latest version of the world’s fastest and most innovative web browser, featuring the new Safari Reader for reading articles on the web without distraction, a 30 percent performance increase over Safari 4, and the ability to choose Google, Yahoo! or Bing as the search service powering Safari’s search field. Available for both Mac® and Windows, Safari 5 includes improved developer tools and supports more than a dozen new HTML5 technologies that allow web developers to create rich, dynamic websites. With Safari 5, developers can now create secure Safari Extensions to customize and enhance the browsing experience.

Okay. So if it’s available today, why can’t I find it at apple.com/safari or through software update? Perhaps their PR group jumped the gun? It’s also interesting that there was no mention of it during the WWDC event earlier today. Another interesting thing, Bing is in this browser too as a search engine choice. Weird. But it should be available at some point today for Windows and Mac.

UPDATE: Download away! However I will note that the original press release that I linked to earlier has been pulled. That suggests to me that the press release went out early. Here’s the new press release.

Safari 4.0.1 Update Available…. So Far For Mac Only

Posted in Commentary with tags , on June 17, 2009 by itnerd

I’m not sure if Apple has jumped the gun here, but Safari 4.0.1 has appeared in Software Update on my Mac. But I cannot find any mention of it anywhere on Apple’s site. Nor can Software Update on my PC find it. That to me says that either Apple is in the process of releasing it to their Software Update servers (and as a result haven’t updated their website), or they jumped the gun. Another possibility is that this is a Mac only update given what Software Update says about this update:

“This update addresses incompatibilities between Safari 4.0 and certain features in iPhoto 09 including Places and Facebook publishing.”

We’ll see which shortly. In the meantime, I’m installing it on my Mac right now.

Safari 4… Not Bad So Far [UPDATED x3]

Posted in Commentary with tags , on June 9, 2009 by itnerd

I’ve started using Safari 4 on both my MacBook Pro and Windows XP PC at work, and I have to admit that for the most part, it’s a worthy replacement for Firefox on my computers. Here’s why:

  • It’s generally faster than Firefox, and nothing (so far) has proven to be a problem. Although since installing it on my Windows XP machine, the machine does seem to “stall” from time to time. I’ll keep an eye on this to see if this is a problem long term. No such effects have been noted on my Mac.
  • Memory usage is kind of on the high side. Two windows with a total of three tabs ate almost 265MB of RAM.  Firefox only took 52MB of RAM with the same number window and tabs with the same content on the screen. Talk about being a RAM hog.
  • Javascript on Safari does seem to process WAY FASTER than Firefox.
  • Some of the eye candy such as the “Top Sites” feature which gives you a graphical view of the sites that you tend to go to a lot are cool. But I’m sure that accounts for the memory usage that I’m seeing.

If you’ve tried the new Safari, please leave your feedback in the comments section. If you’ve seen this “stalling” problem that I’ve noticed, I’d really love to hear from you.

UPDATE: My “stalling” problem is apparently Safari related. It seems to occupy anywhere from 0% to 30% of the CPU. So it’s a CPU hog as well as a RAM hog. It’s related to Safari’s “Warn when visiting a fraudulent website” feature. I turned it off and my computer became “normal” again. A search of Apple’s discussion boards found this posting that points to a corrupt database. Specifically SafeBrowsing.db. However this is a Mac specific document, but a search of my computer found the file at C:\Documents and Settings\YOUR USER NAME\Local Settings\Application Data\Apple Computer\Safari on my Windows XP computer. I will delete it, turn back on the “Warn when visiting a fraudulent website” feature and see if it improves things.

UPDATE #2: So far that seems to have solved my issue. I’ll continue to monitor the situation.

UPDATE #3: The “stalling” has returned. Unchecking the “Warn when visiting a fraudulent website” feature is how I am dealing with it at the moment until Apple kills this bug. No sign of a similar behavior on my Mac thus far.

Pwn2Own Hacking Contest Proves Absolutely Nothing Is Safe

Posted in Commentary with tags , , , , , on March 19, 2009 by itnerd

It’s day one at the CanSec Pwn2Own hacking contest and the big boys are falling like stock prices on Wall St. Microsoft took the biggest hit of the day when a Sony Vaio running Windows 7 and the allegedly unhackable Internet Explorer 8 were hacked by a hacker named “Nils” who gets to keep the Sony Vaio as well as pocketing $5000 in cash.

You can expect that Microsoft CEO Steve Ballmer is regretting that he said that Internet Explorer 8 had  “protection that no other browser can match.” Of course the fact that IE 8 got hacked right before it was to be released to the public isn’t good either.

“Nils” later went on to hack Safari (Although he wasn’t the first to do that… More on that in a second) and Firefox later in the day earning mad props from those in attendance. The first person to hack Safari however was Charlie Miller who has “Pwned” Apple in the past. He hacked Safari and took over the Macbook that it was running on seconds into the competition to net him both the Macbook and $10000 cash.

You can bet that “The Steve” is somewhere saying “Curses! Pwned again!”

All the participants who successfully hack something have to sign NDA’s so that the companies who get “Pwned” can fix the issues before exploits appear. So you can expect to see a flurry of patches and updates hitting the streets shortly. Oh and by the way, Windows Mobile, Android, Symbian, iPhone and BlackBerry smart phones are all on the table as hacking targets. So you can expect the fun to continue for the next few days.

Apple Releases Safari 4 Beta To The World

Posted in Commentary with tags , on February 24, 2009 by itnerd

This press release just hit the wires announcing the availability of Safari 4 as a BETA:

Apple® today announced the public beta of Safari® 4, the world’s fastest and most innovative web browser for Mac® and Windows PCs. The Nitro engine in Safari 4 runs JavaScript 4.2 times faster than Safari 3.* Innovative new features that make browsing more intuitive and enjoyable include Top Sites, for a stunning visual preview of frequently visited pages; Full History Search, to search through titles, web addresses and the complete text of recently viewed pages; Cover Flow®, to easily flip through web history or bookmarks; and Tabs on Top, to make tabbed browsing easier and more intuitive.

That’s all well and good, but we’ll let web surfers be the judge of how fast and innovative it is. I’ll be downloading a copy shortly and playing with it to see what the fuss is about. If you do the same, please leave a comment and let us know what you think of it.

It’s available for Windows and Macintosh platforms now at apple.com/safari.

IE Loses More Marketshare To Safari, Chrome, And FireFox…. Chairs Will Be Thrown Over This At Microsoft HQ

Posted in Commentary with tags , , on February 2, 2009 by itnerd

Microsoft via their Internet Explorer browser continues to lose marketshare in the browser market to Safari, Chrome, And FireFox. The latest figures from Net Applications gives IE a 67.55% share of the market at the moment, which is a 1% slide since last month. Firefox is up to 21.53% while Safari is up to 8.29% and Chrome is up to 1.12%. All of which are gains over the previous month.

Since March 2008, IE has lost over 7%. I’m guessing that Microsoft is betting that IE 8 which has a release candidate out in the wild will help to stop the bleeding. But perhaps the game is already over. We’ll see when IE 8 actually ships.

Safari Vulnerability Allows “Evil Doers” To Get Your Personal Data

Posted in Commentary with tags , on January 13, 2009 by itnerd

If you use Safari on either the Mac or Windows platforms, then you need to pay attention to this. Brian Mastenbrook who has found a couple of Apple related vulnerabilities in the past, has tripped over another one:

I have discovered that Apple’s Safari browser is vulnerable to an attack that allows a malicious web site to read files on a user’s hard drive without user intervention. This can be used to gain access to sensitive information stored on the user’s computer, such as emails, passwords, or cookies that could be used to gain access to the user’s accounts on some web sites. The vulnerability has been acknowledged by Apple.

He won’t give specific details, but he does have a workaround for you:

Because this vulnerability could be exploited by a phishing site in a way that would not cause affected users to suspect their information had been stolen, users of Mac OS X Leopard should protect themselves until a fix is issued by Apple by choosing a default feed reader other than Safari, such as Mail. To select a different feed reader:

  1. Open Safari and select Preferences… from the Safari menu.
  2. Choose the RSS tab from the top of the Preferences window.
  3. Click on the Default RSS reader pop-up and select an application other than Safari.

The only workaround available for users of Safari on Windows is to use a different web browser.

So take heed and protect yourself accordingly by either following his advice, or by using another browser.

Apple Quietly Ships Safari 3.2.1 Update… Claims “Stability Improvements”

Posted in Commentary with tags , on November 25, 2008 by itnerd

Apple released a Safari update to the world last night with the only documented improvement being “Stability Improvements.” One would think those “Stability Improvements” have something to do with the stabiltiy issues that have plagued Safari 3.2 since its release.

I don’t use Safari myself, so I haven’t tested this release. If you notice anything better or worse in this release, please leave a comment.