Latest ads
-
Power Lifting Lever Belt- SkullVamp
- Updated:
-
port.lk Domain for sale
- Lankan-Tech
- Updated:
-
Colombo Kaduwela - Two Storey House for Sale- dilrasan
- Updated:
-
Wechat qr verification
- Pawan2005
- Updated:
-
🚀 GOOGLE AI PRO 18 MONTHS ACTIVATION 🚀- sayuru bandara
- Updated:
What is the best Browser
- Thread starter Dreamworks_naveen
- Start date
Serious Security Flaw in Google Chrome (Carpet-Bombing)
Google Chrome has quickly become one of our favorite browsers , but as Ryan Narraine, a security evangelist at Kaspersky Lab, reports, Chrome has also inherited a potentially serious security flaw from the old version of WebKit it is based on. An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering.
Security expert Aviv Raff, who first discovered this flaw, set up a demo of the exploit here. (Note: This page will automatically download a Java file onto your desktop). You can safely click on the download, as it only opens up a notepad application written in Java.
Carpet-Bombing
The problem here is that, after a user double-clicks the download at the bottom of the screen, this application is opened without any warning, which would allow a malicious hacker to easily execute any Java program on a user's machine.
Two facts make this exploit especially embarrassing for Google. First of all, Google stressed the security of Chrome in both the official announcement as well as in today's live video demo just before the launch.
Apple Already Did It
More importantly, as ZDNet reports, Apple already patched WebKit against this flaw when it released Safari 3.2.1 in July, though only after the flaw had been known already for more than two months. Google, however, is using an older version of WebKit as the basis for Chrome.
Social Engineering
Obviously, this exploit only works because of the social engineering behind it. Just like some pop-up ads trick users into clicking "OK" because the ad mimics a typical system message in Windows, this exploit would trick users who are not yet familiar with Chrome's interface into believing that the download is actually just part of the web page.
what do u say about this ????
Google Chrome has quickly become one of our favorite browsers , but as Ryan Narraine, a security evangelist at Kaspersky Lab, reports, Chrome has also inherited a potentially serious security flaw from the old version of WebKit it is based on. An attacker could easily trick users into launching an executable Java file by combining a flaw in WebKit with a known Java bug and some smart social engineering.
Security expert Aviv Raff, who first discovered this flaw, set up a demo of the exploit here. (Note: This page will automatically download a Java file onto your desktop). You can safely click on the download, as it only opens up a notepad application written in Java.
Carpet-Bombing
The problem here is that, after a user double-clicks the download at the bottom of the screen, this application is opened without any warning, which would allow a malicious hacker to easily execute any Java program on a user's machine.
Two facts make this exploit especially embarrassing for Google. First of all, Google stressed the security of Chrome in both the official announcement as well as in today's live video demo just before the launch.
Apple Already Did It
More importantly, as ZDNet reports, Apple already patched WebKit against this flaw when it released Safari 3.2.1 in July, though only after the flaw had been known already for more than two months. Google, however, is using an older version of WebKit as the basis for Chrome.
Social Engineering
Obviously, this exploit only works because of the social engineering behind it. Just like some pop-up ads trick users into clicking "OK" because the ad mimics a typical system message in Windows, this exploit would trick users who are not yet familiar with Chrome's interface into believing that the download is actually just part of the web page.
what do u say about this ????
I've got to say that i still stick with opera. It's getting better each update.
Firefox 3 is really an improvement over the 2 series. I now use both browsers alternatively coz i need the help of some firefox plugins when browsing and dowloading from youtube
Has to commend the efforts of the lankans for xAurora. But from the screenshots it's interface looks too jumbled. If it's customizable then ok. but what about the plugins and does it affect the speed of operation. I've not downloaded or tested it yet. I'll not until a simpler interface shows up on the sceenshots. (fastest, coded in assembly is just old propaganda and everyone does it) But keep it up guys, u'r doing a great job for our country.
Google Chrome . . . pretty impressive. but as ever is anything from google, it's a beta . . google is never known for "stable" release versions.
Firefox 3 is really an improvement over the 2 series. I now use both browsers alternatively coz i need the help of some firefox plugins when browsing and dowloading from youtube
Has to commend the efforts of the lankans for xAurora. But from the screenshots it's interface looks too jumbled. If it's customizable then ok. but what about the plugins and does it affect the speed of operation. I've not downloaded or tested it yet. I'll not until a simpler interface shows up on the sceenshots. (fastest, coded in assembly is just old propaganda and everyone does it) But keep it up guys, u'r doing a great job for our country.
Google Chrome . . . pretty impressive. but as ever is anything from google, it's a beta . . google is never known for "stable" release versions.
Hay fellows,
I saw the thread and I'm very very sad thoese who said things against XAurora, if you are a Rea Sri Lankan you won't tell anything against it. Most of people use firefox because of it's addons that's true but how many of you know thoese things could be vulnerable
yes because the name of open source. I'm not against Open Source Softwares, but remember XAurora is closed source but free, that means others can't get the source of it, that makes it secure that's 1 point, others are,
It has AI engine so it can detect any threats coming through internet
It has offline firewall
It runs on a Virtual environment ( if newly threat comes it runs only in the virtual environment, then the AI database will add the details and prevent any attacks like that in future)
You are promoting browsers which are made from other people, if you are real Sri Lankans and also have to be proud about our country, will surely use and promote this, This is pure Sri Lankan, some will tell there is IE engine driven, you can test that with uninstalling IE
Dont' try to say anything against XAurora in future if you are not a Sri Lankan you can continue promoting other browsers 
I saw the thread and I'm very very sad thoese who said things against XAurora, if you are a Rea Sri Lankan you won't tell anything against it. Most of people use firefox because of it's addons that's true but how many of you know thoese things could be vulnerable
yes because the name of open source. I'm not against Open Source Softwares, but remember XAurora is closed source but free, that means others can't get the source of it, that makes it secure that's 1 point, others are,It has AI engine so it can detect any threats coming through internet
It has offline firewall
It runs on a Virtual environment ( if newly threat comes it runs only in the virtual environment, then the AI database will add the details and prevent any attacks like that in future)
You are promoting browsers which are made from other people, if you are real Sri Lankans and also have to be proud about our country, will surely use and promote this, This is pure Sri Lankan, some will tell there is IE engine driven, you can test that with uninstalling IE
Dont' try to say anything against XAurora in future if you are not a Sri Lankan you can continue promoting other browsers 
Anusha said:
"I don't know how much compatible it is with sites, or how safe it is. I really don't know."
shame for u
nothing else... xAurora has all the compatibilities... any one needed to use and feel it.. thats all
"And I refuse to use something that is NOT "known well" for safety"
shame again..
Aurora has the security features that any browser ever can't even imagine to add. Thats y i said that u have to use it BE FORE GIVING SOME COMMENTS...
"It might have safety
features, but it's not proven anything YET"
100% agreed.. because xAurora just coming to the world... it need time to convince you .
on the other hand xAurora doesn't need your approvement he he poor guy..
ICTA, Govt Depts, and even Microsoft and Apple are looking deep in to it and replying us wat i've mentioed earlier..
i can't repeate here wat MS and Apple did or their comments...
I'm now having a feeling that you are a guy (like some damn countrymen do) do not wanna see a country product comming out side and compete the other sudda guy's products...
Shame and very sad to here that...
any way... i hop one day very near very near you can see the World...
I'm too busy with the work so i'm not coming frequently..
Sorry if any inconvenience
regards bro
cha_sl said:Firefox on the lead.. i'm with the leader
lol still the leader is IE. like 70% of the market i think
Anusha said:
lolz.. k i dun have any idea about programming ..
correct according to your view.. Well lets forget abt it.,..on what basis you say the excecution is not good an its not in acceptable level..?
when u are commenting juz let us know the exact reason of your comment because ur comments are so useful for the development team to improve its features u know..? ty 
I have seen some wrong things about most posts. They just tell with out thinking. They must try other web browsers, after that give ur idea with evidences. Other wise there is nothing to talk. Come with ur idea, and prove it. That’s the best way…. Other wise there is nothing to do here.
xAurora exposed !!!
http://kalingasblog.com/xaurora/xAurora2008_exe_hack.htm
http://sinhala.kalingasblog.com/2008/10/20/xaurora-browser/
Read the comments till the last one
http://kalingasblog.com/xaurora/xAurora2008_exe_hack.htm
http://sinhala.kalingasblog.com/2008/10/20/xaurora-browser/
Read the comments till the last one
