IBM’s X-Force security team has released a mid-year report(PDF) stating that the number of zero-day exploits is growing at an alarming rate. For those of you unfamiliar with the term, a zero-day exploit is a program that is created and implemented within 24 hours of the disclosure of a security flaw. These exploits usually affect users before they even know the vulnerability exists and long before a patch is made available. The researchers also found that many of these exploits were targeted at browser plug-ins, which most users utilize on a daily basis.

[Kris Lamb], X-Force operations manager, is blaming the problem on a lack of a unified process for disclosing vulnerabilities. He also claims that the long-held practice of publishing example code of vulnerabilities should be frowned upon.

[via Liquidmatrix]

We generally try to limit the number of extensions we install for security, performance, and because we use a lot of different systems. That’s not to say there aren’t a lot of interesting addons out there and Mozilla has recently announced the winners of their Extend Firefox 3 Contest. Lifehacker has a full rundown of each of the winners. Nothing really stands out in our eyes (although we might try Last.fm’s toolbar).

The three extensions we always end up installing are Firebug, Greasemonkey, and Flashblock. What are yours?

Mozilla coder [Aza] is connected to the past and the present: he wanted to celebrate the release of Firefox 3, but pines for the days when one could use small amounts of code to make compelling art. As a way of addressing both things, he has released ContextFree.js, a javascript port of [Chris Coyne]‘s Context Free Art. Users can visit Algorithm Ink, where they can draw various compelling designs with just a few lines of script. ContextFree.js compiles the scripts and turns them into visually arresting geometric designs. Users can also browse through designs made by others, easily save them as JPGs, or even modify them by adding their own bits of code. What’s more, it’s not out of the question to use this to generate random images on a website, creating a unique visual experience for every single visitor. You all know what we want to see, though: JavaScript gurus working some real magic with this. Better yet, said gurus can play around with the core open-source code and make something truly their own on the most fundamental level. Definitely check out the video above to get an idea of how easy this is.

[via Waxy]

Plenty of USB storage keys are on the market, but Ironkey is the first to use military level encryption. Sold in 1GB, 2GB, and 4GB sizes, the key features a processor called the Cryptochip, which uses Public Key Cryptography ciphers linked to an online account to create encryption keys on the hardware. A Federal Information Processing standard 140-2 compliant true random number generator on the Cryptochip ensure that encryption keys are extremely secure and totally random.

Ironkeys come in different sizes, but there are also three different versions, each with unique features. The basic version has a very James Bond-esque feature to destroy the data on it in case of an emergency. The personal version is loaded with Firefox 3 with various addons that make browsing encrypted and anonymous. The enterprise version is made to order with no specific price on the IronKey site, just a form to order one built to your specifications. All of them support Windows, OS X, and a large amount of Linux distros, and they all come in tamper proof and water resistant cases with a brushed metal finish. We tend to think this level of security is overkill for the average person, but people can’t seem to get with our freewheeling approach to security; remember, we leave our WLAN open.

[via LinuxDevices]

TippingPoint’s Zero Day Initiative reported a critical vulnerability affecting Firefox 3.0 yesterday. It includes the 2.0 versions as well. It’s unreleased and Mozilla is working on a fix already. Whatever the exploit is, it does require the user to visit a malicious site or click a link to executed. It came in 5 hours after the FF3 release, but since it affects previous versions, we wonder if the researcher was just sitting on it to be first. The Zero Day Initiative pays researchers for the exploits they submit.

[Nick] sent in his quick hack for getting rid of extra menu options in Firefox 3, like the ever useless ‘Work Offline’ option. (OK, maybe modem lovers like it…) If you’re tired of seeing cluttered menu choices that you never use, [Nick]‘s simple trick of editing the XML formatted XUL files in Firefox to clean things up. There’s some risk involved, but it’s nothing that a quick re-install can’t repair. The writeup includes a basic introduction to the XML tags, so you can probably do it. You can use a text editor right? (Just don’t forget to have the installer or a backup copy handy before you start playing around.)