wiredmikey writes with this extract from Security Week: "On Friday, researchers from security firm Intego reported that a new variant of Flashback is targeting passwords and as a byproduct of infection, Flashback is crashing several notable applications. Flashback was first discovered by Intego in September of 2011. It targets Java vulnerabilities on OS X, two of them to be exact, in order to infect the system. Should Flashback find that Java is fully updated, it will attempt to social engineer the malware's installation, by presenting an applet with a self-signed certificate. The certificate claims to be signed by Apple, but is clearly marked as invalid. However, users are known to skip such warnings, thus allowing the malware to be installed. ... The newest variant will render programs such as Safari and Skype unstable, causing them to crash. Interestingly enough, normally these are stable programs, so if they start suddenly crashing might be a sign of larger issues."

theodp writes "The WSJ reports that a coalition of Internet giants including Google has agreed to support a do-not-track button to be embedded in most Web browsers — a move that the industry had been resisting for more than a year. The new do-not-track button isn't going to stop all Web tracking. The companies have agreed to stop using the data about people's Web browsing habits to customize ads, and have agreed not to use the data for employment, credit, health-care or insurance purposes. But the data can still be used for some purposes such as 'market research' and 'product development' and can still be obtained by law enforcement officers. Meanwhile, after Google got caught last week bypassing privacy settings on Safari, and was accused of also circumventing IE's P3P Privacy Protection feature, CBS MoneyWatch contacted Mozilla to see if it had noticed Google bypassing Firefox's privacy controls. After reports that Google ponied up close to a billion dollars to Mozilla to beat out a Microsoft bid, this seems to be one of those have-you-stopped-beating-your-wife type questions that has no good answer. Anyway, according to a statement attributed to Alex Fowler, global privacy and public policy lead for Mozilla: 'Our testing did not reveal any instances of Google bypassing user privacy settings.'"

itwbennett writes "In response to Microsoft's claim that Google circumvented Internet Explorer privacy protections (following the discovery that Google also worked around Safari's privacy settings), Google on Monday said that IE's privacy protection, called P3P, is impractical to comply with."

New submitter Dupple writes with a followup to Friday's news that Google was bypassing Safari's privacy settings. Now, Microsoft's Internet Explorer blog has a post accusing Google of doing the same thing (in a different way) to Internet Explorer. Quoting: "By default, IE blocks third-party cookies unless the site presents a P3P Compact Policy Statement indicating how the site will use the cookie and that the site’s use does not include tracking the user. Google’s P3P policy causes Internet Explorer to accept Google’s cookies even though the policy does not state Google’s intent. P3P, an official recommendation of the W3C Web standards body, is a Web technology that all browsers and sites can support. Sites use P3P to describe how they intend to use cookies and user information. By supporting P3P, browsers can block or allow cookies to honor user privacy preferences with respect to the site’s stated intentions. ... Technically, Google utilizes a nuance in the P3P specification that has the effect of bypassing user preferences about cookies. The P3P specification (in an attempt to leave room for future advances in privacy policies) states that browsers should ignore any undefined policies they encounter. Google sends a P3P policy that fails to inform the browser about Google’s use of cookies and user information. Google’s P3P policy is actually a statement that it is not a P3P policy."

DJRumpy points out an article (based on a possibly paywalled WSJ report) describing how Google and other ad networks wrote code that would bypass the privacy settings of Apple's Safari web browser. 'The default settings of Safari block cookies "from third parties and advertisers," a setting that is supposed to only allow sites that the user is directly interacting with to save a cookie (client side data that remote web servers can later access in subsequent visits). ... The report notes that "Google added coding to some of its ads that made Safari think that a person was submitting an invisible form to Google. Safari would then let Google install a cookie on the phone or computer.' Google says this mischaracterizes what the code does, claiming it simply enables 'features for signed-in Google users on Safari who had opted to see personalized ads and other content — such as the ability to “+1” things that interest them.' Google adds that the data transferred between Safari and Google's servers was anonymized. John Battelle writes that the WSJ's story is sensationalist, but that it raises good questions about the practices of ad networks as well as Apple's efforts to stymie industry-standard practices.

Trailrunner7 writes "Researchers are warning about a new remotely exploitable vulnerability in 64-bit Windows 7 that can be used by an attacker to run arbitrary code on a vulnerable machine. The bug was first reported a couple of days ago by an independent researcher and confirmed by Secunia. In a message on Twitter, a researcher named w3bd3vil said that he had found a method for exploiting the vulnerability by simply feeding an iframe with an overly large height to Safari. The exploit gives the attacker the ability to run arbitrary code on the victim's machine."

Trailrunner7 writes "Apple has finally released a fix for the certificate trust issue caused by the attack on DigiNotar, more than a week after the fraudulent certificates were identified and other browser vendors moved to revoke trust in them. While Microsoft, Mozilla and Google had been communicating with users about the issue and pushing out new versions and updates to eliminate the compromised certificate authorities from their browsers, Apple had been mum about the attack and hadn't given any indication of when it might issue an update for Safari. On Friday the company published a security advisory for Mac OS X users, saying that it was removing DigiNotar's certificates from its trust list."

An anonymous reader writes "The latest browser benchmarks are in... again. This is one of the better 'browser battle' articles, though. Chrome 13, Firefox 6, IE9, Opera 11.50, and Safari 5.1 are put through 40-some tests on both Windows 7 and Mac OS X Lion. As a PC guy, I was pretty impressed with the performance of Safari on OS X, and the reader feature looks awesome too. The author also uncovered a nasty Catalyst bug that makes IE9 render pages improperly and freeze up under heavy loads of tabs. The tables at the end pinpoint the strengths and weaknesses of each browser, which is nicer than a 1-10 or star rating. The tests are more thorough than most browser comparisons I've seen."

Orome1 writes with an article in Net Security. From the article: "Microsoft's Internet Explorer 9 has proved once again to be the best choice when it comes to catching attacks aimed at making the user download Web-based malware. This claim was made by NSS Labs in the recently released results (PDF) of a test conducted globally from May 27 through June 10 of the current year, which saw five of the most popular Web browsers pitted against each other. Windows Internet Explorer 9, Google Chrome 12, Mozilla Firefox 4, Apple Safari 5, and Opera 11 were tested with 1,188 malicious URLs — links that lead to a download that delivers a malicious payload or to a website hosting malware links."

itwbennett writes "Yesterday's release of the Amazon Kindle Cloud Reader brought to mind the bad old days of the browser wars, but with a new twist: while the app works on any iOS device, it only works on computers with Safari and Chrome. Blogger Brian Proffitt knows as well as anyone that 'this isn't a deliberate snub of the other browsers. Clearly the developers of this web app had to get it to work on Safari, because that's the only vector to get it onto an Apple device. And, since both Chrome and Safari have a shared ancestor in WebKit, it makes sense that what would work in one browser would work in the other.' But it raises an interesting question: 'If HTML5 and other web technologies are supposed to be open and standardized, then will web app developers have to continually tweak their apps in order to accommodate deficiencies or advantages between browsers, or will browsers have to constantly stay in sync with each other's features just to be able to run all the web apps out there?'"

rennerik writes "A recent study of 100,000 people taking IQ tests compared the scores with which browser the person uses on a regular basis. On average, Internet Explorer users fared the worst, with IE6 users at the bottom of the pile and IE8 users performing slightly better. Firefox, Chrome and Safari fell in the middle with little difference between them. IE with Chrome Frame and Camino landed on top, along with Opera, whose users scored the highest"

An anonymous reader writes "Samsung and Nokia have released initial implementations of WebCL for web browsers. Nokia's version works with Firefox 4 and AMD's App SDK on Windows Vista/7 32-bit and Samsung's version on Mac OS X 10.6.7 with Safari and Nvidia OpenCL GPUs. The implementation has little to no use for average users, but there are a couple YouTube videos that showcase the horsepower of GPUs in physics computations — inside a browser window."

bfwebster writes "Browsing the web this morning, I discovered that the New York Post is blocking iPad users from reading its website via Safari. Instead, iPad users must download and use the NY Post App instead. That app previously required a paid subscription (which is one reason I didn't use it); however, the version I downloaded this morning isn't making any demands for payment. Yet."

oDDmON oUT writes "Techcrunch has a piece about Facebook's Project Spartan, which aims to deliver app store functionality through the use of HTML5 in the iOS Safari browser. Given Facebook's shifting sands privacy stances, as well as their track record with their "trusted partners", I don't think I'd be alone in wondering if this wouldn't put a great big stake in the heart of the assertion that iOS is the most secure operating system in existence today."

dkd903 writes "It turns out that there is a feature in OS X Lion which no one expected and was never announced at WWDC. The feature we are talking about is 'Restart to Safari.' As you might have guessed from the name, this feature makes it possible to restart the Mac into just the Safari browser and nothing else."

AmiMoJo writes "Google announced on its blog that it is dropping support for Firefox 3.5, Internet Explorer 7 and Safari 3 from the 1st of August. In these older browsers you may have trouble using certain features in Gmail, Google Calendar, Google Talk, Google Docs and Google Sites, and eventually these apps may stop working entirely."

jfruhlinger writes "Ever since Apple forked the KHTML project to create WebKit, the rendering engine at the core of Safari, the company has been a good open source citizen, releasing the code back to the community after updates. But that suddenly stopped in March, with no code releases for the last two updates to the iOS version of the browser, for reasons unknown. This might remind you of Google's failure to release the Honeycomb source code. But at least Google announced that it was holding the code back, and Android is under a license that allows for a delay; the LGPL'd WebKit isn't." Update: 05/09 21:21 GMT by S : Reader Shin-LaC points out that Apple has now released the relevant source code.

An anonymous reader writes "Apple's iPhone 3G, iPhone 3GS, the iPhone 4, and iPad models are keeping track of consumers whereabouts. Mac computers running Snow Leopard and even Windows computers running Safari 5 are being watched. But the question is why? 'To provide the high quality products and services that its customers demand, Apple must have access to the comprehensive location-based information,' Apple says."

bonch writes "The latest developer preview of OS X Lion includes a 'do not track' privacy feature in Safari, the latest browser to do so following Mozilla Firefox and Microsoft Internet Explorer. The feature complies with a privacy system backed by the FTC that allows users to declare that they do not wish to be tracked by online advertisers. This leaves Google Chrome as the last prominent browser not to support the feature. As an online advertiser themselves, Google states that they 'will continue to be involved closely' with industry discussions about compliance with the do-not-track system."

An anonymous reader writes "Apple has hit back over claims that the browser shipped with its iPhone, iPod Touch, and iPad devices is significantly slower than Android's equivalent, calling the independent testing 'flawed.' 'They didn't actually test the Safari browser on the iPhone,' Apple's Kerris argues. 'Instead they only tested their own proprietary app, which uses an embedded Web viewer that doesn't actually take advantage of Safari's Web performance optimisations.' This, claims testing firm Blaze.io, is news to the world. 'Embedded browsers are expected to behave, for the most part, the same as the regular browser,' the company stated, defending its methodology. 'However, Apple is now stating that their embedded browser, called UIWebView, does not share the same optimisations MobileSafari does.'"