HackrNews

K-Meleon is a fast, stable, and unknown web browser. It has the normal features of browsers such as tabs, and automatic history, cookie, and cache cleaners. Its password manager is very nice, and simple. Another awesome feature of K-Meleon is that it allows you to sort sites into “groups”, which allows you to open a bunch of websites in tabs by typing “group name” in the url bar, and then pressing Shift+Enter. Or to open them along side with your already open tabs press ALT+Enter.
K-Meleon also has standard features such as source viewer and print preview.

What I think kills K-Meleon, is its lack of addons. While FireFox has many many many addons, K-Meleon has a couple hundred. But the best of addons has to be the privacy toolbar, it lets you clear passwords, cookies, and your cache with the click of a button. And lets you disguise your browser as another one like IE6, Opera, Netscape, or your own custom ones
To download K-Meleon, or to do more research about it, goto K-Meleon’s Homepage

Here is a full description of the features of K-Meleon:
Choose Your Desired Bookmarking System

K-Meleon is the only browser that allows you to use your existing Internet Explorer Favorites or Opera Hotlist in place of or along with Netscape/Mozilla’s Bookmarks system.

-”Tabbed” Browsing

Through the layers plugin, K-Meleon offers a convenient way to manage the many sites you may visit during a browsing session. Commonly known as “tabbed” browsing, this feature allows you to keep multiple web pages open simultaneously, navigating easily between them by clicking on each page’s “tab” located beside the others on a separate toolbar within the browser. This can be quite helpful when doing extensive web search as it eliminates the need to go back or forward repeatedly to find a previously viewed page. If you wish to have other applications running, this feature will provide a less cluttered Windows task bar.

Mouse Gestures

Introduced and popularized by Opera, mouse gestures are now a common staple among alternative browsers. Through the mouse gestures plugin, K-Meleon offers a quick, easy way to navigate the web by right-clicking on a page while sliding your mouse left or right to go back or forward. Like all of K-Meleon’s other features, the mouse gestures plugin is very customizable and allows initiation of almost all commands and macros.

Complete Toolbar, Menu, Context Menu, & Keyboard Shortcut Customization

One of the defining characteristics of K-Meleon is its extensive user customization feature. You can easily revamp your main menu and context menus by deleting or adding the items of your choice, access any function from your toolbar or assign any keyboard shortcut to any function. There is no need to extract and compile jar files or download various different extensions which may add other unwanted items to a desired feature.

Block Popup Windows

A hazard of browsing the web is the annoying popup window advertisement. K-Meleon comes equipped with a Popup Blocking feature that blocks these popups and also allows you to quickly enable popups at a particular site.

Fast Load Time

The time it takes for K-Meleon to open from when you click its application icon is the fastest of any Gecko based browser. There is even a symbiotic loader to further reduce start time for older, slower PCs.

Easy Web Searching

Click on the Search button in your toolbar to enter items to search for with Google. By default the keyboard shortcut to view the search prompt is Ctrl+G. This, of course, can easily be changed along with the search engine. K-Meleon also supports searching directly from the URL bar with support for Mozilla keywords and Microsoft Quick Search.

Themes & Skins

K-Meleon is one of the simplest browsers to skin and all of its images can be changed to your liking. Visit the TutorialSkinning Guide for instructions. Various user contributed Themes and Skins are available for download.

Macros

K-Meleon’s unique macros plugin greatly expands its features and capabilities. Take a look at just some of the many examples in the MacroLibrary. Once you gain a better understanding of the MacroLanguage you can customize the macros to your liking or submit new macros of your own.

Office apps can be brought down by malformed documents, Symantec says

Microsoft Corp.’s Word 2003 and Excel 2003 can be crashed by attackers who feed the business applications malformed documents, Symantec Corp. reported today.In separate alerts sent to subscribers of its DeepSight threat system, Symantec warned that the bugs — both discovered and disclosed by a Russian researcher with the moniker “sehato” — could be exploited by attackers to bring down the Office applications.

Microsoft denied that the bugs were actually vulnerabilities.

“Microsoft has completed its investigation of new public reports of possible vulnerabilities in Microsoft Office 2003 and Microsoft Excel 2003 [and] has confirmed that these are not product vulnerabilities,” a spokeswoman said in an e-mail. “They are issues that can cause the application to become unresponsive: Users can restart the application,” she added.

“A remote attacker may exploit this vulnerability by presenting a malicious WMF file to a victim user,” said Symantec’s report on the Office 2003 flaw. “The issue is triggered when the application is used to insert the malicious file into a document.”

Specially crafted WMF (Windows Metafile) image files were the root of a major attack in late 2005 and early 2006 that was launched from hundreds of malicious Web sites and compromised thousands of PCs. This bug seems to be different from the 2005/2006 vulnerability.

The Excel flaw can be leveraged by a malformed spreadsheet file rather than a WMF image, Symantec added.

Attacks using either vulnerability require users to download malicious files from a Web site or open them when they arrive as e-mailed file attachments.

Also at risk, said Symantec, is XP’s and Server 2003’s Windows Explorer, the operating system’s file interface. Explorer will crash when attempting to open a malformed WMF image, said the Cupertino, Calif.-based company. Sehato divulged this third bug as well. Microsoft acknowledged it was investigating the vulnerability. The company added that it didn’t know of any active exploits in circulation or of any ongoing attacks.

Problems with Microsoft’s Office software have been endemic since early 2006, and there are no signs that hackers and researchers have emptied its well of vulnerabilities. During 2006, for example, Microsoft issued 13 security updates for Office 2000 and 11 for Office 2003. In the first two months of 2007, it released four bulletins for Office 2000 and six for Office 2003.

And last week, eEye Digital Security announced that its researchers had uncovered the first known Office 2007 flaw

The attack is referred to as ‘anti-anti-anti DNS pinning’

Google Inc.’s PC search software is vulnerable to a variation on a little-known Web-based attack called anti-DNS (Domain Name System) pinning, which could give an attacker access to any data indexed by Google Desktop, security researchers said this week.

This is the second security problem reported this week for the software. On Wednesday, researchers at Watchfire Corp. said they had found a flaw that could allow attackers to read files or run unauthorized software on systems running Google Desktop.

As with Watchfire’s bug, attackers would first need to exploit a cross-site scripting flaw in the Google.com Web site for this latest attack to work, but the consequences could be serious, according to Robert Hansen, the independent security researcher who first reported the attack. “All of the data on a Google desktop can now be siphoned off to an attacker’s machine,” he said.

Cross-site scripting flaws are common Web server vulnerabilities that can be exploited to run unauthorized code within the victim’s browser.

Hansen, who is CEO of Sectheory.com LLC, did not post proof-of-concept code for his attack, but he said that he has “tested every component of it, and it works.

Google said it is investigating Hansen’s findings. “In addition, we recently added another layer of security checks to the latest version of Google Desktop to protect users from vulnerabilities related to Web search integration in the future,” the company said in a prepared statement.

Anti-DNS pinning is an emerging area of security research, understood by just a handful of researchers, said Jeremiah Grossman, chief technical officer at WhiteHat Security Inc. The variation of this attack described by Hansen manipulates the way the browser works with the Internet’s DNS in order to trick the browser into sending information to an attacker’s computer.

“Once you can re-point Google to another IP address, instead of Google getting the traffic, the bad guy does,” he said.

Because this type of attack is so difficult to pull off and poorly understood, it is unlikely to be used by the criminals any time soon, Grossman said. But anti-DNS pinning shouldn’t be ignored, he added. “We should keep our eyes on it in case the bad guys shift gears.”

News of the attack comes as Google is trying to enter the desktop productivity market. On Thursday, Google launched a suite of Web-based collaboration software, called the Google Apps Premier Edition, which analysts say could become a competitor to Microsoft Office.

The troubling thing about the attack Hanson identified, which he calls “anti-anti-anti DNS pinning,” is that very little can be done to avoid it, short of eliminating cross-site scripting vulnerabilities on the Web.

“This is really just fundamentally about how browsers work,” he said. “If you allow a Web site to have access to your drive — to modify to change things, to integrate or whatever — you’re relying on that Web site to be secure.”

Hansen and Grossman said Google is not the only company vulnerable to a growing category of Web-based attacks. For instance, MySpace.com was hit when a fast-moving worm spread through the MySpace community in early December, stealing MySpace log-in credentials and promoting adware Web sites.

“A lot of these new attack techniques are going to require the browsers to improve,” Grossman said. “The users really have very little ability to protect themselves against these attacks,” he said. “It’s very bad. Even the experts are afraid to click on each other’s links anymore.”

The Mozilla Foundation released updates for its Firefox browser on Friday to plug a number of security holes, including several crash bugs that have the potential to be exploited and an issue with how the browser handles hostnames.

The open-source group updated both Firefox 2 and 1.5 to versions 2.0.0.2 and 1.5.0.10, respectively. The update includes a single critical-rated patch that fixes three memory corruption issues that cause Firefox to crash but that could also likely be exploited. Another issue with how the application handles the setting of hostnames could aid phishing attacks.

Users should be updated automatically or can select “Check for updates…” from the Help menu.

“If you already have Firefox 1.5.0.x or Firefox 2.0.0.x, you will receive an automated update notification within 24 to 48 hours,” stated a message from the Mozilla Foundation posted on its developers’ blog.

The Mozilla Foundation released the Firefox 2 browser last October, adding improved tabbed browsing and better search options. However, Mozilla and Microsoft–whose Internet Explorer 7 browser shipped a week earlier–competed on their anti-phishing features. The hostnames issue was discovered by Michal Zalewski, a polish researcher that previously discovered a flaw in how both Mozilla and Microsoft’s browsers handled keystrokes.

The update to Firefox 2 fixes some compatibility issues with Windows Vista. Firefox 1.5 does not support Vista and users are advised to upgrade to 2.0.0.2, the group said.

Google, fighting to consolidate its trademark globally, faces an obstacle in the world’s second largest Web market. China’s www.Gmail.cn is refusing to sell its Internet address to the U.S. giant.

A legal source told Reuters on Monday that Google was trying to buy the Internet domain name www.gmail.cn, which is run by Beijing-based ISM Technologies.

The name closely resembles Google’s internationally known email service, www.gmail.com, and the colours in which the two logos are written are similar. The ‘.cn’ suffix is commonly used for Chinese domain names.

Google recently began offering free Gmail accounts in China to promote its brand among local users.

‘Google has contacted Gmail.cn about the Web address and logo issue, but there is no progress so far,’ said a legal source in Shanghai familiar with the situation.

ISM Technologies – which on its Web site www.ism.net.cn claims to be the largest wholesale Internet domain registrar accredited with Chinese government-backed Internet body CNNIC – refuses to sell, but there is as yet no sign that Google will sue, the source added.

Google’s China spokeswoman Jin Cui did not answer repeated calls to her mobile phone. A spokesperson for Gmail.cn could not be contacted by telephone calls to the company’s Beijing offices.

Google is already embroiled in legal action, launched earlier this month, against a group of Polish poets to stop them using the Web address www.gmail.pl, European news reports have said. The company also this week reportedly lost an attempt to gain sole control over the Gmail trademark in Switzerland.

But the Gmail.cn case may prove more complicated, given that intellectual property issues in China can become complicated by politics, the source added, especially between U.S. and Chinese firms.

‘It’s unlike the Polish case. The Chinese company is also an Internet service provider which provides mail services, and Gmail can literally just be referring to a 1G mailbox or something like that,’ said the source, referring to the 1 gigabyte-sized mailbox.

Google already owns local Web addresses www.google.com.cn and www.google.cn, aimed at the world’s second-largest Internet market after the United States with around 137 million Web users.

Google is fighting to narrow the gap between its market share of around 17 per cent in China and market leader Baidu.com’s share of around 58 per cent.

And Google’s trademark worries may not end with China.

A search on several domain registration Web sites showed that variations on ‘gmail’ were still available for purchase and www.gmail.de called up a Web site for a German courier service.

Reuters