Avant Browser 10.1 beta 7

Contains all announcements of Avant Browser releases.

Post Reply #20 by Sergei » Thu Jun 23, 2005 11:19 pm

Sorry; yes, I'm getting the same bug. Sometimes when I click "Picture Viewers/Editors" button it disapperars. Bizarrely, it usually works on images at the right of the page, not the left.

Also I can reduce a picture until it vanishes, but magnifying it doesn't bring it back again!

The image toolbar still hides tooltips, which can become quite irritating.

Also when the menu does turn up it contains an extra icon that doesn't do anything. It looks like an open hand, like the 'shared folder' icon.
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL
Sergei
User avatar
Offline
AvantGuard
AvantGuard
Semi-Guru
 
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Location: Galway, Ireland
Avant Version:
Top

*** AB IS NOT A SECURE BROWSER !!!!! *******

Post Reply #21 by Defenestration » Fri Jun 24, 2005 12:23 am

*** AB IS NOT A SECURE BROWSER !!!!! *******

Not impressed Anderson! AB still requests Favicon over port 80, even though I have set up AB to use port 8080.

This is a security vulnerability because it can expose your real IP address when you think you are using a proxy!

What needs to be done to get this MAJOR BUG fixed ???????


Anderson, You asked for an explanation of how I found out that AB was leaking information and I gave you proof which could not be refuted!

If you don't plan on fixing this *SECURITY VULNERABILITY IN AB* then at least have the decency to reply here as to your reasoning, although there is no excuse for leavining vulnerabilities in apps unless you are somehow profiting from it!!!

I have given you reproducible steps, and I knoiw for a fact that it would take all of 5 (yes five) minutes to fix!

*** AB IS NOT A SECURE BROWSER !!!!! *******

I expect this post to be deleted due to the truthful nature of its content, but I will continue to publish it again, and again, and again......., until it is fixed!

Why won't you fix this Anderson ???????
Defenestration
Offline
Semi-Fan
Semi-Fan
 
Posts: 57
Joined: Tue Jun 08, 2004 10:51 pm
Avant Version:
Top

Re: *** AB IS NOT A SECURE BROWSER !!!!! *******

Post Reply #22 by André » Fri Jun 24, 2005 1:14 am

Defenestration wrote:I knoiw for a fact that it would take all of 5 (yes five) minutes to fix!
How would you know that it would take 5 minutes to fix? What if, to implement it properly, it took 3 hours to do. Have you looked at the source of Avant enough to decide if it is fixable in 5 minutes.

Also, if you are that afraid of someone getting your IP, why not ad somethings like "*favicon.ico" to an ad-block list.

--OR better yet--

Unplug your ethernet cable and uninstall TCP-IP from your computer.
Formerly known as DrDrrae.
Image
I am not a member of the development team.
Please search the forum before posting questions.

Avant Force Wiki || Avant Force Blog
Desktop:
Intel C2Q Q9550 @ 3.7GHz || 8GiBs DDR2 800 @ 435MHz || Asus P5E
112 GiB SSD || 931 GiB HDD || 2x ATI 5770 in CrossfireX || Picture

NetBook:
ASUS Eee PC 1000HE || 1.66 GHz Atom N280 || 2 GiB DDR2 667 || 320 GiB HDD

NAS:
Intel E5200 @ 2.632 GHz || 4 GiB DDR2 800 @ 421 MHz || Foxconn G31MXP-K
5.45 TiB RAID 6
André
User avatar
Offline
Administrator
Administrator
Avantus Maximus
 
Posts: 5787
Joined: Sat Dec 14, 1901 3:19 am
Location: Baltimore and McHenry, Maryland, USA
Windows Version: Windows 7 x64
Avant Version:
Top

Post Reply #23 by Defenestration » Fri Jun 24, 2005 3:41 am

I would know because I have looked at the assembly code of AB, after dis-assembling it (illegal though it may be!).

That's exactly the kind of response I expected from an AB fan/mod! I'm pointing out a serious flaw in AB, and you can only criticise me for doing so.

Granted _DrDrrae_ there are workarounds, but is it really acceptable for an Internet Web browser to have such a big flaw ?

By big, I mean that AB indicates it's sending all traffic through a proxy, but at the same time sending out requests over a port which the user has no control, and witrhout any indication that it's doing something underhand! (which it is!)

I'm sorry, but anyone who defends this kind of behaviour is either being payed by Anderson, or does not respect privacy!!!

I like AB, but at the same time would think twice about using a web browser whose author thinks it's more important to sort out issues like

"Maintain Width/Height ratio when zoom pictures. "

when a security vulnerability is pointed out to him.

I can only ask.....,

"Why are you afraid to fix this Anderson ?"
Defenestration
Offline
Semi-Fan
Semi-Fan
 
Posts: 57
Joined: Tue Jun 08, 2004 10:51 pm
Avant Version:
Top

Post Reply #24 by abfan123 » Fri Jun 24, 2005 4:34 am

Well

Actually

Try to use some proxy server and go to http://whatismyip.com with any browser (Firefox/Mozilla/Opera/Internet Explorer/Avant Browser)

Even if I'm using the "anonymous proxy server" or even "highly anonymous" and programs like ProxyWay,whatismyip.com still show me 2 IPs
1 my real IP and another IP of the proxy server that I'm using

So...
Where's the vulnerability exists?
IE8(Pro), Microsoft Security Essentials
Main PC:
Image
Secondary PC same as primary but with Windows 7 x64 Ultimate as the OS.
abfan123
Offline
Avantus Maximus
Avantus Maximus
 
Posts: 5624
Joined: Wed Jan 26, 2005 4:24 pm
Windows Version: Vista Ultimate x64 SP2
Avant Version: 11.7 build 43
IE Version: 8
Top

Post Reply #25 by gary100856 » Fri Jun 24, 2005 7:39 am

I see a minor flaw. When I move the mouse over an image I get that image menu bar showing up, which is fine. But if I move the mouse over an image and quickly right click the right click context menu comes up but then the image menu bar also shows up, sometimes under and sometimes over the context menu. Although the menu bar disappears shortly anyway if I don't use it, I think it would be better if the image menu bar didn't show up at all if the right click context menu is already up.
Last edited by gary100856 on Fri Jun 24, 2005 8:42 am, edited 1 time in total.
Avant 10.1 build 17
XP pro, IE 6
Kerio Firewall
gary100856
Offline
Fan
Fan
 
Posts: 148
Joined: Thu Dec 09, 2004 9:50 pm
Avant Version:
Top

Post Reply #26 by ytsmabeer » Fri Jun 24, 2005 8:17 am

I just like to now when can we start translating the new parts, 'cause they seem not to be present in the eng.lng
Last edited by ytsmabeer on Fri Jun 24, 2005 2:35 pm, edited 1 time in total.
Frisian translator Avant,Maxthon,Opera,Google,Poptray,7zip,regseeker,paint.net
ytsmabeer
Offline
Newbie
Newbie
 
Posts: 32
Joined: Tue Dec 14, 2004 9:40 am
Location: Fryslân
Avant Version:
Top

Re: *** AB IS NOT A SECURE BROWSER !!!!! *******

Post Reply #27 by robc » Fri Jun 24, 2005 10:04 am

Defenestration wrote:
This is a security vulnerability because it can expose your real IP address when you think you are using a proxy!

What needs to be done to get this MAJOR BUG fixed ???????


I'd say that relying on a proxy as a "security" measure is like putting an opaque bag on one's head and pretending there's nothing out there since you cannot see anything :shock: Even being behind a NAT server is insecure...

That's not to say that bypassing the proxy for favicons if a proxy has been specified is good, but that's definitely NEITHER a security issue NOR a major bug (I, for one, don't use a proxy and probably many other users don't), at most it can be an annoyance for you; if this issue has not been dealt with yet, there probably are other problems to tackle before. If you are so afraid, then block port 80 on your firewall so that no traffic can pass through it and let all http traffic through to your proxy on 8080.
Image formerly known as Image
robc
User avatar
Offline
AvantGuard
AvantGuard
Avantic
 
Posts: 988
Joined: Fri Dec 12, 2003 3:33 pm
Location: Italy
Windows Version: Vista Ultimate SP1
Avant Version: 11.6 Build 20
IE Version: 7
Top

Re: Avant Browser 10.1 beta 7

Post Reply #28 by batagy » Fri Jun 24, 2005 2:11 pm

Anderson wrote:Avant Browser 10.1 beta 7

I will release a new official version once the translations are finished.
Anderson


Really good, thanks, Anderson.

But at the moment we don't have the new language file, or the new strings, which need to be translated. Please send those out to the translators in email.

Regards:
batagy
batagy
Offline
Semi-Fan
Semi-Fan
 
Posts: 52
Joined: Tue May 06, 2003 11:52 pm
Location: Hungary
Windows Version: WinXP SP3
Avant Version: 11.7 build 43
IE Version: IE8.0
Top

Post Reply #29 by Defenestration » Fri Jun 24, 2005 2:42 pm

abfan123 wrote:Try to use some proxy server and go to http://whatismyip.com with any browser (Firefox/Mozilla/Opera/Internet Explorer/Avant Browser)

Even if I'm using the "anonymous proxy server" or even "highly anonymous" and programs like ProxyWay,whatismyip.com still show me 2 IPs
1 my real IP and another IP of the proxy server that I'm using

So...
Where's the vulnerability exists?

I can't speak about other anonymous proxy servers because I don't use them, but when I use Anonymizer as my Anonymous proxy and go to http://whatismyip.com or http://www.ipchicken.com (or any other website that shows your real IP address), only my anonymous proxy IP address is shown, and not my real IP address.

The vulnerability exists because my real IP address is exposed every time a Favicon is requested by AB.

robc wrote:I'd say that relying on a proxy as a "security" measure is like putting an opaque bag on one's head and pretending there's nothing out there since you cannot see anything Shocked Even being behind a NAT server is insecure...

Granted nothing is totally secure, but does that mean you should not use a firewall, AV etc. because they are not perfect ?! Not at all. It just means you should be aware of the limitations. As with all types of security it should be used as part of a layered defence.

An anonymous proxy service allows you to hide your real IP address from the sites you visit through it. You do expose your real IP address to the anonymous proxy servers, but IMO it's better to only expose your real IP address to a single entity than to multiple entities.

robc wrote:That's not to say that bypassing the proxy for favicons if a proxy has been specified is good, but that's definitely NEITHER a security issue NOR a major bug (I, for one, don't use a proxy and probably many other users don't), at most it can be an annoyance for you; if this issue has not been dealt with yet, there probably are other problems to tackle before.

I just don't see how you can say a compromise of your privacy, by your real IP address being exposed (unknowingly to most users unless they are aware of this problem), is not a security issue or a major issue. While you and many others don't use a proxy, there are also many people who probably do use a proxy.

An issue like this should go straight to the top of the ToDo list, and be given highest priority.
Defenestration
Offline
Semi-Fan
Semi-Fan
 
Posts: 57
Joined: Tue Jun 08, 2004 10:51 pm
Avant Version:
Top

Post Reply #30 by hornakapopolis » Fri Jun 24, 2005 3:13 pm

While not joining the argument, and not to put words in robc's mouth, but I think the "no IP address equaling even teensy weensy security" issue is what he's referring to.

Knowing that someone's IP is AOL, Pipex, or British Communications isn't really a security issue, is it? Interchanging the terms security and privacy just seems to happen a lot to me.
hornakapopolis
User avatar
Offline
AvantGuard
AvantGuard
Avantus Maximus
 
Posts: 10997
Joined: Thu Jul 31, 2003 2:09 pm
Location: Ohio, USA
Windows Version: Windows 7 Pro 64
Avant Version: 2014
Default engine: Firefox / Chrome
IE Version: 11
Skin: Stickers
Top

Post Reply #31 by Sergei » Fri Jun 24, 2005 4:45 pm

I agree that this needs to fixed, but by claiming that it must be some sort of plot you're not exactly winning people over by your arguments.

The problem is that not enough people care about this issue. Most people don't value anonymity on the web. Look below here - there's my website address. If you go there you can find my personal phone number. The vast majority of of people aren't concerned, so this flaw has no priority.

But it is a serious flaw. If people think they're anonymous then they should be, even if there aren't many of them. It ought to be fixed as soon as possible.
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL
Sergei
User avatar
Offline
AvantGuard
AvantGuard
Semi-Guru
 
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Location: Galway, Ireland
Avant Version:
Top

Post Reply #32 by robc » Fri Jun 24, 2005 6:42 pm

You cannot be completely anonymous on the Net even if you're using some of the anonymizers out there: the plain simple fact is that somewhere the mapping of your real IP to the "anonymous" one is recorded and can be retrieved, some way or the other. Probably, the maximum "anonymity" one may get is to browse for a few minutes in an internet cafe in another town (better, in another country) while there's nobody in there, then jump on a train and leave for somewhere else :wink: :D :lol: And please, in such a case, don't ever browse to password-protected sites using your true-life account...

I'm afraid the best security nowadays lies in using a fully patched system (whatever the OS, each and every one of them has its own set of problems) behind a dedicated firewall (hardware or IPCop-like) and with "good" browsing habits; the best privacy, using the above system with cookies switched off except for those few cases in which you need them (e.g. online transactions, forums, etc.). Whatever your ISP, there are bound to be logs everywhere, stored for several years at least to comply with the law, so there actually are very few instances in which you may do something that others cannot "trace" if they really want to.
Image formerly known as Image
robc
User avatar
Offline
AvantGuard
AvantGuard
Avantic
 
Posts: 988
Joined: Fri Dec 12, 2003 3:33 pm
Location: Italy
Windows Version: Vista Ultimate SP1
Avant Version: 11.6 Build 20
IE Version: 7
Top

Post Reply #33 by Sergei » Fri Jun 24, 2005 6:56 pm

Amen.
My Cartoons
:
IE7 ][ Windows XP Tablet PC Edition 2005 ][ Avast! Antivirus ][ Kerio Firewall ][ DSL
Sergei
User avatar
Offline
AvantGuard
AvantGuard
Semi-Guru
 
Posts: 2488
Joined: Fri Sep 19, 2003 5:09 am
Location: Galway, Ireland
Avant Version:
Top

Post Reply #34 by André » Sat Jun 25, 2005 4:47 am

Word. In todays internet world, there is no escaping people trying to get your personal information, hacking your computer, etc.
Formerly known as DrDrrae.
Image
I am not a member of the development team.
Please search the forum before posting questions.

Avant Force Wiki || Avant Force Blog
Desktop:
Intel C2Q Q9550 @ 3.7GHz || 8GiBs DDR2 800 @ 435MHz || Asus P5E
112 GiB SSD || 931 GiB HDD || 2x ATI 5770 in CrossfireX || Picture

NetBook:
ASUS Eee PC 1000HE || 1.66 GHz Atom N280 || 2 GiB DDR2 667 || 320 GiB HDD

NAS:
Intel E5200 @ 2.632 GHz || 4 GiB DDR2 800 @ 421 MHz || Foxconn G31MXP-K
5.45 TiB RAID 6
André
User avatar
Offline
Administrator
Administrator
Avantus Maximus
 
Posts: 5787
Joined: Sat Dec 14, 1901 3:19 am
Location: Baltimore and McHenry, Maryland, USA
Windows Version: Windows 7 x64
Avant Version:
Top

Post Reply #35 by Sara » Sat Jun 25, 2005 7:13 pm

What that means is, don't do anything on the net that you don't want someone else to know about. Just as in real life, we have to live our lives as tho someone is looking over our shoulder--the metaphor can be religious or not, as you like. Obviously there are a lot of people who have fooled themselves into thinking that they are truly untouchable on the net--that they can say and do all kinds of things in the virtual world that they would sneak around about in the real world. What happens when the two worlds meet can be disastrous, whether it's a terrorist plan or a pedophile.

While I'm very careful about personal info like credit card #'s I do rely on secure servers when I shop on line and password protect the data on my computer. Beyond that kind of thing I don't do anything on-line that would do damage to anyone in either the virtual or the real world. I might embarrass myself occasionally, but, hopefully, I've never knowingly harmed anyone else. IMHO folks who are out to do harm forfeit their rights to privacy. When people start talking about plots, I immediately wonder what they are trying to hide...............

Just my 2 cents worth....

Sara :D
Sara
User avatar
Offline
AvantGuard
AvantGuard
Avantus Maximus
 
Posts: 6235
Joined: Thu Dec 12, 2002 11:16 pm
Location: Butler, PA
Windows Version: Windows 7
Avant Version: 2014 Build 7
Default engine: N/A
IE Version: IE 10(64 bit)
Skin: Crystal
Top

Re: Avant Browser 10.1 beta 7

Post Reply #36 by tmpusr » Tue Apr 11, 2006 1:39 am

Yes I would have to agree that this bug, while minor in many respects, is a deal breaker for anyone who surfs anonymously, including me. I used Avant Browser for a while and liked it very much but not having the ability to use it with the proxy made me switch to Firefox.
I actually just registered to find out about this and saw this thread so I figured I may as well include myself in the ones that see this as a deal breaker. Great browser otherwise though!

IMHO folks who are out to do harm forfeit their rights to privacy. When people start talking about plots, I immediately wonder what they are trying to hide...............


Maybe so, but that would also mean that people doing no harm also lose their privacy, and why shouldn't law abiding people have privacy?
Thanks,
Paul
tmpusr
Offline
Newbie
Newbie
 
Posts: 1
Joined: Tue Apr 11, 2006 1:33 am
Avant Version:
Top

Re: Avant Browser 10.1 beta 7

Post Reply #37 by abfan123 » Tue Apr 11, 2006 4:36 am

tmpusr wrote:Yes I would have to agree that this bug, while minor in many respects, is a deal breaker for anyone who surfs anonymously, including me. I used Avant Browser for a while and liked it very much but not having the ability to use it with the proxy made me switch to Firefox.
I actually just registered to find out about this and saw this thread so I figured I may as well include myself in the ones that see this as a deal breaker. Great browser otherwise though!

IMHO folks who are out to do harm forfeit their rights to privacy. When people start talking about plots, I immediately wonder what they are trying to hide...............


Maybe so, but that would also mean that people doing no harm also lose their privacy, and why shouldn't law abiding people have privacy?
Thanks,
Paul


As you may see from the changelog of the next beta build , This bug has been corrected quite long ago.
So what's the point to discuss it now?
IE8(Pro), Microsoft Security Essentials
Main PC:
Image
Secondary PC same as primary but with Windows 7 x64 Ultimate as the OS.
abfan123
Offline
Avantus Maximus
Avantus Maximus
 
Posts: 5624
Joined: Wed Jan 26, 2005 4:24 pm
Windows Version: Vista Ultimate x64 SP2
Avant Version: 11.7 build 43
IE Version: 8
Top

Previous

Return to Browser Release Announcements



Who is online

Users browsing this forum: No registered users

ABPro style designed by Statm1