Winnipeg Experts

Well it’s name might not be Adobe Reader Lite nor is it “lite” on the on the features. A program I recently found is called: Foxit Reader. Foxit Reader is a program that looks and feels like Adobe Reader 8 but runs at nearly 1/4 of the foot print. This means that there are no extra software kicking around running as a service. (Adobe installs several including a PDF reader module that will read the PDF to you in a crappy computerized voice. Adobe doesn’t even allow you to un-install it.)

You can get Foxit Reader here:

The original article on why Apple’s software is plagued with bugs. Sorry for not linking to Apple’s website. I don’t want to give them an extra link popularity.

Niiiice… Posted by David Maynor at 1:48 PM Apple just released a Safari for Windows beta at http://www.apple.com/safari. Using publicly available tools we had a DoS in no time. Keeping with our disclosure policy, we do not report bugs to Apple.

UPDATE: Whoops, sorry, thats not a DoS, its memory corruption.

UPDATE 2: Per Request….WinDBG output of a new bug. These are popping out like hotcakes.

UPDATE 3: It appears I am not the only person who had this idea today? http://aviv.raffon.net/CommentView,guid,54A1DB79-0ECB-4F13-99AE-45BAB70C4256.aspx#a0ac5417-013d-43ae-9abc-7d265113892c

UPDATE 4: Thor Larholm has also found a bug. http://larholm.com/2007/06/12/safari-for-windows-0day-exploit-in-2-hours/ I’d like to note that we found a totl of 6 bugs in an afternoon, 4 DoS and 2 remote code execution bugs. We have weaponized one of those to be reliable and its diffrent that what Thor has found. I can’t speak for anybody else but the bugs found in the beta copy of Safari on Windows work on the production copy on OSX as well (same code base for alot of stuff). The exploit is robust mostly thanks to the lack of any kind of adanced security features in OSX, I write about it here.

UPDATE 5: I’ve been asked what our disclosure policy is. Its pretty simple, in most cases we will give vendors as long as they need to fix problems. If the vendor is unresponsive or make threats, we will give them 30 days then release details. If a vendor answers a vulnerability disclosure with marketing and spin attempts, we no longer report vulnerabilities to that vendor but the information goes into our Hacker Eye View program for customers and will be used in pentesting. We do not sell the vulnerabilities to any 3rd party.

I am always willing to give apple the benifit of the doubt. Today I read information from a Mac conference that Steve Jobs said that Safari was 2x’s as fast as Internet Explorer and Firefox. I really don’t know how he was measuring performance because all my monitoring of Internet Explorer vs Safari vs Firefox… Safari came in last. Internet Explorer came in first and then Firefox was in a distant second. Safari’s interface really sucks (in my own opinion) and looks very much like iTunes. I do have to say that this is a BETA of Safari 3 I was looking at. In my own opinion it has quite the way to go. I will continue to use REAL world tests on the this browser and will let you know if anything changes.

Gmail may be an excellent Web-based email application, but there is no easy way to use it with privacy tools like GnuPG. The FireGPG extension for Firefox is designed to solve this problem. It integrates nicely into Gmail’s interface and allows you to sign and encrypt not only email messages but also text snippets from any Web page.

As with any other Firefox extension, installing FireGPG is a matter of a few clicks. However, since FireGPG relies on GnuPG, there are a couple of things you have to take care of in order to make FireGPG work properly. First, you have to make sure that GnuPG is installed on your system. You might also want to install a graphical front end to it — for example, KGpg on (K)Ubuntu — that you can use to manage keys. Finally, you have to generate the key pair required to encrypt and sign mails and text snippets.

Generating a key pair using KGpg is a straightforward process. Launch KGpg and choose Keys -> Generate Key Pair. In the Key Generation dialog box, enter your name and email address. Select the desired key size; the default 1,024 is strong enough, but stronger keys are also available, if necessary. Next, select the desired algorithm (KGpg supports the RSA and DSA/ElGamal algorithms). Press OK, enter the desired passphrase when prompted, and wait until the utility generates the key pair.

Now you can start using FireGPG.

FireGPG - click to enlarge

Since FireGPG integrates tightly into Gmail, using it to sign and encrypt emails couldn’t be easier. Simply select the entire message body, or just the part you want to sign or encrypt, and press either the Sign or Crypt button. Enter the password you specified when you created the key pair, then select the key you want to use, and press OK. This signs or encrypts the messages or the text selection. Keep in mind that when signing the message, you should choose your private key, and when encrypting the email, you have to use the recipient’s public key (you can import it into KGpg using the Keys -> Import Key command).

The FireGPG extension also adds buttons that allow you to manage signed and encrypted messages received from other users. You can use the buttons to easily verify a sender’s signature or decrypt a message.

In a similar manner you can sign and encrypt a selected text fragment on any Web page. This can be useful if you want to encrypt the selected snippet before you insert it into an email message or a text document. To do this, simply select the text snippet you want and use the available commands under the Tools -> FireGPG menu to sign or encrypt the selection.

That’s all there is to it. Using FirePGP is not particularly difficult, and if you often need to sign or encrypt your Gmail messages, this extension will make your life a bit easier.

Checkout the original story here: