Gazelle relies on a ‘browser kernel’ that could offer far greater security than Google’s Chrome, Mozilla’s Firefox, or Microsoft’s own Internet Explorer

Gazelle also aims to limit the dangers posed by programming flaws in browser plug-ins. Plug-ins are small bits of code that enable other programs to run within a browser, but they’ve also been known to contain vulnerabilities that can allow a PC to be hacked.

Oracle White Paper - Nucleus Report: Who’s ready for SMB? - read this white paper.

In Gazelle, the plug-ins are sandboxed, or isolated from the rest of the system, so that a bad plug-in would only affect the particular Web page’s plug-in process and not the whole PC.

But one huge problem with Gazelle’s approach is that existing plug-in code would have to be rewritten or ported to interact with Gazelle’s browser kernel system calls. That’s difficult since plug-ins are written by a wide variety of software vendors whose development schedules don’t necessarily work in perfect sync with those of browser developers.

Other parts of Gazelle borrow from IE code not related to security. For example, the researchers said they didn’t want to write a new HTML parser, so they used IE7’s Trident renderer and JavaScript engine.

In compatibility tests, Gazelle correctly rendered 19 of the top 20 sites ranked by Web survey firm Alexa. The paper warns that the new security of Gazelle does introduce “performance overhead” — especially for sites such as the New York Times Web site — but further work should be able to make it faster.

Amazon.com Inc. says it is shipping the new version of its Kindle electronic reading device a day earlier than it initially planned.

The Seattle-based online retailer said it began shipping the $359 Kindle 2 on Monday to make sure it is going out to customers by Tuesday, which was the date it gave when Amazon announced the updated device on Feb. 9.

The new Kindle keeps the same price as the first version of the e-reader, but is thinner and includes upgraded features. It can store more 1,500 books - instead of 200 in the previous version - and can read text aloud from two small speakers on its back.

Microsoft Corp on Sunday announced the creation of a website, Elevate America, aimed at improving access to job training tools.

The site provides resources to help individuals gain the technical skills needed for acquiring jobs, the world’s largest software company said.

The economy has shed 3.6 million jobs since the recession began in December 2007 with about half of the decline occurring in the past three months, recent Labor Department data showed.

The website provides access to several Microsoft online training programs, including how to use the Internet, send e-mail and create a resume, as well as more advanced programs on using specific Microsoft applications.

“We are also providing a full range of work force development resources for state and local governments so they can offer specialized training for their workers,” said Pamela Passman, corporate vice president of Microsoft Global Corporate Affairs.

Internet Explorer 8 IE 8 is nearing the finish line, with a March release to manufacturing looking like a distinct possibility. But is IE 8 — or, more accurately — Web site developers and owners — really ready?

I have been testing IE 8 since the code became available publicly. And one thing that hasn’t changed much over the past several months is the fact that many Web sites still aren’t compatible with IE 8.

I’m not blaming the site owners here. Microsoft officials have known all along that even though the IE team is doing the “right” thing by finally making IE more standards-compliant, they are risking “breaking the Web” because the vast majority of Web sites still are written to work correctly with previous, non-standards-compliant versions of IE.

Microsoft has tried to mitigate the effects of moving to a default standards-based view in a few ways. IE 8 comes with a “Compatibility View” button that will “fix” a seemingly broken site if a user knows to press it. Microsoft went a step beyond this with IE 8 Release Candidate 1, issued in January, by adding a downloadable list of sites that would automatically trigger IE 8 to move directly to compatibility mode, rather than standards mode.

Here is the list of the 2,400 sites that are on Version 1.0 of Microsoft’s Compatibility View list.

The Compatibility View list includes some major sites — Apple.com, CNN.com, eBay, Facebook, Google.com, NYTimes.com — even Microsoft.com ! — and lots, lots more. Users also have the option of adding IE-8-incompatible sites they visit that didn’t make it onto the list that will be appended to the schema list they download.

A new technique developed by scientists at UC Berkeley and University of Massachusetts Amherst may drastically increase the ability of devices to store things.

Cal officials called the technique “innovative and easily implemented,” on Thursday.

The method lets microscopic nanoscale elements precisely assemble themselves over large surfaces.

Scientists said the technique could soon open doors to dramatic improvements in the data storage capacity of electronic media.

“I expect that the new method we developed will transform the microelectronic and storage industries, and open up vistas for entirely new applications,” said co-lead investigator Thomas Russell, director of the Materials Research Science and Engineering Center at UMass Amherst and one of the world’s leading experts on the behavior of polymers. “This work could possibly be translated into the production of more energy-efficient photovoltaic cells, for instance.”

Russell conceived of this new approach with co-lead investigator Ting Xu, a UC Berkeley assistant professor. They describe their work in the Feb. 20 issue of the journal Science.

“The density achievable with the technology we’ve developed could potentially enable the contents of 250 DVDs to fit onto a surface the size of a quarter,” said Xu.

A large and rapidly growing campaign to get users to stop using IE6 is being implemented throughout Europe. ‘Leading the charge is Finn.no, an eBay-like site that is apparently the largest site for buying and selling goods in all of Norway (Finn is Norwegian for “Find”).

Earlier this week, Finn.no posted a warning on its web page for visitors running IE 6. The banner, seen at right, urges them to ditch IE 6 and upgrade to Internet Explorer 7.’ The campaign is now spreading like fire on Twitter (#IE6), and starting to become an amazing effort by big media companies to get rid of IE6! The campaign also hit Wired some hours ago

Despite extreme measures to prevent U2’s new album from appearing prematurely on the Internet, copies of the band’s “No Line on the Horizon” have begun circulating on file-swapping networks–a full week before its official release.

CD-quality copies of the band’s 12th album, which is slated for release in Ireland on February 27 and worldwide on March 3, started appearing Wednesday on BitTorrent and now reportedly number in the hundreds of thousands. Copies were also found circulating on LimeWire.

Attackers are making the rounds and exploiting a critical security flaw in Adobe Reader 9 and Acrobat 9.

Earlier versions of the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person’s computer, Adobe Systems warned Thursday.

Reports also surfaced that attackers have developed an exploit and are taking advantage of the flaw, the company said.

Adobe has yet to develop an update to address the vulnerability but noted it expects to have one ready for Adobe Reader 9 and Acrobat 9 by March 11. After that, the company expects to launch updates for the earlier versions of the software going back to Adobe Reader 7 and Acrobat 7.

Until then, Adobe advises, people should update their virus definitions and exercise caution when opening documents from unknown sources.

Netflix is considering offering a streaming-only pricing tier as soon as next year, according to comments made by CEO Reed Hastings in a report by Bloomberg.

The streaming-only membership could be popular among those with Netflix-enabled devices (such as the Roku Netflix Player, Xbox 360, and LG BD300) who want streaming access without the full cost of a Netflix membership. Netflix hasn’t said how much the streaming-only tier would cost, but we’d assume it would be less than the current entry-level $9-a-month unlimited plan.

A service launched this week unblocks Caller ID information that the caller thinks is blocked, causing concern among those who help abused women.

TrapCall.com lets people rig some AT&T Inc. and T-Mobile USA phones so that if a call comes in with blocked Caller ID and is rejected, it rings again, this time displaying the number of the caller.

The basic service if free. The Web site charges for plans with more advanced services, like call recording and Caller ID with name.

The Web site said the service can be useful for people who get harassing phone calls.

But Becky Moreno, victim assistance coordinator at the Warsaw, Ind., police department, said TrapCall could be troublesome for victims of abuse. They, or their representatives, often block Caller ID when reaching out to abusers. Victim centers sometimes block their IDs when they call victims as well, so abusive partners won’t know who’s calling.

Calls with blocked Caller ID have never been perfectly anonymous. Calls to 1-800 numbers are unmasked, for instance, because the recipient pays for the call. This appears to be the loophole used by TrapCall. TelTech Systems, the company behind the service, did not return a message for comment Wednesday.

Fittingly, TelTech has a solution for those who need to stay anonymous: SpoofCard, a service that lets callers assign a fake Caller ID when calling.

Facebook has removed more than 5,500 convicted sex offenders from its social networking Web site since May, Connecticut’s attorney general said Thursday.

Richard Blumenthal said the world’s largest social networking site, which claims to have more than 175 million active members, reported to his office that 5,585 convicted sex offenders were found on the Web site and removed between May 1, 2008, and Jan. 31, 2009.

“The message in this number is Facebook has an equal stake in solving this problem of protecting children,” said Blumenthal, who along with North Carolina Attorney General Roy Cooper has led an effort remove sex offenders from the social networking Web sites.

“They have an equal stake in the predator problem and its solution.”

Earlier this month, rival networking site MySpace announced it had removed 90,000 sex offenders in a two-year period.

Security researcher Charlie Miller has exposed a security vulnerability in Google’s open source Android platform that could enable hackers to take control of a user’s multimedia functions.

At the SchmooCon hacker conference, Miller said the bug exists in the multimedia subsystem Android uses for its “Chrome Lite” browser, which was provided by PacketVideo’s OpenCore media library. The exploit is an integer underflow that can cause improper bounds checking when writing to a heap allocated buffer, Miller said.

Miller originally said the exploit could allow malicious programmers to take control of a user’s browser, and he even advised G1 users to avoid using the browser entirely until a patch was released. He later backed off those claims.

Google said it was notified of the flaw prior to the public disclosure, and Android was patched two days later in the source code repository. Google said the patch will be pushed to T-Mobile G1 users at T-Mobile’s discretion, and it was not included in the recent RC33 firmware upgrade.