Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Internet Explorer 9 safest Web browser? (msn.com)

Pigskin-Referee writes: When it comes to blocking malware, Microsoft's Internet Explorer 9 seems to come out on top, by leaps and bounds, over other browsers.

Tests by NSS Labs to "examine the ability of five different web browsers to protect users from socially-engineered malware" showed that IE9 was able to block this kind of threat 99 percent of the time, beating out Apple Safari 5, Google Chrome 12, Mozilla Firefox 4 and Opera 11.

The closest another Web browser got to that blocking-the-bad stuff rate was Chrome, at a very distant 13.2 percent. At the low end of the blockers was Opera, with a 6.1 percent rate.

NSS also tested socially engineered malware targeted at users in Asia Pacific and in Europe and found IE9 again seemed to blow the others away, with a 95 percent mean block rate in Asia and 92 percent in Europe. Chrome was again second, with a 15.4 percent block rate in Asia being its highest score. Opera again finished last.


Submission + - Apple slaps bandaid on Safari security holes (zdnet.com)

Pigskin-Referee writes: Apple has shipped new versions of its Safari browser to fix numerous security holes that expose Windows users to malicious hacker attacks.

The Safari 5.1 and Safari 5.0.6 addresses gaping security holes in Safari and WebKit, the open-source browser rendering engine. These updates are available for Safari users running Windows XP SP2, Windows Vista and Windows 7.

According to Apple’s advisory, some of these vulnerabilities could lead to drive-by download attacks, full system compromise, denial-of-service conditions of cross-site scripting attacks.


Submission + - WebGL - A New Dimension for Browser Exploitation (contextis.com)

Pigskin-Referee writes: WebGL is a new web standard for browsers which aims to bring 3D graphics to any page on the internet. It has recently been enabled by default in Firefox 4 and Google Chrome, and can be turned on in the latest builds of Safari. Context has an ongoing interest in researching new areas affecting the security landscape, especially when it could have a significant impact on our clients. We found that:

        A number of serious security issues have been identified with the specification and implementations of WebGL.
        These issues can allow an attacker to provide malicious code via a web browser which allows attacks on the GPU and graphics drivers. These attacks on the GPU via WebGL can render the entire machine unusable.
        Additionally, there are other dangers with WebGL that put users’ data, privacy and security at risk.
        These issues are inherent to the WebGL specification and would require significant architectural changes in order to remediate in the platform design. Fundamentally, WebGL now allows full (Turing Complete) programs from the internet to reach the graphics driver and graphics hardware which operate in what is supposed to be the most protected part of the computer (Kernel Mode).
        Browsers that enable WebGL by default put their users at risk to these issues.

Slashdot Top Deals

Error in operator: add beer