Google announced in a blog post on Friday that from the beginning of March, certain key functionality in Google Docs and Google Sites “would not work properly” with IE6 and older versions of other browsers.

“Please take the time to switch your organisation to the most up-to-date browsers available,” said Rajen Sheth, Google Apps senior product manager, in the blog post.

The company is urging Google Apps users to move to IE7, Firefox 3.0, Chrome 4.0 or Safari 3.0, or more recent versions of those browsers. Net Applications put IE6’s share of the general browser market in January at about 20 percent, bettered only by IE8 at 22 percent. In April, Forrester Research found that 60 percent of enterprises used IE6 as their default browser.

Google has not specified precisely which Apps functionalities in older browsers will be affected. However, the company said it wants to support HTML 5, the latest version of markup language HTML, which is not supported by older browsers.

“Older browsers were not designed to handle new web-based applications, which means they don’t support modern web technologies like HTML 5 and advanced JavaScript processing,” a Google spokesperson said. “For example, IE6 doesn’t support HTML 5, and IE6 and [Firefox 2] do not process JavaScript nearly as efficiently as newer versions of IE and FF.”

The dropping of support means Google will not fix issues specific to older browsers and will not develop new features for them. However, users will still be able to access Google Docs and Sites using the software.

“With Google Docs, we plan on continuing to support view-only mode in IE6, and we will still support viewing of Google Sites in IE6,” the company’s spokesperson said.

Goggle’s phasing out of support for IE6 has nothing to do with the recent security problems Google encountered through IE6 use, according to the spokesperson.

“No, this was already planned and is being done so we can continue using the latest web technologies to bring new, innovative features to our users,” the spokesperson said. “We’re following other companies that have done the same, like Twitter, Facebook and Microsoft for Office Web Apps.”

Earlier this month, Microsoft admitted that Chinese attacks on Google and other companies had exploited a hole in IE6, which was also present in IE7 and IE8.

At the time, the flaw did not have a patch, leading the French and German governments to recommend that users update to the later versions of IE, or switch browsers.

The UK government urged users to update their browsers, but said that switching browsers was unnecessary. Various government departments, including the Department for Work and Pensions (DWP), the Department of Health (DoH) and the Department for Business, Innovation and Skills (BIS) use IE6 on all desktop and laptop computers.

The DoH issued advice to its users on 21 January saying they should upgrade to IE7. “It is recommended that organisations still using Internet Explorer 6 on the affected platforms upgrade to Internet Explorer 7,” it said, in email advice seen by ZDNet UK. Internet Explorer 7 has gone through an internal accreditation process, said the DoH, and as a result has been verified to work correctly within the central NHS system, known as the NHS Spine.

Microsoft released an out-of-band patch for the IE zero-day on 21 January.

The proposed extension, called Client IP information in DNS requests, would send along the first three quarters of a user’s IP address along with an DNS request. The last quarter would be cut off to preserve some privacy, but the first part should be enough to geographically target the answer in some cases, Google said in a blog post on Wednesday.

As designed, it would, for example, return the address for Google’s Dutch server, not Google’s California server, to a user in the Netherlands who needs to reach it.

For more on this story, see Google proposes geo-smart Internet speedup on CNET News.

NEC said on Monday that NTT will demonstrate the handset receiving streaming high-resolution video across an LTE network at Mobile World Congress, which kicks off on 15 February in Barcelona. According to NEC, the handset uses an LTE chipset that was developed by Fujitsu, NEC, NTT DoCoMo and Panasonic, and first sampled in October.

LTE, the ‘long-term evolution of 3G’, is the successor to HSDPA and is roughly 10 times faster, providing theoretical downlink speeds of at least 100Mbps and a theoretical uplink of at least 50Mbps. The technology was designed to reduce latency in data transmission and improve the efficiency of frequency usage, making it more suitable than 3G for services such as streaming HD video, video conferencing and online gaming.

The world’s first commercial LTE mobile broadband services went live in Oslo and Stockholm in December through the Scandinavian operator TeliaSonera, which is initially offering LTE access via a mobile dongle.

Huawei announced in December that it had completed its first UK-based LTE trials, held in conjunction with O2, that reached maximum downlink throughput of 150Mbps. The trial took place in the Slough area, where O2’s headquarters are located.

NTT has said it plans to spend between ?300bn-?400bn (?2bn-?3bn) on LTE rollouts over the next five years.

Ever since the beginning of the Chromium project, friends and coworkers have been asking me to add support for user scripts in Google Chrome. I’m happy to report that as of the last Google Chrome release, you can install any user script with a single click. So, now you can use emoticons on blogger. Or, you can browse Google Image Search with a fancy lightbox. In fact, there’s over 40,000 scripts on userscripts.org alone.

Installation is quick and easy, just like installing an extension. That’s because under the covers, the user script is actually converted into an extension. This means that management tasks like disabling and uninstalling work just like they do with extensions.

Note that user scripts are powerful software and have full access to your private data on any web site. So, for example, they could read all your web mail or access your online bank. Be sure to read the comments on any user scripts in order to decide whether you trust the author with this power.

Also keep in mind that some user scripts won’t work in Google Chrome yet, because of differences between it and Firefox. Based on some analysis that the current maintainers of Greasemonkey did, I expect between 15%-25% of scripts to not work in Google Chrome. If you find such a script, you should consider letting the author know. There may be something he or she can do to easily fix the problem. In the meantime, we’ll keep working on bugs on our side to bring our implementation closer to Greasemonkey.

Have fun trying out the thousands of available scripts. And don’t worry - If you get bored, there’s lots more extensions at Google Chrome’s extension gallery.

A new study has revealed – rather reiterated - that internet users nonchalantly continue to set unimaginative, fatuous passwords. The study appraised 28,000 passwords that were recently stolen from a U.S website.

Sixteen percent of the users had set their first name as their password. Around fourteen percent chose easiest to recall key combinations, including “1234” and “12345678”. Other users, who apparently don’t rate their mathematical ability highly, chose to steer clear of numbers and settled for passwords such as “AZERTY” and “QWERTY”.

Five percent of the passwords were found to be inspired by popular things and celebrities, including names of movies, TV shows and actors. The strongest password in this category was found to be “Ironman” as it sounds impenetrable.

Three percent of the people reckon passwords are another medium of expression. How else would you explain passwords like “Iloveyou” and “Ihateyou?”

Alan Bentley, regional VP EMEA of Lumension, said even though there are only two critical patches being issued tomorrow, it could still be a hectic week as the most critical patch this month is the IE bulletin requiring a reboot of all XP and Vista machines in the organisation running IE 7.

Bentley said: “Large-scale reboots of all desktops can lead to disruption and productivity hits if not planned and coordinated appropriately. As organisations are looking at the IE 7 update, they should also look at the recently released critical update for the Firefox browser, more stealthy malware is being introduced to endpoints via browser exploits; therefore, critical browser updates need to be made a higher priority than ever before.”

Regarding the critical patch that will cover the vulnerability in the Exchange mail server software, he claimed that this has proven to be the easiest target for hackers to infiltrate, as if they are able to compromise an organisation’s Exchange Server, then they will be able to intercept every email coming and going, essentially making it open to every corporation across the globe.

Bentley said: “Given the proximity of the Exchange Server to external data entering the network, organisations will want to deploy this update immediately. However, critical email services are often subject to change control processes that could make an urgent deployment a complex matter.

“If this ends up being a web-facing vulnerability, then it will be highly critical to patch as IT professionals constantly have to make sure these types of systems are patched and secure while running efficiently at the same time. Although the Exchange vulnerability is critical, organisations will want to read the details carefully when the full patch comes out to see if there are any mitigating controls.”

He also claimed that organisations should consider the update for the SQL Server as critical, despite it only being named as ‘important’.

Leonard said: “The usual suspects have emerged as expected, with Valentine spam emails and Trojans. The public are becoming more aware of these and it is getting harder to trick people this way. Cybercriminals are also taking their efforts to social networks, given its rising popularity and potential to manipulate the user through ‘friend’ messages.

“Organised criminal units have a long history of timing their attacks to coincide with popular occasions in order to achieve maximum success. Valentine’s Day 2009 is a day that is similarly marked on the criminals’ calendar for targeted attacks.”

Websense has warned of three key signs of fake sites: ‘Broken Hearts’ sites show colourful images such as puppy dogs or a picture of 12 pretty hearts and ask ‘Guess, which one is for you?’. The web page however is one big image and a single click from a tricked user commences the download of Trojans named “onlyyou.exe” or “youandme.exe”, which can connect to remote websites to receive commands and send information about the compromised system.

‘I am your friend’ uses social networking tricks to get users to visit fake sites, with Websense claiming that a popular technique at the moment is spam email pretending to originate from social networking sites – complete with love hearts and cartoon characters. Clicking through to the link would download a Trojan designed to steal log in credentials for banking sites.

Seventy per cent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. Specially created malicious sites are in decline as cybercriminals switch to compromising ‘trusted’ websites. Websense claimed that as there is increased confidence in shopping and researching online - a lot of which happens whilst in the office – people are turning to the internet to order flowers, chocolates and other gifts and cybercriminals are compromising these sites and stealing data.

Leonard said: “The underground economy is positively flourishing as companies fail to keep up with security technology. Criminals are taking advantage of the growing number of Web 2.0 properties, which allows user generated content. More than ever we’re seeing websites injected with links to direct users to malicious and compromised sites.

“Since many email security systems lack web intelligence, spammers have also stepped up email campaigns which contain links to malicious web pages. It’s clear that businesses need security with real-time protection, but until this becomes the norm – cybercriminals will continue stealing data and breaking hearts.”

The website of Russian IT security provider Kaspersky Lab was hit at the weekend by a Romanian ‘white-hat’ hacker.

A group calling itself ‘the Romanian Security Team’ claimed that the hackers achieved full access to the database supporting the websites – which includes customer data – by simply altering a parameter in the URLs. They could also perform SQL injections to remotely introduce harmful code into the database.

The group also claimed to have hit the Portuguese site of US anti-virus provider BitDefender, with the personal details of thousands of users viewed. The hackers said that they alerted the two companies of the security flaw and did not expose any of the data they found.

Kaspersky Lab said in a statement: “On Saturday February 7 2009, a vulnerability was detected on a subsection of the usa.kaspersky.com domain when a hacker attempted an attack on the site.

“The site was only vulnerable for a very brief period, and upon detection of the vulnerability we immediately took action to roll back the subsection of the site and the vulnerability was eliminated within 30 minutes of detection. The vulnerability wasn’t critical and no data was compromised from the site.”

Gunter Ollmann, chief security strategist at IBM’s Internet Security Systems, said: “I hope that Kaspersky administrators fix this vulnerability rather quickly as they no doubt have a large customer base, and it would appear that all those customers are now exposed

“On top of that, this type of critical flaw can probably be used to usurp legitimate purchases and renewals of their products - which could include the linking to malicious and backdoored versions of their software - thereby infecting those very same customers that were seeking protection from malware in the first place.”

“This is not good for any company, especially for a company dealing with security,” acknowledged Roel Schouwenberg, a senior antivirus researcher at Kaspersky, in a conference call last week. “This should not have happened.”

The company had revamped the U.S. support site and relaunched it on Jan. 28. From that point until Feb. 7, the support database was open to attack, Schouwenberg said. The revamped site has now been replaced by the old version.

In a blog post, the hackers claimed that they were able to access a customer database that held e-mail addresses and software-activation codes by launching a SQL injection attack.

Schouwenberg confirmed that the database was hacked via SQL injection, but he contended that only the database’s table labels were accessed, not the customer data. However, the e-mail addresses of about 2,500 customers and some 25,000 activation codes were at risk, he noted.

Schouwenberg said the hack was made possible by a combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky.

Kaspersky hired Next Generation Security Software Ltd.’s David Litchfield, an expert on SQL injection attacks, to audit the systems. His report, delivered Feb. 12, confirmed Kaspersky’s findings.

It is to provide certification to protect premium digital TV content against piracy with the new CI Plus Common Interface Standard. TC TrustCenter will provide certificate issuance and management services and the necessary registration for all manufacturers of TV devices, digital recorders and conditional access modules that want to license the CI Plus standard.
The CI Plus standard is an enhancement of the existing CI specification that eliminates vulnerabilities in content protection for Pay-TV content.

To ensure optimum security between the CA Module and the digital receiver, the new CI Plus standard uses a collection of established, industry accepted and validated techniques, including key management, device and message authentication and encryption.

The founder members of CI Plus - Sony, SmarDTV, Samsung, Philips and Neotion – have appointed TC TrustCenter to cover everything from vetting to verification of subscription requirements to contract management.

Michelle Lewis, account executive at TC TrustCenter, explained that before, people could hack in and download the films, which leads to piracy and forced the manufacturers to plug the hole and offer security.

Lewis said: “We offer digital certification for authentication and scrambling when they are being downloaded to the set top box or TV set. CI Plus injects the certificates into the TV that are created by TC TrustCenter. This is going to enable more business to be done as the providers want to enable secure downloading for consumer services.”

Mark Londero of CI Plus, said: “We chose TC TrustCenter because they demonstrated excellent technical expertise and an impressive responsiveness in adjusting to and acting on our specific requirements throughout the selection process.”