Windows Phone 7, Android, Chrome, and Firefox Survive Pwn2Own

Earlier in the week, we reported that Internet Explorer (running on Windows 7) and Safari (running on Snow Leopard) had been hacked almost instantaneously on the first day of pwn2own, an annual hackfest. Google’s Chrome browser made it through as the sole participant who had registered to take a crack at Chrome failed to turn up.

pwn2ownThe following days of the competition witnessed Firefox web browser, and Android and Windows Phone 7 mobile operating systems survive pwn2own 2011 in a similar manner as contestants either failed to turn up or withdrew.

On the other hand, Apple’s poor show in the competition continued with the legendary Charlie Miller succeeding in bypassing iPhone’s defense by exploiting a bug present in Mobile Safari.

RIM’s Blackberry OS, which was tested next, also fell quite easily. Once again, a flaw in its Webkit based browser was the culprit. The team made up of Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann targeted the browser as unlike RIM’s operating system, WebKit is well documented and well known.

Meanwhile, after examining the vulnerabilities exploited by Stephen Fewer to hack Internet Explorer 8, Microsoft has stated that they have already fixed the concerned vulnerability in Internet Explorer 9. It didn’t however explain why older versions of internet explorer were yet to be patched, and when, if at all, they will be patched. All the exploits used in the competition are properties of TippingPoint ZDI, which passes them on to the concerned vendors, and provides them six months to fix the issue.

Safari and Internet Explorer Fall on Day 1, Chrome Remains Undefeated in Annual Hackfest

History repeated itself, once again, on the first day of pwn2own, an annual hacking competition where hackers try to break through the defense of modern browsers and operating systems. Safari and Internet Explorer were once again successfully exploited by hackers, while Chrome remained unchallenged and undefeated.

Pwn2OwnSafari, which was the first browser to be challenged, fell within five seconds. The French security firm VUPEN managed to both execute arbitrary code (launch the Calculator), and bypass sandbox protection (write file on the hard disk). The technique used by VUPEN required development of tools from the scratch and took about three weeks to put together. VUPEN’s success is notable because shortly before the contest began, Apple patched as many as 62 vulnerabilities in a massive security update.

Next up was Internet Explorer, which met a similar fate at the hands of Stephen Fewer. Fewer exploited three separate vulnerabilities to execute Calculator and write a file to the disk. Unlike Apple, Microsoft hadn’t even bothered to issue any security updates last week.

The final browser that was supposed to be tested today was Chrome. However, the single contestant who had signed up to take a crack at Chrome didn’t turn up. So Chrome finished the day unchallenged and undefeated. Like Apple, Google had also released a major security update to Chrome in which at least 24 vulnerabilities were patched. It’s likely that the contestant dropped out because the zero-day vulnerability he planned on using was fixed by Google.

Firefox is slated to be challenged tomorrow. Should it fall, Google Chrome will be the last browser standing for the third consecutive year. Opera is not included in the competition as the organisers are of the opinion that its current user base of 53 million is not large enough.

GetJar Bans Opera for Bundling Opera Mobile Store

OperaYesterday, we reported that Opera Software had launched its own app store called Opera Mobile Store. It appears that within a day of its launch, Opera has managed to ruffle some feathers. Earlier today, Opera Mini was kicked out of GetJar one of the largest multi-platform mobile application repositories. The reason is quite obvious. Updated versions of Opera Mini and Opera Mobile include a speed dial entry to Opera Mobile Store, thus effectively bundling the app store with the browser.

While it’s true that Opera Mini violated GetJar’s ToS (Terms of Service), I find it hard to be entirely supportive of GetJar’s decision. It’s something I would have anticipated from Apple, but not from GetJar. Nevertheless, at least, GetJar isn’t trying hiding behind false pretenses. Patrick Mork, Chief Marketing Officer of GetJar admitted that competition is the reason Opera Mini was pulled.

The simple problem is that Opera mini decided to include a competing app store in its browser. Although we don’t have any issue with this in principle, in practice it means that consumers might start using this app store instead of visiting GetJar to get their favourite apps. This robs GetJar of traffic and therefore of the advertising necessary to keep our service free for the more than 25 million consumers that use GetJar. It also jeopardizes an ecosystem that has generated over 1.6 billion downloads for tens of thousands of developers who depend on us to make money from their apps. Don’t get me wrong: we’re happy to go head-to-head with any other app store and are certain that once you’ve tried the Opera App store you’ll find the depth of content, discovery and download from GetJar more compelling than ever. But it’s an another thing entirely to help competitors grow their business at our expense or that of our community.

Before being banned, Opera Mini was one of the most popular apps in GetJar, with a total of more than 30 million downloads. Apparently, GetJar and Opera has been in discussions for the past several months. The discussions are still going on, and Opera Software has indicated that it is interested in working with GetJar to find a reasonable solution. So, don’t rule out a comeback yet.

Password Sync Coming to Opera, Soon

Opera With the introduction of Opera Link in 2007, Opera became one of the first browsers to support profile synchronization out of the box. Although Opera Link has received multiple enhancements since then, it still has a pretty big shortcoming. It can’t sync passwords. However, that might be about to change.

Last year Opera had explained that they wanted to support password synchronization; however, given the sensitive nature of the data, they wanted to get it absolutely right before launching it. It appears that the wait might finally be over. Favbrowser was tipped off by a reader that one of the Opera 11.10 snapshots contain a “SyncPasswordManager” setting buried inside opera:config.

Although this setting was removed in the most recent snapshot, I am fairly confident that the appearance of the setting is an indication that Opera is planning to launch this feature soon. In the meanwhile, you can install the excellent LastPass extension for Opera to be able to access your passwords from pretty much any browser and any operating system. The latest version can even import Opera Wand passwords. Roboform fans can also check out the new RoboForm Lite adapter for Opera.

Opera for Mac Now Available for Download from Apple’s App Store, If You Are Above 17 (No Kidding)

After becoming the first non-webkit based browser to be approved on the iOS App Store, Opera has also become the first non-native browser to be available on the Mac App Store. However, there is a catch. You have to be above seventeen to download it from the App Store. Opera has been categorized as an age restricted download due to “frequent/intense mature/suggestive themes”, to use Apple’s words. Of course, given that Opera is simply a web browser, it should be obvious to any sane person just how ridiculous Apple’s categorization is.

Opera-Mac-App-StoreAlthough insane, this bit of news isn’t exactly surprising. It has been Apple’s long standing policy to categorise any app that allows access to the internet as an age-restricted download, as it’s possible to browse adult themed websites with such apps. Apple had earlier classified Opera Mini for iPhone as a porn app due to the same reason. Of course, every Apple operating system ships with Safari pre-installed, and Safari can also be used to open any website on the interwebs. To be honest, the entire thing reeks of double standard, but being fair isn’t exactly Apple’s strongest suit. In fact, it’s almost unreasonable to expect that from a high-handed company like Apple.

Opera Software reacted to the classification in its characteristically funny way. Jan Standal, VP of Desktop Products for Opera Software, expressed his concern by saying that, “Seventeen is very young, and I am not sure if, at that age, people are ready to use such an application. It’s very fast, you know, and it has a lot of features. I think the download requirement should be at least 18.”

One of the reasons why Opera might not be complaining is because they might be pleased to get approved in the first place. Opera for desktop includes an inbuilt torrent downloader that makes torrent downloading so simple that even my grandma could do it. In the past, App Store reviewers haven’t been too kind to torrent clients, given that Apple views torrents as a vehicle for infringing third party rights.

If you are a Mac user under seventeen, you can always download Opera from the official website, where no one will ask you to furnish your credit card information just to download a free web browser.

Opera Gets Hardware Acceleration, Finally!

As todays browsers gear up to become the app platform of tomorrow, performance is more important than ever. We have already seen browser-makers fighting it out over JavaScript rendering performance. Whether it is Chrome with Crankshaft enabled V8, or Opera with Carakan, or Safari with Nitro, browsers of today are light-years ahead of browsers from even a couple of years back. The next big step for browsers is hardware acceleration. Chrome 9 already supports it through flags, Firefox will support it with v4, and Internet Explorer will do the same with v9. Now, Opera Software is also gearing up to join the club.

Opera Software has just released a Labs build with full hardware acceleration support. This has been in the cards for a long time. Opera had released an experimental build with 3D canvas as far back as in 2007. In 2008, it had published a video demonstrating Opera with hardware acceleration. Then in 2010, it released Opera 10.5, which featured a highly optimized Vega graphics render. We had mentioned in our original coverage that the new optimized software renderer meant that Opera Software was preparing to add hardware acceleration. Opera Software stated as much in its Up North Web event. Unfortunately, they could not get hardware acceleration ready in time for Opera 11.

Opera’s hardware acceleration feature is superior to what is present in Firefox and Internet Explorer. Opera Software’s Tim Johansson explained:

Like IE9 and Firefox 4, we do full hardware acceleration of all draw operations – but unlike those browsers, who only offer this acceleration on Windows Vista and Windows 7, our implementation will run on any OS with sufficient hardware support. This means we can have full hardware acceleration on Windows XP, Linux, Mac OS X and OpenGL ES 2 capable devices such as recent smart-phones and web-enabled TVs.


Currently only OpenGL backend is supported; however, Direct3D support is planned for future builds. If you wish to try out Opera with hardware acceleration, head over to the Core Concerns blog. To confirm that hardware acceleration is indeed working, open “opera:about” page. If it mentions Vega backend as OpenGL, you are good to go. Otherwise, you will have to download the latest drivers for your graphics adapter. However, keep in mind that this is a lab release, and might be even more unstable than standard snapshot releases. Opera has stated that they don’t plan on including hardware acceleration in 11.10, and given their track record, I don’t expect to see this feature graduating from labs to regular builds within the next couple of months.

Nokia N8 Running PR 2.0 Firmware Caught On Video

It was late last month that Nokia released the PR 1.1 update for the latest Symbian based handsets including the N8, C7 and C6-01. The PR 1.1 update hardly brought any noticeable changes to the end users.

Nokia has stated that the PR 2.0 update for the latest Symbian handsets will improve some of the heavily criticized aspects of the phone including the web browser and the text input mode system.   Now, the folks over at MyNokiaBlog have managed to get their hands on a video which shows an N8 running on PR2.0 firmware.

Below is the video of a Nokia N8 running PR 2.0 firmware :

The video shows an updated version of the in-built mail client on the N8 along with an updated browser. The new browser has an updated UI and also supports tabbed browsing.

The new portrait QWERTY keyboard which will be included with the PR2.0 firmware is also shown on the video. The Timed Profile’ feature has also been made a bit more accessible and users can select the option right from their homescreen.

The PR 2.0 firmware is expected to come out sometime in March or early April, so Nokia still has time to add new features and improve the performance of the device.

New Snapshot of Opera 11.10 Released: Makes Speed Dial Fluid

Speed Dial is undoubtedly one of the most loved features in Opera. It’s also probably the most emulated. Opera first added speed dial back in 2007, to provide a convenient and quick way to access the most frequently visited websites. Since then we have seen Chrome, Safari, Internet Explorer and others implement variants of this feature.

In the meanwhile, Opera worked on improving speed dial by adding support for background images, customization options, and wide-screen resolution support. Now, the veteran browser maker says that it is ready to take speed dial to the next level. “We are going to make Speed Dial more fluid, dynamic and easier to use”, Cezary KuÅ‚akowski from Opera Software wrote on the Desktop Team blog.

The just released snapshot of Barracuda (Opera 11.10) provides a first look at the planned changes by introducing the new “flow layout”. To be honest, as of now, the new flow layout doesn’t do anything earth-shattering. It just makes the speed dial behave a lot more like a webpage. If the browser window is resized, then instead of your speed dials being shrunk, a scrollbar will appear. Also the cap on number of speed dials is gone. Now, it seems that you can have as many visual shortcuts as you want.


The new snapshot also introduces a new “Discoverability” feature that will subtly encourage users to try new features. If done right, this can turn out to be a really smart move, as Opera has scores of awesome features, that even many old-timers aren’t aware of. Opera promises that discoverability will not be annoying or frustrating. However, I couldn’t check it out as till now I haven’t managed to figure out the three features that were added to discoverability. Let me know if you guys fare better.

The snapshot is available for Windows, Mac and Linux. However, don’t forget that this is an early preview build, and is likely to have stability and performance issues.

[ Download Opera 11.10 Barracuda Snapshot ]

Update: I spotted one of the “discoverability” tips. It was simply a tip regarding using “+g” for performing a Google Search using the URL bar. I must say that the tip was extremely well integrated into the interface, and wasn’t awkward or annoying in anyway.

Opera Software’s Revenues Surge On the Back of Operator Tie-ups

Earlier in the week, Opera Software released its quarterly financial report. The final quarter of 2010 saw Opera increase its user base to 170 million, out of which 53 million belonged to Opera for desktop. The past year also witnessed Opera Software going from being the the red to recording record revenues. One of the most significant contributors to its turnaround was operator tie-ups, which Opera had been focusing on during the past few quarters. Opera’s partners include several big names like Vodafone and MTS. While mobile service providers benefit from the partnership by being able to provide its users a customised version of Opera Mini, which reduces bandwidth costs, highlights their web-properties (through speed-dial), and encourages mobile surfing, Opera Software profits from the licensing fee. The number of operator-branded Opera Mini users jumped from 2.1 million in Jan 2010 to 11.5 million in Jan 2011. Other than that there were approximately 90 million Opera Mini users last month.


Although partnerships with operators helped Opera generate a significant amount of revenue, the Norwegian browser maker credits stronger than expected desktop and device revenues (chiefly gaming consoles and connected TV) for the higher than expected total revenue. AdMarvel also made a significant positive contribution.


As expected Opera’s profits also saw a sharp increase. However, one-off expenses like closing of Czech offices, and shifting of Opera’s server park from Norway to Iceland pulled down the profit percentage. In the near future, Opera aims to refresh its mail offering by leveraging the previously acquired Fastmail, develop Open Mobile Ad Exchange to generate revenue from mobile browsers, popularize Opera Mobile Store, and aggressively monetize Opera for desktop (see screenshot embedded below).


Google Chrome 10 Beta Released; Faster than Rabbits

I have been using Google Chrome 10 for almost 3 months now, and have been bumped to Google Chrome 11 in the development channel. My experience with Google Chrome 10 has been really good with it being two times faster than Google Chrome 9 thanks to the new Crankshaft technology in their JavaScript V8 engine.

Google Chrome

If you are someone who does not like to use development software but can use beta software, here is some good news. Google just announced that they are releasing Google Chrome 10 to the beta channel with the new Crankshaft technology.

Google Chrome 10 Benchmark

As I had confirmed earlier, this new build is twice as fast as 9 and makes browsing a breeze. Chrome 10 beta also introduces GPU-accelerated video which makes uses of your graphics hardware to display videos and decreases CPU usage. Google claims that full screen video will decrease by almost 80% in Chrome 10 beta.

Google Chrome 10 also includes the ability to sync your passwords along with bookmarks, preferences, themes and extensions. Google also provides users with the ability to encrypt the passwords with your own sync passphrase ensuring security for your stored data.

(click here if you can’t watch the video)

The settings/preferences has also been moved to its own page just like it is in the that is used on the Cr-48 netbooks. Overall, the release of Google Chrome 10 beta brings a lot of goodies your way and brings it close to a stable release. If you are using Google Chrome beta, go to Settings -> About and Check for Updates to upgrade to the latest version.