Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Firefox Users Reach HTTPS Encryption Milestone ( 63

For the first time ever, secure HTTPS encryption was used for over half the pageloads served to Mozilla users, representing a big milestone for encryption. TechCrunch reports on the telemetry data tweeted by the Head of Let's Encrypt: Mozilla, which is one of the organizations backing Let's Encrypt, was reporting that 40% of page views were encrypted as of December 2015. So it's an impressively speedy rise...

The Let's Encrypt initiative, which exited beta back in April, is doing some of that work by providing sites with free digital certificates to help accelerate the switch to HTTPS. According to [co-founder Josh] Aas, Let's Encrypt added more than a million new active certificates in the past week -- which is also a significant step up. In the initiative's first six months (when still in beta) it only issued around 1.7 million certificates in all.

The "50% HTTPS" figure is just a one-day snapshot, and it's from "only a subset of Firefox users who are running Mozilla's telemetry browser...not default switched on for most Firefox users (only for users of pre-release Firefox builds)." But the biggest caveat is it's only counting Firefox users, which in July represented just 7.7% of web surfers (according to Statista), behind both Chrome (49.5%) and Safari (13.68%) -- but also ahead of Internet Explorer (5.4%) and Opera (5.99%).

19-Year-Old Jailbreaks iPhone 7 In 24 Hours ( 97

An anonymous reader writes: 19-year-old hacker qwertyoruiop, aka Luca Todesco, jailbroke the new iPhone 7 just 24 hours after he got it, in what's the first known iPhone 7 jailbreak. Todesco tweeted a screenshot of a terminal where he has "root," alongside the message: "This is a jailbroken iPhone 7." He even has video proof of the jailbreak. Motherboard reports: "He also said that he could definitely submit the vulnerabilities he found to Apple, since they fall under the newly launched bug bounty, but he hasn't decided whether to do that yet. The hacker told me that he needs to polish the exploits a bit more to make the jailbreak 'smoother,' and that he is also planning to make this jailbreak work through the Safari browser just like the famous ',' which allowed anyone to jailbreak their iPhone 4 just by clicking on a link." Apple responded to the news by saying, "Apple strongly cautions against installing any software that hacks iOS."

Famed Security Researcher 'Mudge' Creates New Algorithm For Measuring Code Security ( 77

Peiter "Mudge" Zatko and his wife, Sarah, a former NSA mathematician, have started a nonprofit in the basement of their home "for testing and scoring the security of software... He says vendors are going to hate it." Slashdot reader mspohr shares an article from The Intercept: "Things like address space layout randomization [ASLR] and having a nonexecutable stack and heap and stuff like that, those are all determined by how you compiled [the source code]," says Sarah. "Those are the technologies that are really the equivalent of airbags or anti-lock brakes [in cars]..." The lab's initial research has found that Microsoft's Office suite for OS X, for example, is missing fundamental security settings because the company is using a decade-old development environment to build it, despite using a modern and secure one to build its own operating system, Mudge says. Industrial control system software, used in critical infrastructure environments like power plants and water treatment facilities, is also primarily compiled on "ancient compilers" that either don't have modern protective measures or don't have them turned on by default...

The process they use to evaluate software allows them to easily compare and contrast similar programs. Looking at three browsers, for example -- Chrome, Safari, and Firefox -- Chrome came out on top, with Firefox on the bottom. Google's Chrome developers not only used a modern build environment and enabled all the default security settings they could, Mudge says, they went "above and beyond in making things even more robust." Firefox, by contrast, "had turned off [ASLR], one of the fundamental safety features in their compilation."

The nonprofit was funded with $600,000 in funding from DARPA, the Ford Foundation, and Consumers Union, and also looks at the number of external libraries called, the number of branches in a program and the presence of high-complexity algorithms.

Safari Browser May Soon Be Just As Fast As Chrome With WebP Integration ( 105

An anonymous reader writes from a report via The Next Web: The Safari browser included in Apple's iOS 10 and macOS Sierra software is testing WebP, technology from Google that allows developers to create smaller, richer images that make the web faster. Basically, it's a way for webpages to load more quickly. The Next Web reports: "WebP was built into Chrome back at build 32 (2013!), so it's not unproven. It's also used by Facebook due to its image compression underpinnings, and is in use across many Google properties, including YouTube." Microsoft is one of the only major players to not use WebP, according to CNET. It's not included in Internet Explorer and the company has "no plans" to integrate it into Edge. Even though iOS 10 and macOS Sierra are in beta, it's promising that we will see WebP make its debut in Safari latest this year. "It's hard to imagine Apple turning away tried and true technology that's found in a more popular browser -- one that's favored by many over Safari due to its speed, where WebP plays a huge part," reports The Next Web. "Safari is currently the second most popular browser to Chrome." What's also interesting is how WebP isn't mentioned at all in the logs for Apple's Safari Technology Preview.

Safari 10 In macOS Sierra Deactivates Flash, Silverlight and Other Plug-Ins by Default ( 114

Apple's web browser Safari 10, which will ship with macOS Sierra, will disable Flash, Java, Silverlight, QuickTime and other plug-ins by default. The move will help the company improve the overall web browsing experience by focusing on HTML5 content. From a post on WebKit blog, authored by Apple's Safari team: When a website directly embeds a visible plug-in object, Safari instead presents a placeholder element with a "Click to use" button. When that's clicked, Safari offers the user the options of activating the plug-in just one time or every time the user visits that website. Here too, the default option is to activate the plug-in only once.
Operating Systems

Apple Announces Its New Desktop OS macOS Sierra Featuring Siri, Apple Pay ( 249

After playing with the names of cats and a few California landmarks, Apple at WWDC 2016 announced that its desktop operating system will now be called macOS -- and its first version update is macOS Sierra. It comes with a range of new features including Siri, the digital voice assistant. The move comes roughly a year and a half after Microsoft brought its Cortana virtual assistant to desktop platform Windows 10. Sierra also supports Apple Pay payment service via Safari web browser. Ars Technica reports about some other features of macOS Sierra: Universal Clipboard answers a longstanding complaint of Mac and iOS users -- copying and pasting now works automatically between an iOS device and a desktop Mac device. iCloud now plays an expanded sync role, too, letting you move files and folders from Mac to Mac or from Mac to iOS. Another new feature called Optimized Storage can sweep through old documents and files and push them to iCloud, clearing up local disk space for other uses. It also can automatically dump your trash, clear your web history, and do some other behind the scenes sweeps. Tabs are coming to more and more applications. Federighi said that Apple wants tabs on all multi-window applications, and says that tabs can be flipped on without developer modification. Update: 06/13 18:55 GMT by M : macOS Sierra won't support many Mac models from 2007, 2008, and 2009. Find more information here.

Facebook Could Be Eavesdropping On Your Phone Calls ( 167

An anonymous reader writes: Facebook is not just looking at user's personal information, interests, and online habits but also to your private conversations, revealed a new report. According to NBC report, this may be the case as Kelli Burns, a professor at University of South Florida states, "I don't think that people realize how much Facebook is tracking every move we're making online. Anything that you're doing on your phone, Facebook is watching." the professor said. Now how do you prove that? Professor Kelli tested out her theory by enabling the microphone feature, and talked about her desire to go on a safari, informing about the mode of transport she would take. "I'm really interested in going on an African safari. I think it'd be wonderful to ride in one of those jeeps," she said aloud, phone in hand. The results were shocking, as less than 60 seconds later, the first post on her Facebook feed was about a safari story out of nowhere, which was then revealed that the story had been posted three hours earlier. And, after mentioning a jeep, a car ad also appeared on her page. On a support page, Facebook explains how this feature works: "No, we don't record your conversations. If you choose to turn on this feature, we'll only use your microphone to identify the things you're listening to or watching based on the music and TV matches we're able to identify. If this feature is turned on, it's only active when you're writing a status update." I wonder how many people are actually aware of this.

Mac Users Reporting Widespread System Freezes With OS X El Capitan 10.11.4 Update ( 100

An anonymous reader quotes a report from Mac Rumors: A large number of MacBook Pro owners running OS X El Capitan are reporting widespread system freezes since installing the 10.11.4 update to Apple's Mac OS. The problem appears to be concentrated on 13-inch Retina MacBook Pros (Early 2015) running 10.11.4. Users report that their system becomes totally unresponsive at seemingly random times, with no way to regain access to their Mac other than to force a hard reboot. The issue was initially reported by MacRumors forum member Antonnn on March 25, four days after Apple released what is the third update to the Mac OS. In Antonnn's case, the freezes have been occurring "about once a week," first when browsing in Safari, but then also during the use of other Mac apps, including Adobe Photoshop and several third-party browsers. The freeze seems to affect not only the screen and mouse cursor but also the Mac's Force Touch trackpad, which completely loses feedback. Apple Support is apparently aware of the issue but have so far offered no concrete solution. Meanwhile, some users have resorted to downgrading their system to 10.11.3 by restoring from a Time Machine backup or performing a clean install. Hundreds of others have posted to a dedicated thread discussing the issue. Bill Mattheis posted a video on YouTube of the freezing he has experienced on his MacBook Pro.

The Pirate Bay Now Blocked In Chrome, Firefox, And Safari ( 202

An anonymous reader writes: Google Chrome, Firefox and Safari are actively blocking direct access to The Pirate Bay. Kickass Torrents suffered such a similar incident last month, because of the intermediary confirmation screen that appeared every time users navigated away from the site.

The reason why these three browsers block access to The Pirate Bay is unknown, but it could be related to a malvertising campaign that has plagued the site for more than two weeks. Two weeks ago, the malvertising campaign intensified right when season six of Game of Thrones premiered.

Meanwhile, HBO is contacting sites asking them to remove Game of Thrones torrents, and sending thousands of copyright infringement warnings to ISPs, urging them to remind pirates that they can stream HBO content legally after purchasing a subscription to HBO.

Apple Releases iOS 9.3.1 With Fix For Unresponsive Links 36

An anonymous reader writes: Apple, on Thursday, rolled out a minor update to iPhone, iPad, and iPod devices. The update, dubbed iOS 9.3.1, brings with it a fix for a software glitch that caused many apps -- including Safari, and Chrome -- to freeze and crash when trying to open a link. The issue was related to Universal Link, a feature Apple first introduced with iOS 9. Many reported that some apps including were abusing this capability, causing the Universal Link database to overload.

Apple's New Safari Technology Preview Browser Is Aimed At Web Developers 42

Sarah Perez reports for TechCrunch: Apple today announced it's expanding its efforts in the area of web development, with the launch of a new version of its Safari web browser, designed specifically for developers. Called Safari Technology Preview, the company says this browser will allow developers to get an early look at upcoming web technologies in OS X and iOS, including things like the latest layout technologies, visual effects, and other developer tools. The idea is to allow developers to more easily get their hands on these technologies and be able to experiment, then offer feedback to Apple earlier on so the company can make the necessary improvements. AnandTech's Brandon Chester elaborates: It's available from Apple's developer website, and updates will come every two weeks via the Mac App Store. This makes the list of changes and additions easily accessible with each update, and because the builds are signed by Apple there's full support for iCloud integration. [...] One important thing to note about the Safari Technology Preview is that, while the app is available from Apple's developer site, you don't need to be a registered developer paying the yearly iOS and OS X publishing fee to access it. Since the target audience consists mainly of programmers building websites and web applications, it doesn't make sense to limit it to developers building native apps for iOS and OS X.

Clicking on Links in iOS 9.3 Can Crash Your iPhone and iPad ( 100

Reader lxrocks writes: Many users are experiencing an issue with their iPhone and iPad wherein trying to open a link on Safari, Mail, Chrome or any other app causes it to freeze and crash. The issue renders any type of search with Safari as useless as none of the links returned will open. The wide-spread issue -- for which there's no known workaround just yet -- seems to be affecting users on both iOS 9.2 and iOS 9.3. Apple has acknowledged the issue and says it will release a fix "soon." There's no official word on what's causing the issue, but a popular theory with developers is that the glitch has something to do with Universal Links, a feature Apple first introduced with iOS 9. It appears some apps, such as, are abusing this capability, causing the Universal Link database to overload.

Pwn2Own 2016 Recap: Hackers Earn $460,000 For 21 Hacks ( 52

wiredmikey writes from an article on SecurityWeek: Pwn2Own 2016 has come to an end, with researchers earning a total of $460,000 in cash for disclosing 21 new vulnerabilities in Windows, OS X, Flash, Safari, Edge and Chrome. On the first day of the well-known hacking competition, contestants earned $282,500 for vulnerabilities in Safari, Flash Player, Chrome, Windows and OS X. On the second day, Tencent Security Team Sniper took the lead after demonstrating a successful root-level code execution exploit in Safari via a use-after-free flaw in Safari and an out-of-bounds issue in Mac OS X. The exploit earned them $40,000 and 10 Master of Pwn points. This year's contestants earned nearly $100,000 less for their exploits compared to Pwn2Own 2015, when researchers walked away with more than $550,000 for their exploits.

Pwn2Own Day 1: Hackers Earn $280k For Hacking Chrome, Flash, Safari ( 39

wiredmikey writes: Pwn2Own 2016 contestants hacked Apple's Safari Web Browser, Adobe Flash Player and Google Chrome, and earned more than $280,000 on the first day of the competition taking place this week alongside the CanSecWest conference in Vancouver, Canada. This is the first edition of Pwn2Own where contestants have been invited to escape a VMware virtual machine for a bonus of $75,000, though there has not been a successful exploit yet in this class by any contestant this week. It remains to be seen if contestants manage to surpass last year's total payout, when white hat hackers earned $552,000 at Pwn2Own.

Major Browsers Add Experimental Support For WebAssembly ( 118

An anonymous reader writes: Four major web browsers have announced support for the near-native compiling technology WebAssembly, and collaborated to bring an initial common game demo of Angry Bots, running via Unity and WebAssembly, to experimental builds of Chrome, Firefox, Microsoft Edge and, shortly, Safari. WebAssembly was launched last year in a joint project between Microsoft, Mozilla, Apple and Google as a potentially more efficient route to assembly-level performance than asm.js, which is in itself a low-level subset of JavaScript.

Auschwitz Museum Releases Software To Rewrite Holocaust Nomenclature ( 228

An anonymous reader writes: The Auschwitz-Birkenau Memorial and Museum has released software for Windows and Mac which is intended to catch and rewrite terms such as 'Polish death camps' and other phrases which associate the Polish people with the atrocities of the holocaust, rather than the occupying German forces which created and ran the death camps. The software comes in the form of Microsoft Word Add-Ins on Windows and a revision to the system-wide dictionary in OSX, making the facility available to Mac programs including Safari, Keynote and Outlook. A spokesperson for the ad agency that developed the programs said, "We decided to make use of the primary tool used by text writers and create an easy to install add-on that finds the mistake made and suggests a correct phrase."

Pwn2Own 2016 Won't Attack Firefox (Because It's Too Easy) ( 288

darthcamaro writes: For the last decade, the Pwn2own hacking competition has pitted the world's best hackers against web browsers to try and find zero-day vulnerabilities in a live event. The contest, which is sponsored by HPE and TrendMicro this year, is offering over half a million dollars in prize money, but for the first time, not a penny of that will directed to Mozilla Firefox. While Microsoft Edge, Google Chrome and Apple Safari are targets, Firefox isn't because it's apparently too easy and not keeping up with modern security: "'We wanted to focus on the browsers that have made serious security improvements in the last year,' Brian Gorenc, manager of Vulnerability Research at HPE said."

Interviews: Ask Author and Programmer Andy Nicholls About R 187

Andy Nicholls has been an R programmer and consultant for Mango Solutions since 2011 (where he currently manages the R consultancy team), after a long stint as a statistician in the pharmaceutical industry. He has a serious background in mathematics, too, with a Masters in math and another in Statistics with Applications in Medicine. Andy has taught more than 50 on-site R training courses and has been involved in the development of more than 30 R packages; he's also a regular contributor to events at LondonR, the largest R user group in the UK. But since not everyone can get to London for a user group meeting, you can get some of the insights he's gained as an R expert in Sams Teach Yourself R In 24 Hours (available in print or at Safari), of which he is the lead author. Today, though, you can ask Andy about the much-lauded statistics-oriented free software (GPL) language directly -- Why to use it, how to get started, how to get things done, and where those intriguing release names come from. (The about page is helpful, too.) As usual, please ask as many questions as you'd like, but one question at a time, please.

Search Suggestions Causing Apple's Safari Browser To Crash on Many Devices ( 83

An anonymous reader writes: According to the Verge (and my wife) Apple Safari browsers are crashing left, right, and center due to Safari's search suggestions feature. "Simply disabling this feature will stop Safari crashing, or using the private mode option in the browser as a temporary workaround. Not everyone is affected, and this could be because some have the search suggestions cached locally or they're still able to reach Apple's servers thanks to a DNS cache."

Slashdot Top Deals