Week in review: Browser battles

Hot on the heels of Microsoft's IE 7, Firefox 2 emerges with a new look and bulked-up security.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
5 min read
Mozilla fired a new salvo in the browser battle this week by officially releasing Firefox 2, with upgraded security features and a new interface.

The revamped Firefox includes a new interface theme and security enhancements such as built-in phishing protection. It also has session memory, which, when the browser is re-opened, brings back the set of Web pages that were in use when it was last closed. Changes have also been made in the technology to import RSS feeds, producing a feed list view with title and first lines. (Click here for the CNET Review.)

The Firefox 2 launch comes just days after Microsoft released Internet Explorer 7, the first update to its browser in almost five years.

(Click here for a look at how the Microsoft and Mozilla upgrades stack up on tabs, security, cool features and more.)

A day after shipping Firefox 2, Mozilla largely rebutted two claims of security flaws in the latest version of the Web browser. One of the problems is related to a vulnerability that was patched in an earlier version of Firefox. A report on the Bugtraq mailing list suggested that the issue, labeled "critical" by Mozilla, resurfaced in Firefox 2.

The report is incorrect, a Mozilla spokesman said. "The vulnerabilities that were identified were actually fixed."

However, there is a related problem that can cause Firefox to crash. "The exploitable issues are fixed. There is a crash, but it is a denial of service," the spokesman said.

Meanwhile, security experts have found a weakness in IE 7 that could help crooks mask phishing scams--the type of attack Microsoft designed the browser to thwart. The browser allows a Web site to display a pop-up that can contain a spoofed Web address, security monitoring company Secunia said. An attacker could exploit this weakness to trick people into believing they are on a trusted Web site when in fact they are viewing a malicious page.

The problem lies in the way Web addresses are displayed in the IE 7 address bar, a Microsoft representative said in an e-mailed statement. An attacker could exploit the issue by tricking a user to click on a specially formatted link, the representative said.

Back in hack
Jon Johansen, the 20-something hacker widely known for helping crack the piracy protections on DVDs several years ago, is taking on Apple Computer again. He has reverse-engineered Apple's FairPlay, the digital rights management technology used to make iPod and iTunes a closed system.

The technology will make other online music stores work with Apple's iPod device and let iTunes songs play on gadgets other than the iPod, said Monique Farantzos, who with Johansen co-founded DoubleTwist Venture Partners to license his work.

So how does it work?

"Essentially, what we do is trick iTunes into thinking that the device is an iPod," she said. "We're not removing any copy protection, we're simply adding copy protection."

Farantzos, a biophysicist by training but now into technology business development, talked about the company's plans and challenges with CNET News.com.

While many CNET News.com readers debated the legality of the technology, one reader questioned whether it was commercially viable.

"What company would risk setting up a business model based on Jon's software when it is very likely that Apple could get a restraining order to halt its use, then spend as much time and money as necessary to win the case?" wrote one reader to News.com's TalkBack forum.

You don't have to be a Silicon Valley icon to be targeted by hackers. If you're a write-in candidate without major political party recognition, there's nothing quite like mysterious malware radiating from your Web site to earn you a little extra publicity.

That's what happened this week to Ted and Fran Gianoutsos, a husband-wife team running for governor and lieutenant governor, respectively, in Alaska's race.

Late last week, the candidates' Webmaster logged in to do some updates on the site, only to find that his "firewall went crazy." The problem? A 2-year-old Visual Basic script worm known variously as VBS.Gaggle.D, I-Worm.Gedza and VBS/Gedza.A, apparently had wriggled its way into each page of the Gianoutsos' minimalist campaign site.

"It's fairly innocuous other than the fact it...tries to change your home page to an Avril Lavigne picture that is sitting out there on a server somewhere," the site's Webmaster said.

Being hacked is never fun. What is fun during an election season is to take a look at the best of the worst campaign Web sites, from a Democrat whose dog pens his Web site to Republicans with blogs but no entries. And while Libertarian candidates may never achieve much at the ballot box, they do win hands down when it comes to Web site design.

Linux face-off
Oracle will sell support to Red Hat Linux customers and offer its own free clone of the open-source operating system, posing a major competitive challenge to the leading Linux seller.

"As of this moment, Oracle is announcing full support for Red Hat Linux," Chief Executive Larry Ellison told thousands of attendees at the Oracle OpenWorld conference in San Francisco. "If you are a Red Hat support customer, you can very easily switch from Red Hat support to Oracle support."

Becoming an operating-system company is one of a series of bold attempts at growth by Oracle, which in recent years also has acquired small and large rivals. Many major computing companies have embraced Linux, but until now all have chosen partnerships with Linux companies rather than direct competition.

Web 2.0 is a driving force in Oracle's "Fusion" project to merge various technologies picked up in its acquisition spree, a top executive said Wednesday. Service-oriented architecture is also key in the creation of Fusion software, said John Wookey, Oracle's senior vice president of application development.

The Fusion project aims to meld technologies from PeopleSoft, J.D. Edwards and Siebel Systems. Oracle anticipates the first Fusion applications will be released next year, with the suite slated for 2008.

People are increasingly entering the work force never having lived their lives without the Internet, he noted. That means they expect collaboration tools, instant messaging, search and other Net-related technologies to be an integral part of their tools in the workplace, he added.

Oracle also announced a beta version of its Oracle Database 11g during the annual users conference. Database 11g beta includes 482 new features designed to address a range of database issues, from the need to retain more information to data compression to the handling of parallel upgrades.

Also of note
A new Google tool will let people use Google's search platform to create search engines focused on their content of choice...Malicious remote-control software continues to be one of the biggest threats to Windows PCs, according to a new Microsoft security report...Windows Vista has lots of new photography features, but not all of Microsoft's ideas are clicking with digital shutterbugs.