|
|
One of the most prevalent Internet threats currently is, no doubt, phishing. This consists of tricking a user to believe they are going to a trusted site like a bank, eBay, PayPal and or some other popular site. The trick is usually done using a web address very similar in appearance to the original (like paypa1.com). At the fake site (which would have the appearance of the authentic web site) the user is asked for personal information like social security number, account number, username, password or birth date, which can then be used to impersonate the user and access their account, money or credit.
|
|
Mozilla Links - English Edition
Issue # 26 - April 28, 2005
_______________________________________
One of the most prevalent Internet threats currently is, no doubt, phishing. This
consists of tricking a user to believe they are going to a trusted site like a bank,
eBay, PayPal and or some other popular site. The trick is usually done using a web
address very similar in appearance to the original (like paypa1.com). At the fake site
(which would have the appearance of the authentic web site) the user is asked for
personal information like social security number, account number, username, password or
birth date, which can then be used to impersonate the user and access their account,
money or credit.
Firefox and Thunderbird provide a number of anti-phishing features. Firefox 1.0.1,
released a couple of weeks ago, comes with International Domain Names support crippled
to avoid phishing attacks. This feature, which allows the use of international
characters like Chinese or Arabic in web addresses (domain names) is properly
implemented by Firefox. However, malicious sites can be created with web addresses
which, when converted to occidental characters in the location
bar, look similar to different trusted sites. Since the risk of being phished is worse
than the inconvenience of having international addresses displayed in encoded form, the
trade off makes complete sense.
Alternatives to this crude fix are being evaluated, including a proposal by Gervase
Markham to associate a specific color to a site so we can easily know if we are at the
original site.
Thunderbird 1.1 will alert when going to a site which web address doesn't match the one
stated in the text of and e-mail link. In the meantime, be alert when visiting
money-related web sites. Double check the complete spelling for the site address, check
the secure connection status and always be suspicious when you are asked for personal
and financial information.
Thanks for reading and please leave your comments at
http://newsletter.mozdev.org/contact.php
Percy Cabello
Mozilla Links
__________________________________
In this issue:
1. BETTER MOZILLA
- Review: ForecastFox
- Tip: Enable Quality Feedback Agent
- PowerTip: Create a New Firefox Profile
- PowerTip: Disable Error Messages Windows
2. NEWS
- Firefox 1.0.3 Released
- Nvu 0.9 Released
- Chronicles of Mozilla
- Moves in The Mozilla Foundation
- Internet Service Provider Offers Firefox to Customers
- Firefox Books
- New Features Coming to Next Thunderbird
- Yahoo! Toolbar Beta Released for Firefox
- Google Desktop Search Final Released With Firefox and Thunderbird Support
- More Products for Firefox
3. COMMUNITY: Asa Dotzler and the Quality Assurance Process
4. MOZILLA PROJECTS
5. POLL
6. CONTACT INFO
________________________________
1. BETTER MOZILLA
________________________________
Review: ForecastFox
___________________
Developed by Jon Stritar, Richard Klein and Alexander Slovesnik
Want to know how is it outside or what tomorrow's weather will be? Well, we know how
accurate weather forecasts can be, but, for current conditions and a best guess of
tomorrow's, provided by The Weather Channel (TM), try ForecastFox. This capable
extension will add small icons or text representing weather conditions to your Firefox
window.
First, look for your city code with the embedded search tool. Then you can start setting
other preferences like number of days to forecast, placement of the forecast icons and
wether you want temperature in Celsius or Fahrenheit degrees or wind speed in miles or
kilometers per hour.
A very welcome feature is profiles. You can create different ones for example for
different cities and easily switch between them by right clicking on the forecast icons.
Customization can go as far as selecting exactly what information you want in the
tooltips that pop up when you hover the weather icons.
ForecastFox is available in 19 languages and, thanks to The Weather Channel, forecasts
and current conditions are available for almost everywhere in the world.
Download it here: https://addons.update.mozilla.org/extensions/moreinfo.php?id=398
Tip: Enable Quality Feedback Agent
__________________________________
If you want to help to make Firefox and Thunderbird, even better products, take note of
this the next time you install one of these products.
During Firefox and Thunderbird, when chosing a Setup Type, select Custom. Click Next
twice and in the Select Components window, check the Quality Feedback Agent. This is a
tiny application that will run whenever Firefox or Thunderbird crashes. It will compile
information about the current product's state and send this information back to Mozilla
for aggregation with thousands of other users' feedback and will help the Mozilla people
to faster identify and solve bugs related to your problem. You will find it is as easy
and unobtrusive as it gets.
For more details, check this month's Community section.
PowerTip: Start With Profile Manager
__________________________________________
Contributed by Percy Cabello
One computer, many users. All accessing with the same account. But you all want a
special Firefox with your own bookmarks, themes, preferences, extensions and toolbar
arrangement. Firefox can handle this with profiles, which as you may guess is your
collection of preferences that makes Firefox unique.
Durig installation, Firefox automatically creates a profile (called default) for the
logged on user. If you need to create additional profiles, in Windows, right click on
the icon you use to launch Firefox and select Properties. In the Target text box, add
"-p" (without the quotes) to the path. Press OK and you are done.
Now launch Firefox with the just edited icon and it will launch Profile Manager. This
tool allows to create and delete profiles. You can even tell Firefox where to create
your profile, so it can be placed, for example, in a folder your backup process will
pick up from. From now on you will be prompted with Profile Manager to select a profile
to start Firefox with.
PowerTip: Disable Error Messages Windows
________________________________________
Contributed by Percy Cabello
When Firefox can't locate a web address entered in the location bar (because it's not
available or you mistyped the address), it show raise a dialog window with the error
message that you will have to close to try entering the address again.
If you find this annoying, you can disable it and have the error displayed in as a page.
To do this:
- Enter about:config in the location bar.
- Look for preference browser.xul.error_pages.enabled, and double click it to set it to
true.
________________________________
2. NEWS
________________________________
Firefox 1.0.3 Released
______________________
On April 15, Firefox 1.0.3 was released featuring several bug fixes and security
vulnerabilities fixes. This a maintenance release so no new features are found here but
users are strongly encouraged to update. It can be downloaded here:
http://www.mozilla.org/products/firefox/
Nvu 0.9 Released
_________________
On February 1, 2005, Disruptive Innovation's Daniel Glazman and Linspire, Inc. released
(http://glazman.org/weblog/dotclear/index.php?2005/02/02/852-nvu-080) the latest version
of Nvu, a Mozilla based web page editor. It features experimental XHTML support, PHP (a
web applications programming language) Comment editing support and line numbers in the
source view. Daniel announced there will be no new features until after version 1.0 is
out. Work will focus on stability and speed.
Get it here: http://www.nvu.com/download.html
Chronicles of Mozilla
_____________________
Mitchell Baker, president of the Mozilla Foundation and Chief Lizard Wrangler tells the
story of the very last hours before Firefox 1.0 release. Down websites, bad fonts, false
alarms, twelve timezones. How Murphy's Law was worked around and came to a happy ending.
Go: http://weblogs.mozillazine.org/mitchell/archives/2005/01/firefox_10_laun_1.html
A few days later, she takes us on back in time again to the first days at the Mozilla
Foundation:
http://weblogs.mozillazine.org/mitchell/archives/2005/01/first_days_at_t.html
And more recenlty, Mitchell was chosen by Time magazine as one of the 100 most
influential people in 2005 (http://www.time.com/time/2005/time100/). Once again, she
chronicles the events here:
http://weblogs.mozillazine.org/mitchell/archives/2005/04/two_interaction.html
Congrats to Mitchell for this important achievement for herself, the Mozilla project and
open source in general.
Moves in The Mozilla Foundation
_______________________________
On January 24, Ben Goodger, Firefox lead engineer announced that he will be leading the
Firefox development as a Google employee
(http://weblogs.mozillazine.org/ben/archives/007366.html). Mitchell Baker, Mozilla
Foundation president, confirmed that this is good for the project since it means more
resources will be available for other activities and expects "Ben's role within the
Mozilla project to be just about the same as the role he's played for the last 18
months".
Darin Fisher, Mozilla's networking module owner and previously employed by IBM and
Netscape/AOL, is also headed to Google
(http://weblogs.mozillazine.org/darin/archives/007401.html). As he notes on his blog, he
will continue to be very much involved with Mozilla.
On the other hand, John Aas, leader of Camino (Gecko-based MacOS browser) and Boris
Zbarsky, a main contributor to several Mozilla products development were hired as part
time employees until they finish college.
Internet Service Provider Offers Firefox to Customers
_____________________________________________________
On January 25, Speakeasy (http://www.speakeasy.net) announced in a press release that it
will be offering its customers a customized version of Firefox. Initially, customization
is limited to adding a menu with links to different Speakeasy services, but in the
future it may make deep changes including VoIP (phone calls over the Internet)
capabilities.
As The Buzz Report commented: "he wants to minimize the chances of hackers turning his
customers' PCs into drones that help perpetrate massive DDoS attacks."
http://www.eweek.com/article2/0,1759,1754842,00.asp?kc=EWRSS03119TX1K0000594
Firefox Books
_____________
On April 14, Pearson Education announced the availability of 'Firefox and Thunderbird
Garage' (http://www.phptr.com/bookstore/product.asp?isbn=0131870041&rl=1) authored by
Mozilla Foundation's Chris Hofmann and Marcia Knous, and John Hedtke.
'Don't Touch The Blue E' by Scott Granneman (http://www.oreilly.com/catalog/bluee/)
helps Internet Explorer users to migrate to Mozilla Firefox.
'Firefox Hacks' (http://www.oreilly.com/catalog/firefoxhks/) by Nigel McFarlane
(http://www.nigelmcfarlane.com/) is aimed at advanced users who want to get into
Firefox's deepest customization capabilities providing 100 tips for fine tuning Firefox.
New Features Coming to Next Thunderbird
_______________________________________
Besides anti-phishing protection commented in the editorial, at least two new features
are coming to the next major version of Thunderbird. New capabilities for stripping mail
attachments from messages. With this, Thunderbird users will be able able to save lots
of space by deleting attachments already saved to a local drive. Also, a new feed
subscription dialog ... that the new dialog have all the stuff I missed.
Read more about the new redesigned dialog in bug 281237. A screenshot of the new dialog
is also available.
Also David Tenser announced a slight improvement to Thunderbird's Start Page. Look at it
here: http://weblogs.mozillazine.org/djst/archives/007530.html
Yahoo! Toolbar Beta Released for Firefox
________________________________________
Yahoo!, Inc. has released the "official" Yahoo! Toolbar
(http://toolbar.yahoo.com/firefox), a handy shortcut to all Yahoo! services. After
installation it will ask if you want to change your homepage to some Yahoo! portal and
if you want to use Yahoo! as your default search engine. Basically all Yahoo! services
are available and you can add as many or as few services to the toolbar as you wish.
Spyware protection should also be coming soon.
Note, that it is a beta (not final) release and has only been tested with Firefox 1.0 on
Windows, but support for Mozilla Application Suite and Netscape, other operating
systems, and international Yahoo! IDs is on its way.
Google Desktop Search Final Released With Firefox and Thunderbird Support
_________________________________________________________________________
On March 7, Google released the final version of its desktop search application with
added Firefox and Thunderbird support. With this addition users will now be able to
search Thunderbird downloaded e-mail messages and Firefox history. GDS is available for
Windows only and can be downloaded from http://desktop.google.com
More Products for Firefox
_________________________
- France based, Lektora, Inc. (http://www.lektora.com/) announced the release of its
sake named RSS feeds aggregator, Lektora 1.0. Now available for Windows only, Lektora
installs for both Internet Explorer and Firefox at the same time.
- Jybe (http://www.jybe.com/download/files/download.aspx), a Firefox extension, allows
you to link your browser to one or more friends' browsers and be able to chat and browse
the web together. Initial features included full frames support, chat, and a PowerPoint
presentation system, with more to come. It is compatible with an Internet Explorer
version so users of Firefox in Windows, Mac, Linux, etc. can collaborate with users of
Internet Explorer.
- Copernic Desktop Search 1.5 now includes Thunderbird support, complementing support
for Firefox recently added.
In The Field
____________
Contributed by Robin Monks
This month has seen some more releasing action with Firefox 1.0.1 and Thunderbird 1.0.2.
Both of these versions address new security vulnerabilities in the Programs. The
question now is, will Firefox 1.1 release on time? Probably not.
Mozilla Lightning is also in the works. Its similarity to Mozilla Sunbird and Mozilla
Calendar is striking, so could the developers be doing double work? A quick look at the
wiki page reveals "Lightning is the working project name for an extension to tightly
integrate calendar functionality (scheduling, tasks, etc.) into Thunderbird"..."While
the Mozilla Calendar extension for Thunderbird acts essentially as an alternate launcher
for the Sunbird application window, Lightning is designed to integrate into the main
Thunderbird UI and user interaction model as tightly as possible". So, apparently
this will spell the end to Calendar.
Meanwhile Netscape's ill-fated DevEdge has been given another chance by Mozilla
Foundation. Deb Richardson has been hired to oversee the DevMo project
(http://developer.mozilla.org). Oddly enough, just days after MozNetwork
(http://moznetwork.mozdev.org) was publicly announced. This will be interesting to
watch, even as integration becomes even more of a necessity.
Spread Firefox will soon be getting a makeover with more community integration and with
more products than just Firefox. A newly announced Project spotlight will allow smaller
projects a bit of advertising space.
That's it for this month, In The Field.
________________________________
3. COMMUNITY
________________________________
How to help to make Mozilla products better ones? The answer may be right on your PC.
This month, Asa Dotzler, Mozilla Foundation Quality Assurance Lead, took a time to tell
us about himself and Mozilla and how all users can help to make these products even
better.
Mozilla Links: Tell us a little about your involvement with the Mozilla project and the
Foundation.
Asa Dotzler: I've been involved with Mozilla for almost as long as Mozilla has existed.
I first got involved testing binaries of the classic source that were compiled by some
of the early Mozilla community members and maybe one or two Netscape engineers. In those
days, mozilla.org did not provide builds.
After some months of testing builds and reporting bugs, I realized that I could help
more by spending some time to teach others how to use Bugzilla to report useful bugs. As
that group of testers and bug reporters grew, mozilla.org saw my work, and the growing
volume of work produced by the volunteer testing community and they hired me to work on
that effort full time as a member of [e-mail:staff@mozilla.org]. I'm still spending considerable
time working to build a more effective community quality and testing organization.
As mozilla.org began to differentiate itself from Netscape, it became clear to us that
we needed our own roadmap and our own release schedule and process. I was invited by
Brendan Eich to join a team of Mozilla technical experts to build the Mozilla 1.0
roadmap and help deliver the releases on the road to Mozilla 1.0. My work with that
group, [e-mail:drivers@mozilla.org], continues today.
When the Firefox and Thunderbird projects were born, I immediately began to contribute
some of my project management skills and my community testing experience to those
projects and I've been intimately involved with all of the with Firefox product releases
in particular.
ML: How does the QA process work and at what levels the community takes part of the
process?
Asa: I like to describe our QA and testing community as a series of concentric circles
with the inner circles being smaller but more focused than the outer circles. The
broadest group of testers are those who download and use all of our releases and offer
either Talkback reports, commentary in forums or on blogs, and occasional bugs in
Bugzilla. That broadest group numbers in the hundreds of thousands.
The next group is somewhat smaller, numbering in the tens of thousands, but more focused
than the hundreds of thousands giving non-bug feedback. This second group is our bug
reporting group. Right now there are 80,000 people who have been active in Bugzilla.
Over 30,000 of them have activity in the last year.
As the time commitment and focus increases, we have a smaller group who do triage,
testcasing, and other Bugzilla activities. This group numbers about 2,000.
Within that group, there are even smaller teams that are focused on specific products or
features. Some of the "stars" in these groups have reported literally thousands of bugs,
triaged thousands of bugs, and attached hundreds of testcases to bugs.
ML: How does the Quality Feedback Agent work? What data is compiled and what is done
with it?
Asa: The Quality Feedback system has two major components. There is a small application
that ships with Firefox and Thunderbird that will start up whenever Firefox or
Thunderbird crashes. It takes note of the circumstances of the crash, including a stack
trace, and sends that information to the second component, the Talkback server.
On the server, these reports are processed and put into a database where we can run
various reports on them. Jay Patel, our primary admin and engineer for the QFA system,
writes all kinds of great reports that let us see which are the most common crashes,
where in the code they're happening, what kinds of sites are causing the crashes, etc.
He extracts this data and files Bugzilla bug reports on the "top crashes".
ML: What has been the impact of including this tool with Firefox?
Asa: This tool has been extremely valuable to the Mozilla developers. We are able to
identify, isolate and resolve our worst crash bugs, and then verify the fixes, with help
from millions of people who use our software and it costs them very little time to help.
My experience with open source QA has taught me at least one valuable lesson, and that
is that whenever you can lower the barrier to entry into testing, you will dramatically
increase the number of people participating. Widespread participation is critical for
any application that runs on as many operating systems and machine configurations as the
Mozilla applications. Talkback is one of the easiest ways that people can give valuable
feedback to the Mozilla development team.
About 1,000 of our worst crash bugs were fixed with help from people submitting Talkback
reports. By my calculations, that's about quarter of all of the crash bugs we've fixed.
And more important than the percentage is that those "top crashes" were the most
frequently observed crash bugs, and fixing them gives us "the most bang for our bug
fixing buck."
ML:What can end users do to take to the "next step" of involvement?
Asa: We're about to launch a new tool that I'm very excited about. Like Talkback, this
tool will ship with the Firefox application and will give users a very easy mechanism to
report websites that do not display correctly. As we do with Talkback, we'll generate
reports that find the most visible and problematic websites and be able to tackle those
problems first. This should be available within the next couple of weeks and hopefully
it will do for our layout and evangelism issues much of what Talkback did for our
stability.
We are an amazingly successful open source project, in a large part, due to our awesome
testing community. This community ranges from the hardcore testcase writer to the casual
Talkback submitter, and everything in between. Without any one of the component groups
of our testing community, we would not be where we are today.
Thanks to Asa for his time for this article! For information on using the Quality
Feedback Agent check this month's Tip.
________________________________
4. MOZILLA PROJECTS
________________________________
Contributed by Brian King
Seamonkey is dead, long live Seamonkey. As the Mozilla Foundation officially stops
development on the Mozilla Suite[1], a new external group has formed[2] to take over the
running of the project. This is another example of the Mozilla Community stepping up and
playing a valuable role. Some people like the idea of a separate browser, mail client,
editor, and so on. Some like integration, so let's hope Seamonkey survives and thrives
in some form, as they can certainly live in parallel. Extension authors will continue to
busily do their thing, creating great little add-ons and larger programs based on
Mozilla technologies. As this month's reports shows, there is still a lot of activity.
mozdev.org currently has over 250 active projects[3] and that number is rising. Full
status reports for March are available on the site[4].
[1] http://www.mozilla.org/seamonkey-transition.html
[2] http://wiki.mozilla.org/wiki/SeaMonkey:Home_Page
[3] http://www.mozdev.org/projects/active.html
[4] http://www.mozdev.org/status/2005-03-14-status.html
Read more about each of these projects in the full report at
http://www.mozdev.org/status/2004-12-20-status.html
________________________________
5. POLL
________________________________
On our last issue, we asked what should be the next step for Firefox development?. Here
are the results:
* Get under the hood and make it as 46%
slim and fast as possible.
* Improve it. Period. 23%
* Focus on spreading the word and 15%
grab more market share
* Improve tab browsing 7%
* Improve Live Bookmarks/RSS support 5%
* Improve current theme 3%
* I'm in net nirvana. Don't touch it. 2%
________________________________
ADVERTISEMENT
________________________________
Get a copy of the Firefox ad in the New York Times. 21 x 26 inches posters now available
at the Mozilla Store for only $6.95.
Visit: http://store.mozilla.org
****
Try OpenOffice.org, an open source office suite available at http://www.openoffice.org.
Then, check the OpenOffice.org newsletter at
http://www.openoffice.org/editorial/spotlightindex.html Open source just gets better!
****
Your ad can be here! Visit http://newsletter.mozdev.org/mlsp.html for more details on
how to reach our 15,000 worldwide subscribers!
________________________________
6. CONTACT INFO
________________________________
Mozilla Links(TM) is a monthly electronic newsletter published by the Mozilla Newsletter
project.
Visit http://newsletter.mozdev.org to subscribe, unsubscribe and set other subscription
options.
YOUR PRIVACY : Only a valid e-mail address is required to receive this newsletter. It
will not be used for any purpose other than those related to this newsletter operation
and administration such as delivery, support, removal or similar.
COMMENTS AND COLLABORATIONS : [e-mail:newsletter-feedback@mozilla.org]
Mozilla Links is currently translated into Traditional Chinese, Czech, German, Italian,
Japanese, Portuguese, Russian and Spanish.
Copyright 2005 by the Mozilla Links Contributors. The Mozilla Links Newsletter is
released under the Creative Commons Attribution-NonCommercial-ShareAlike 2.0 license,
available at http://creativecommons.org/licenses/by-nc-sa/2.0/
|
