Firefox Phishing Exploit

Firefox has a built-in phishing filter that checks whether a site is blacklisted, and warns the user of the potential fraud and information theft a phishing site could do. It uses Google’s database or a downloaded list of sites according to the user’s preference.

What follows is a quote from The irc.mozilla.org QDB, which caught my attention. Not only because I understood it, but also because I’ve already done it. It talks about a certain exploit to Firefox’s phishing protection/filter system.

Someone nicknamed Hixie[1] stated:

woah

i think i just found a semi-serious issue with the phishing protection in firefox

i went to a site that triggered the warning

and my immediate reaction (without really thinking) was “oh i wonder why that is blocked, let’s have a look” and i immediately opened it _in IE_.

possibly the worst thing i could have done.

I just realized the gravity of the situation when I remembered doing the same mistake he just said a lot of times before. But, it came to me that there is just no workaround to curiosity.

Oh, wel— … Hmmm …

… But then again, there’s Linux.

Footnote:

  1. ^ I guess this is Ian Hickson, but I’m not so sure.

Firefox 3 Beta 1 Review

I’ve installed the new Firefox 3 Beta 1 on my Windows XP system back home. At first sight, nothing is so much noticeable about the new version. Only the bookmark button on the location bar is visibly different. But I’d share to you some features I’ve tried and liked, hoping you’d like them, too.

Firefox have been late to implement the following features that other browsers have already. Late as it may seem, Firefox integrated the best from three different competing browsers.

Resizer toolbar item
This nifty toolbar item lets you resize relative-width toolbar items (i.e., location bar, search bar, and flexible space) just like how Apple Safari lets you.
Full-page zoom
Images and objects now joins text when you resize just like in Opera and Windows Internet Explorer 7.
WaSP Acid2 Browser Test compliance
Now only Internet Explorer is the major browser left that doesn’t pass the test.

I’ve considered Mozilla Firefox the most innovative browser in the market since I’ve discovered it way back pre-1.0 versions. Here are some features as proof they are still leading the race:

Improved password saving
Instead of the usual dialog prompt that asks the user whether one wants to save the password before submitting the login information, Firefox 3 uses the notification bar so that the user could first confirm whether the password is correct (meaning successful login) before saving it.
Multiple text selections
Text could be now be selectively highlighted at the same time. Just hit Ctrl while doing selections using the left mouse button. Multiple copy-pasting and switching between windows isn’t necessary anymore. BTW, you still can’t deselect a portion even when using Ctrl, though.
Improved location bar autocompletion
Usually, autocompletion lets you type the first letters of the address and will try to fill in the rest (with or without the protocol and/or the www subdomain). Now, Firefox 3 tries to find all history entries using the rest of the address along with the title of the page. So, if you could remember just the specific page address, which is usually my case, or title, but not the domain, you could still find what you are looking for.
Resumable downloads
In Firefox 3, you could now resume paused downloads even when you quit Firefox, and it automatically continues downloads if the browser or system crashes.
Improved multiple opening of bookmarks in tabs
Bookmark folders feature an Open in Tabs option that now appends tabs instead of replacing all tabs on the current window, the behavior in previous versions. Take note the the current tab will be replaced by the first bookmark on the folder when using left-click, use middle-click to open everything on new tabs.

So, there you go—my preliminary review of the next-generation Firefox browser. Please note that this does not include the tons of other new features and improvements from the preceding versions, but only those I find most interesting.

If you’re still reluctant to try the beta, you may want to upgrade your current installation of Firefox to the latest stable security/bug-fix, version 2.0.0.10.

UST Web Site Redesign

I was trying to check the University calendar on the UST Web site for the preliminary examinations schedule when I noticed the redesign and restructure planned for it has already been implemented. Excitedly, I saw some of the things I’ve dreamt of doing for it[1] accomplished on the reboot.[2]

These include:

  • Porting the site from ASP to PHP; and,
  • Complying with the XHTML 1.0 and the CSS 2 recommendations.

A very clean design added to its beauty and usability. And, scripting features that makes the layout fluid or fixed, as well as changing the font size according to the users’ preferences, made it more accessible. Two very good steps to have been taken, IMO.

I remember checking it a day after the said reboot, the news roller was a bit misaligned in Mozilla Firefox, Opera and Safari,[3] but was rendered as desired in Internet Explorer 7. Now, four days later, after browsing it again to continue writing this post, I see they’ve already fixed the alignment problem for the major browsers with the exception of Safari/Win—now I have nothing to rant about the site being made with only IE anymore. Heh.

The new design also features compliance badges from W3C, which results to only a single markup error that is, IMO, fairly forgivable for an elaborate design and a complex site structure. That error may even be caused by the CMS[4] itself for one of its modules automatically placing a <link /> to a style sheet wherever it was inserted.

I haven’t seen much improvement in a single reboot for the site as far as I could remember.[5] The move to open source software, Web standards compliance, and accessibility with usability is, IMO, the best direction any Web site could have taken. Kudos to the Webmasters of the new UST Web site!

Footnotes:

  1. ^ when I volunteered to be a TomasinoWeb member
  2. ^ another term for redesign; from CSS Reboot
  3. ^ all on the Windows platform
  4. ^ namely, Joomla!
  5. ^ with three designs, as of now

Hindering Standards Advancement

IMO, there are two ways to hinder the advancement of Web standards:

  1. To continue legacy practices, holding back on new, better ones; and
  2. To keep inconsistencies between Web developers and designers, and user agent, tool and software developers.

Legacy Practices

I still haven’t studied much about the endianness of character encodings, but it sure is one thing I’ve seen that exhibits a legacy practice recommended by W3C. I’ve been placing a Unicode Byte-Order Mark before the output of my WordPress themes since my text editor featured its control on UTF-8 encoded files. After subjecting it to the W3C Markup Validation Service, I encountered a warning that says:

The Unicode Byte-Order Mark (BOM) in UTF-8 encoded files is known to cause problems for some text editors and older browsers. You may want to consider avoiding its use until it is better supported.

I’ve actually tried placing the BOM because Google Webmaster Tools report my site to have been encoded in ASCII even though I have set the HTTP Headers to respond, and <meta/> elements to indicate otherwise. After doing so, Google Webmaster Tools reported about 50% of my site is on UTF-8 that I concluded it reads pages’ encodings using the BOM.

The first time I’ve read that warning, an insight immediately struck me regarding legacy systems and practices. So, I just want to ask: Why are they enforcing legacy practices to be continued by Web designers and developers instead of enforcing new and current standards to be implemented by user agent, tool and software developers?

Incomplete Implementation

I’ve written much of the above article about a week ago, but it just came short of publication. I thought my so-called insight is very limited with regards to the current issues between Web and software development that I decided to postpone publication. It still would be on draft status if not for Molly Holzschlag saying just recently, HTML5 and XHTML 1.1+ MUST Stop for Now. I was puzzled why one of the most famous standardistas I look up to said that. The title would seem to mean she has just begun to dislike the improvements to Web standards. But after reading the whole article, I totally agreed. BTW, she meant:

  1. COMPLETE HTML 4.1 [sic], XHTML 1.0 and CSS 2.1 in specs and browsers where applicable
  2. CALL for consistent implementation of these most basic specifications in all current browsers and devices to this point
  3. WAIT for future HTML, XHTML and CSS implementations until these implementations are complete
  4. FOCUS on JavaScript and DOM fixes and implementations as we come up to par with markup and style

The only way new Web standards would be supported is to implement completely the current and existing ones. This would also make legacy practices be needed no more. Molly didn’t say that the progression of Web standards should be stopped forever, but the terms for now should be emphasized as long as incomplete implementations exist—and she’s talking about no specific user agent as even Mozilla, Opera and Safari have no perfect support, just better ones. So … I question no more.

Safari 3 Beta for Windows

Last time when I was reviewing new releases of Windows Web browsers, I was hoping I could get my hands on a Mac—or at least the money to buy one—so I could review Safari as well. But, I don’t think I would be drooling for it any sooner. I was browsing my Live Bookmarks when I saw a post from WaSP announcing the release of Safari 3 Public Beta for Mac and Windows. Yes, you heard it right … Safari’s new public beta is made for Windows as well!

I don’t think I’d be switching from Mozilla Firefox, though, especially now that Firefox 3 is nearing its release. Besides, common shortcuts I use with Firefox don’t work with Safari such as tab switching [Ctrl+Tab], open new tab [Double-click on Tab Bar], and maybe many more[1] that it has to have some getting used to. But, as a Web developer, it sure is very convenient to have four major browsers—Mozilla Firefox, Opera, Apple Safari, and Windows Internet Explorer—on a single box for cross-browser testing.

Contrary to what Yuga said, I think Safari is fast. It loaded my home page’s Extended Live Archives and some other DOM scripts lag-free. But, the startup isn’t as fast as Opera’s still.

So if you will, you could download Safari 3 Public Beta from Apple.

  1. ^ I’ve only been using it for just about 30 minutes.