R.I.P. AOL Finally Kills Netscape Navigator

AOL LLC has finally pulled the plug on Netscape Navigator, the Web browser that once owned the lion’s share of the market and that was the focus of a landmark federal antitrust case against Microsoft Corp.

In an announcement posted to AOL’s website, the company said it ending development and would cease issuing security updates as of Feb. 1, 2008.

AOL said all support would end in just over a month and urged current Netscape users to migrate to Mozilla’s Firefox.

Researcher: Don’t Trust Google Toolbar

Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday. The problem is that many widely used Firefox extensions, including toolbars from Google, Yahoo, and AOL, do not use secure connections to update themselves, according to Christopher Soghoian, a security researcher.

The Indiana University doctoral student discovered the Firefox issue last month while examining network traffic on his computer. He noticed that many of the most popular Firefox extensions are not hosted on servers that use the very secure SSL Web protocol.

Although the corporation behind Firefox, Mozilla, hosts the majority of Firefox extensions on its own SSL-enabled Web site, it is common for commercial extension-makers such as Google to host their software on an unsecured site, Soghoian said in an interview.

This leaves users vulnerable to a “man-in-the middle” attack, where Firefox could be tricked into downloading malicious software from a site it mistakenly thought was hosting an extension.

It wouldn’t be easy for an attacker to pull this off, however. In one scenario, the hacker would set up a malicious wireless access point in a public area where people are using wireless connections. He could then redirect extension update traffic to a malicious computer. “An attacker who sets up a wireless access point can then infect anyone who connects to it,” Soghoian said.