‘Click Jacking’ is the latest browser-based security problem to crawl out of the wood work. Since it’s entirely browser based it affects everyone, regardless of their OS, not even Linux users are safe from this one! This is a cross-browser problem and also affects Flash. The technical details have not been released yet, but there is a proof-of-concept exploit doing the rounds. The basic idea is very simple, trick people into clicking on something you want them to click on but they don’t want to click on. From what I’ve been able to piece together from reading various blog postings and reports the attack uses CSS and iFrames to place invisible content over visible buttons or links. When the user clicks the button or link they see the click gets diverted to what ever is in the invisible layer above it instead. If you can do it by clicking the mouse, then you can be tricked into doing it with Click Jacking.
I’ve been recommending FireFox for years now. In fact, I’ve been using it as my primary browser since it was called FireBird. It has been a more secure and a more feature-rich choice for years. (If you’re interested in the security aspects then you might enjoy reading a recent article I wrote for the International Mac Podcast blog comparing Safari and FireFox from a security point of view.) What got me hooked on FireBird was it’s plugin architecture. The idea of being able to customise my browser really appealed to me and as FireBird has grown into FireFox the list of available plugins has grown too. No other browser is as expandable as FireFox. If you can think of it, the chances are someone’s written a plugin for it!
However, FireFox has long suffered from two major shortcomings, memory leaks you could pilot a large ship through, and a non-native look. FireFox has been chewing up insane amounts of RAM for years, and has always looked like a fish out of water, particularly on OS X. These two problems are both fixed in FireFox 3 and if that was all they’d done I’d be recommending it highly, but they’ve done much more.
[tags]internet, browser, FireFox, FireFox 3[/tags]
I tend to avoid web apps because I don’t like having my apps stuck in a tab in a web browser. This makes it hard to
command+tab to the app and impossible to assign that app to a particular space. I don’t use GMail but if I did I’m pretty sure I’d be using Mailplane to access it. Fluid is not as advanced as Mailplane but it does allow most webapps to be liberated from your browser.
[tags]Fluid, web applications[/tags]
There have been rumors around about this for a few weeks now and try as I might the closest to an authoritative source I can get is a post on Blake Ross’ blog (he is a FireFox co-creator). Should this turn out to be true it could have quite an impact on the browser usage on the web, particularly for UK sites. I can only see it as a good thing. I also enjoyed some of the rumors I’ve seen about the reasons for this on the web, the best being that it’s a ploy by Dell to reduce the amount of support they have to give because it will cut down on spy-ware infections and the invasion of those annoying porn pop-ups!