Teenager Wins $60,000 at Pwnium 2 by Hacking Google Chrome

The second installment of Google’s hacking fest Pwnium has just wrapped up, and once again Google Chrome’s security features were successfully bypassed. Earlier this year, Chrome fell for the first time when VUPEN managed to exploit Chrome within five minutes at the first installment of Pwnium. During the same event, two more hackers – Pinkie Pie and Sergey Glazunov, managed to humble Chrome and bag the top award of $60,000.

Google-Chrome-PwniumThe second edition of Pwnium was organized as a part of the ‘Hack in the Box 2012′ security conference held in Kuala Lumpur. This time around, Chrome’s sandboxing mechanism was defeated by exploiting two flaws – an “SVG use-after-free” and an “IPC arbitrary write”. The exploiter was once again Pinkie Pie. Since his exploit depended entirely on bugs within Chrome to achieve arbitrary code execution, it qualified for Google’s highest award level as a “full Chrome exploit”, and won him $60,000 and a free Chromebook.

Detailed explanation of the bugs leveraged by Pinkie Pie is still not available. However, the good news is that Google has already patched the vulnerability, so even if you use Chrome, you are safe. Google deserves a round of applause for not only encouraging the security community to discover bugs in Chrome, but also for patching the vulnerability in less than twelve hours after its disclosure.

Opera Mini for Android Updated with Smart Page

Opera Software is promising to make your Android smartphone even smarter with Opera Mini 7.5 for Android. The new Opera Mini for Android introduces ‘Smart Page’, which we had seen earlier in Opera Mini for J2ME, S60, and BlackBerry.


Smart Page acts as a new personalized home page, which gives you a birds-eye view of what’s happening. “There are just too many social networks, and I’m a busy man! Now, thanks to the Smart Page I can get all the updates at a glance, even from my favorite Danish newspapers. This is a real time saver!” remarked Lars Boilesen, CEO, Opera Software. Smart Page features three main categories of content:

  • Social tab: This section allows you to get a glimpse of your Facebook, Twitter, and vKontakte streams at one place, without having to visit several webpages.
  • My News: This section highlights latest news pulled from different sources. Opera Software claims that Opera Mini learns your preferences and interests from your browsing habits and showcases news that it believes you will be interested in.
  • Suggested links: This section features a list of relevant links based on the region your Android phone is located. Some of the suggested links can be sponsored links from Opera’s partners.

Opera Mini’s initial claim to fame was its ability to compress webpages to reduce bandwidth bills and improve surfing speed on slower networks. Opera Mini 7.5 stays true to its tradition and is both light and fast. After using Chrome for Android, I can’t help but wish that Opera ditched its practice of having a consistent interface across platforms, and instead went with a more native appearance. However, Opera Mini is still one app that I will always have on my phone, simply because it can be a huge time and money saver when you are travelling or don’t have access to fast internet.

New Critical 0-day Internet Explorer Vulnerability Being Used to Deliver Poison Ivy Trojan

If you are still using Internet Explorer 9 or below, here is one more reason to upgrade to Internet Explorer 10, or perhaps take a look at one of the many excellent free alternatives. A critical zero-day vulnerability has been uncovered in Internet Explorer that could allow a remote hacker to execute arbitrary code on your system even if you simply browse to an infected page. The vulnerability is already being actively exploited in the wild. Affected versions include Internet Explorer 6, 7, 8, and 9.

Eric Romang was the first to report the vulnerability, which has since been confirmed by Microsoft. The exploit has four main components: the Exploit.html file which acts as the starting point, the Moh2010.swf flash file that is responsible for spraying the heap with the payload that will be executed, the Protect.html file that is the actual trigger for the vulnerability, and additional malicious components that are downloaded and executed on the compromised system by the payload. The payload being dropped by the flash file has been identified to be the infamous Poison Ivy trojan.

If Internet Explorer 10 is not supported on your system and you don’t want to move to an alternate browser, Microsoft is recommending that you add Internet Explorer to the Enhanced Mitigation Experience Toolkit, or set Internet and Local intranet security zone settings to “High” to block ActiveX Controls and Active Scripting. Detailed workaround instructions are available in Microsoft’s Security Advisory.

Firefox 15 Beta Adds Support for Opus Audio Codec

Opus-Audio-FormatOne of the most well-known features of HTML5 is its ability to play video and audio files natively. With HTML5’s <video> and <audio> tags, you do not need to have third-party software like Windows Media Player or Real Player to enjoy multimedia content. Your browser should be able to take care of audio and video files out of the box, independent of the system. Unfortunately, due to a lack of consensus, HTML5 specifications don’t actually specify the codecs in which the multimedia content must be encoded in. This is similar to how to image tag works – the image tag can be used to embed images in all popular image formats including BMP, JPEG, GIF, and PNG. Initially, Internet Explorer and Apple supported the proprietary H.264 technology for the video tag, and Opera and Mozilla backed Ogg Theora. While H.264 posed licensing challenges, Ogg Theora was widely believed to be an inferior solution. Google tried to solve the conundrum by stepping in and proposing WebM, which uses a superior VP8 video codec and Vorbis Ogg audio codec. For audio tag also something similar happened with some browsers throwing their weight behind Ogg and others supporting AAC.

Now, Mozilla is proposing a new audio format called Opus as an alternative to Ogg and AAC formats that have emerged as the de facto choices for the audio tag. Opus is a completely free audio format that was developed by collaboration between members of the IETF Internet Wideband Audio Codec working group, which includes Mozilla, Microsoft, Xiph.Org, Broadcom, and Octasic.
Mozilla is promising better quality to size ratio for Opus than its competitors. According to its tests, Opus is the best-in-class for live streaming and static file playback. In fact, it is being heralded as the first audio codec to be well-suited for both interactive and non-interactive applications. Mozilla’s listening tests show that at 64 kbps, Opus sounds better than both HE-AAC and Vorbis, and a 64 kbps Opus file sounds as good as a 96 kbps MP3 file.

Mozilla is adding support for Opus with Firefox 15 beta, and is hoping that other browser manufacturers will follow suit.

Google Chrome 21 Beta Introduces Native Support for Webcams and Gamepads

Google-ChromeGoogle has announced that Chrome 21 is ready for the beta channel. As always, the changelog isn’t spectacularly impressive, but there are a couple of new stuffs worth mentioning.

Google has been consistently pushing the boundaries of what a web browser can do. After enabling browsers to render sophisticated 3D graphics with the help of WebGL and Native Client, Google is aiming for plugin-less support for hardware peripherals like webcams and gamepads.

The first new feature in Chrome 21 is support for getUserMedia API that can be used to access the user’s webcam and mic without relying on any third-party plugins like Flash. Google is dubbing this as the first step towards “enabling high quality video and audio communication as part of WebRTC, a powerful new real-time communications standard for the open web platform”. Google currently has a few cool demoes to showcase what this piece of new technology can do. However, don’t expect it to gain prominence until other browser developers also move to support it. Opera 12 for desktop and mobile is the only other browser to support getUserMedia.

The other new feature is a JavaScript API called Gamepad. As the name suggests, this API allows browser-based games to directly access any standard gaming controller that is attached with the user’s system.

Both of these enhancements represent another step towards realizing Google’s dream of a fully featured browser based operating system.

In a separate announcement, Google also revealed that Chrome 22 onwards it will be dropping support for Mac OS X 10.5 (Leopard).

[ Download Google Chrome 21 Beta ]

Chrome Tries to Slim Down by Unloading Inactive Extensions from Memory

Google-ChromeWhen Google released Chrome browser, it promised a bloat-free and light-weight browsing experience. However, over the years, Chrome has put on a fair amount of weight. I still wouldn’t call it bloated, but I have consistently found Chrome to be the most demanding of all the browsers that I use. One of the major contributors to Chrome’s overhead is extensions. Now, Google is trying to do something about it.

Google has announced a new feature called “Event Pages” that will enable extension developers to put their Chrome extensions on a diet. All current generation Chrome extensions continue running in the background, even if they aren’t being actively used. Event Pages will allow developers to create extensions that will automatically be unloaded from the memory, if the user is not interacting with it.

Chrome has always been resource hungry due to its architecture. All plug-ins, extensions, and tabs have their own process. This means that on the whole Chrome require mores CPU cycles and memory than other browsers. Modern day computers do have sufficient memory to handle a browser, even a resource hungry one. Still, it’s still heartening to see Chrome developers trying to keep the extension overhead under control, as Chrome will also have to run on devices like the Chromebook.

This feature is currently available in the Chrome Dev Channel, and will be incorporated in Chrome Beta and Stable channels over the summer.

Is Opera Losing its Innovative Edge?

The newest version of Opera is out, and it’s a handsome enhancement. It ramps up performance, improves stability, increases security, and features quite a few nifty tricks. All in all, it’s a significant update that will please Opera fans. Yet, I can’t help but feel a tinge of dissapointment with Opera 12.


I have been closely following Opera Software for nearly a decade. I still remember installing Opera v7 and falling in love with its speed and intuitiveness. Opera was never particularly popular among the masses, but its strong culture of innovation allowed it to amass an extremely loyal fan base. Opera was the first browser to fully exploit the power of tabbed browsing (it wasn’t, however, the first tabbed browser), it was the first browser to allow full-page zooming, it was the first browser to incorporate session management, it was the first browser to add a dedicated search bar, it was the first browser to integrate a pop-up blocker, it was the first browser to have a private data cleaner, it was the first browser to support mouse gestures, it was the first browser to have speed dials, and so on and so forth.

Almost all major releases of Opera sported one or more innovations that allowed it to stand out from the crowd. Opera 8 featured voice recognition and text-to-speech support. Opera 9 introduced content blocker, widgets, bit torrent downloader, site preferences, and search engine creation wizard. Opera 10 introduced visual tabs and Opera Turbo. Opera 11 introduced tab stacking, and visual mouse gestures. However, when it comes to user facing innovative features, Opera 12 draws a blank.

The biggest new feature in Opera 12 is a lightweight skinning engine that both Firefox and Chrome have had for years. Other features are a mix of cosmetic changes, under the hood stuff that most users will not care about, and features that already exist in other browsers. Opera 12 is all about playing catch-up. Instead of leading from the front, Opera Software is now merely plugging the gaps in its existing offering. Make no mistake, there is no harm in taking inspiration from others. In fact, I was highly appreciative of Opera 11, which introduced extension support, and resolved several of my longstanding complaints. However, when you are the underdog, you need to do more than just equal your competition. You need to give people compelling reasons to ditch the browser they have grown comfortable with and try your product.

The problem with Opera 12 is that it simply doesn’t offer any incentive to folks who didn’t like the earlier versions to come and try out the new version. I have had Opera as my default browser for close to a decade, but earlier this year, I finally switched to Chrome as default. I still miss some of the features in Opera like its excellent built-in Notes, great RSS feed reader, simple IRC client, powerful keyboard shortcuts, and customizable speed dials. However, they are no longer reason enough to stop me from switching to Chrome, which offers powerful web apps like TweetDeck, full profile sync (including extensions), hardware acceleration with WebGL, and web notifications.

Opera 12: Faster, Safer, and Leaner

After dozens of snapshots and months of testing, Opera Software is finally ready with Opera 12 or Wahoo. Opera 12 is a bittersweet release that adds several new features, but also ruthlessly chops several old ones.

Opera 12 - Wahoo

As you might expect, not a whole lot has changed since the beta release, so my hands-on of the beta is still a good place for an in-depth look at the new features in Opera 12. The bits that Opera seems to be particularly excited about are:

New light-weight themes that are both easy to create and use: The new themes differ from the previous full-fledged skins in that they don’t alter appearance of browser elements like buttons and tabs. Much like Personas for Firefox, they simply change the browser background.


Improved security badge: Opera’s address bar security badges have been updated to make them easier to parse for novice users.


Improved Standards Support: Opera 12 adds support for a whole host of new web technologies including WebRTC (native camera access), HTML5 drag and drop, CSS3 animations and transitions, and CSS generated paged media (new proposed standard from Opera for paginated content suitable for consumption in devices of multiple form factors).

Better Plug-in Handling: Opera now runs plug-ins as separate process. This change should significantly boost Opera’s stability as plug-ins like Flash are responsible for a large chunk of browser crashes. Now, even if the plug-in crashes, Opera will continue to function smoothly since it runs as a separate process.

Hardware Acceleration: Hardware accelerated graphics and WebGL compatibility were supposed to be the major draws of Opera 12. Unfortunately, in spite of pushing back the release of Wahoo, Opera Software hasn’t yet managed to get hardware acceleration working smoothly enough on a wide range of hardware. As a result, this feature is disabled by default, but you can enable it by setting opera:config#UserPrefs|EnableHardwareAcceleration and opera:config#UserPrefs|EnableWebGL to 1.

As mentioned earlier, Opera 12 is not all about new features. It also bids adieu to a host of old features including Opera Unite, Opera Widgets, Speech Recognition, Text to Speech, and Torrent downloader. This kind of chopping of features is unprecedented, and is perhaps an admission that several of the decisions made during the days of Opera 8 to Opera 10 weren’t in its best interests. While I am a bit sad to see some of these features go, most users probably won’t even notice that they are gone.

[ Download Opera 12 ]

Opera Mini 7 for Basic Phones Introduces Social Hub with Twitter and Facebook Integration

Opera Mini 7 for feature phones, which was first showcased in this year’s Mobile World Congress, is now ready for the general public. The main draw of the new version is something that Opera Software is calling the Smart Page.

Smart Page is the new start page of Opera Mini, which helps you keep tabs on your Facebook and Twitter stream without breaking a sweat. It also provides quick access to your favorite websites, fetches weather info, updates sports scores, and keeps you informed about the latest news.


“I’ve spent hours typing web addresses on my mobile phone, but now there’s a super smart way to get most of your content at a glance,” said Lars Boilesen, CEO, Opera Software. “With Smart Page, you just open the browser, and the content is right beside your Speed Dial shortcuts in the start screen for you to skim through — super practical, super time-saving and super smart. I guess that’s why the product team called it Smart Page.”

Opera Mini is the world’s most popular mobile browser with over 172 million users. It is especially popular in those regions where basic phones still rule the roost, and internet connectivity is slow and expensive. Opera Mini can work on even basic J2ME devices, since it offloads the task of rendering the webpage to its servers, through which all web traffic is routed. Opera Mini receives a compressed static representation of the webpage from its servers, and displays it on the mobile device. This can lead to significant bandwidth savings and increased surfing speed on slower networks.

Opera Mini 7 with Smart Page is available for Java-compatible (J2ME), S60 and Blackberry feature phones.

[ Download Opera Mini 7 ]

Collusion from Mozilla Shows How You Are Being Tracked on the Web

The explosion of personalized web has pretty much clobbered online privacy to its death bed. No matter where you go, no matter what you do, someone or the other is tracking your surfing habits. The worst part is that this practice has become so rampant that most of us have come to accept online tracking as standard affair. Mozilla has been trying to tackle the problem of behavioural tracking on the web for quite some time. Couple of years back, it introduced the “Do Not Track” header, which has already been adopted by Internet Explrer, Safari, and Opera. Now, Mozilla has released an experimental add-on to showcase how personal data is being tracked across the web.

Earlier this month, Gary Kovacs, CEO of Mozilla Corporation, unveiled Collusion. Collusion is a Firefox extension that visualizes the spider-web of interaction between websites and third-party trackers that often track you without your explicit permission. Collusion is essentially a reporting tool whose purpose is to make netizens realize just how grave the situation is. Here’s how my Collusion graph after a brief ten minute browsing session involving Techie-Buzz, TechCrunch, Mashable, and BBC.



My Collusion graph is peppered with third-party tracking website that I never explicitly browsed to. Personalized web isn’t necessarily a bad thing. It can increase engagement, reduce user frustration, and improve productivity. However, the mad rush of advertisers to track users without their knowledge and permission is something that is deeply worrying. Kovacs very righty remarked that “with every click of the mouse and every touch of the screen, we are like Hansel and Gretel leaving breadcrumbs of our personal information everywhere we travel through the digital woods”.

[ Download Collusion for Firefox ]