Firefox 3.6 final released, and NO Firefox is NOT “doomed” at all

Several months since Firefox 3.5 was released back at the end of June 2009, the final release of Firefox 3.6 has just been posted today. Read this Softpedia article on the details of this latest Firefox release.

Firefox 3.6 can be obtained from the official Mozilla Firefox page.

And a few days ago, I stumbled onto this Infoworld.com article speculating Firefox’s imminent demise or “doom”, which many Firefox users find hard to believe.

UPDATE: A blog was published on the Gigaom.com site about the middle of last week in rebuttal to that Infoworld.com article.

New hole in Windows discovered 17 years after it appeared

Man, this has been one helluva week for 0day exploits.

Tavis Ormandy at Google reports that there’s a hole in the way Windows NT and later handle functions that were designed to support 16-bit applications.

All 32bit x86 versions of Windows NT released since 27-Jul-1993 are believed to be affected, including but not limited to… Windows 2000, XP, Server 2003, Vista, Server 2008 and Windows 7.

Travis goes on to say:

Microsoft was informed about this vulnerability on 12-Jun-2009, and they confirmed receipt of my report on 22-Jun-2009.  Regrettably, no official patch is currently available. As an effective and easy to deploy workaround is available, I have concluded that it is in the best interest of users to go ahead with the publication of this document without an official patch. It should be noted that very few users rely on NT security, the primary audience of this advisory is expected to be domain administrators and security professionals.

Seven months without a resolution, and he’s gone public. Hard to blame him.

Yesterday, Microsoft released Security Advisory 979682, acknowledging the hole.

Protecting yourself against Aurora

Windows Secrets Newsletter just hit the stands, and the lead story by Yardena Arar has many details about the “Aurora” security hole.

There are ways to patch yourself without Microsoft’s big IE cumulative patch MS010-02, which is due any minute, but before you get your knots in a knicker, make sure you understand the scope of the problem:

Security analysts and Microsoft agree that the attacks have a high social-engineering component: the targeted victims have to trigger the attacks by clicking a link or infected attachment (commonly an Adobe PDF or Flash file) delivered in e-mail, instant messages, or other electronic communication appearing to come from a trusted source.

Stay calm. The sky isn’t falling. If this is what it takes to get Google out of the censorship business, kowtowing to a big paycheck, hey, I’m not complaining.

UPDATE: Brian Krebs just posted a very interesting article that explains why “Aurora” probably did originate in China. Actually, the evidence cited in the article tends to support the idea that the people who wrote part of Aurora are able to read Simplified Chinese, but the circumstantial evidence is compelling.