Dec 05

Security Issue In Yoono 6.1.0 and earlier

, Updates Comments

Recently there has been a review of Firefox add-ons from a security perspective done by Nick Freeman that was presented at a security conference and covered here.  One of the add-ons cited in the review was Yoono and it unfortunately was highlighted as a security risk.  At Yoono we want to be totally transparent with our users so we wanted to address the issue as it has been picked up by several security blogs online.  Here are a few details:

  • On June 29, 2009 we were contacted by Nick Freeman from Security Assessment about a security vulnerability that he discovered in the version of Yoono that was available at the time, Yoono 6.1.0.
  • Nick did the right thing as as security analyst by informing the developer (us) first before publishing the details of the exploit publicly.  For those who don’t know, this is industry best practice as it gives the developer the chance fix it before any harm is done.
  • Without going into too much detail, the issue he discovered involved visiting a malicious website that presented an image with some code attached.  If a Yoono user shared this image with another user it could cause malicious code to execute on the user’s computer.  A serious issue, but relatively unlikely scenario in practice.
  • As soon as we were notified of the issue we started working on it and fixed it the same day.  We submitted our fix to Mozilla and the fixed version (6.1.1) was available to end users on July 6th as an automatic update.
  • We notified Nick that this issue had been fixed in Yoono 6.1.1.

We take all security issues very seriously and strive to address them as quickly as possible.  Unfortunately Nick’s review has only recently been published online and there are several issues with it from our perspective (due to the publishers of the information, not Nick’s initial assessment):

  • Several blogs have incorrectly cited the version numbers affected – suggesting 6.1.1 or 6.x or “possibly other versions” may be affected.  To be clear, this issue does not affect any version after 6.1.0 and has been fixed since July 2009.
  • Unfortunately readers of these articles are left with the mistaken impression that Yoono currently has this vulnerability because no note is made of when it was fixed or in which version it was fixed.

We are actively contacting blogs that have reposted incorrect information and asking them to change their information where it is incorrect.  But foremost we wanted to set the story straight here with you, our users.  As always, let us know if you have any questions.

The Yoono Team

For reference, here are some of the places this issue was originally published:

http://secunia.com/advisories/37468/

http://www.securityfocus.com/bid/37123/info

http://xforce.iss.net/xforce/xfdb/54417


Dec 24

Happy Holidays!

Updates Comments

We at Yoono wanted to wish our employees, partners and our users a happy holidays and happy new year. Thanks for your support. 2009 is going to be a great year for Yoono!

Yoono Christmas Tree

Sep 16

Yoono Status

Updates Comments

Hi folks!

As you may – or may not :P – have noticed, part of the Yoono sidebar functionality was unavailable for a couple hours earlier today! Unfortunately even the best designed software still has to rely on some kind of hardware equipment… so to make a long story short, one of our -french- load balancers went on strike (yes… it is customary to do so :) ) and it took us a bit of time to convince it to go back to work!

In the end the situation has been resolved and we have taken proactive measures to make sure that this does not happen again!

Thanks for your patience!

Reblog this post [with Zemanta]

Tagged with:
Jul 28

The New ‘News Widget!’

Updates Comments

On Friday, we quietly rolled out our latest version that includes a News Widget. Right now, the News Widget features Google Reader and Digg. Check it out!

Google Reader

We are very excited about this new feature. Now you can get all of your RSS feeds right inside Yoono via Google Reader. All the features of Google Reader are there: Share, post to Facebook, Digg it, save to del.icio.us, Email to friends and add notes.

Digg? Dugg!

The News Widget also has all the hottest Digg stories updated in real-time. You can cruise headlines that link directly to the story, read comments and of course Digg stories, all in the sidebar.

Jul 18

New Yoono Updates

Updates Comments

We’re in SoCal right now for SocialMediaCamp LA, but we had to take some time to tell you about the latest Yoono update that has some key new features that you’ve been asking for. Check ‘em out:

The Mail Widget is here!

Now you can manage your Gmail and your Yahoo mail accounts directly in the toolbar. Now you can surf the web and not have to worry about changing pages to check in on email. (We’ve also added GTalk to our IM clients!!)
email_sb.bmp

New Scroll bar system

We’ve updated the scroll bars to make them more visible and easier to navigate.

sb.bmp

Wrap-text for Status Updates

We heard the status update fields were a little annoying since they could get cut off ;) . We’ve fixed that feature so now all status fields wrap your text.

wt.bmp

We’ve also fixed a few bugs, optimized other small things and added GTalk to our IM clients (did we mention that?) If you haven’t already, download the latest update to Yoono here.

Jun 27

A quick fix

Updates Comments
Music.jpg

Hi you music lovers,
We’ve identifiied a non-systematic bug in the Yoono’s music widget. Our apologies for the inconvenience.
It will be fixed in the next version, that will be released in the few coming hours. Don’t you panick…

However, for those who are encountering problems and can’t stand surfing silently, here’s a quick fix you can download: http://www.yoono.com/quickfix/yoono.xpi

As Snoop would say, beautiful isn’t it?

Aug 07

New features of the Yoono Firefox Add-on

Updates Comments

We are pleased to deliver today a new release of our Firefox Add-on.

Here is a reminder of the new features for the last releases:

The Buzz It! feature just got better, easier to use, by allowing the creation of folders to organize your Buzz.

Buzz FoldersTo be honest, creating and managing several tens of Buzz could become a little tedious when it came to finding one amongst the others… No longer ! Just create folders with relevant labels, dispatch your existing and new Buzz in the appropriate folders by a mouse click, it’s just that easy.
The “Surprise Me” feature has been improved in many ways:

- it will not display twice the same page, as long as you do not reset your browsing history : pages that you have visited will not show up again.

- the algorithm that chooses a random page has been tweaked in order to provide the most relevant page according to the content of your bookmark folder.

- You can ask for a “surprise” based on one of your bookmark folders. Either use a right click on a folder, or click on the drop down menu on the right of the “Surprise Me” button and choose a folder.

- You can check an option to have a surprise each time you launch Firefox.
The Buzz It! window itself was also improved, offering now a keyword search feature for images or videos on MSN, as well as new editing capabilities.

Dec 11

Firefox extension 3.1.0 release.

Announcements, Updates Comments

If you are using Yoono, you probably like to get interesting stuff real fast ? So, here it is, the 3.0.1 release, that has just been validated by Mozilla’s team.
This new release introduces a major feature, the instant ‘blogsearch’ suggestions.

Along with Yoosers and Website suggestions, the sidebar now displays a new section that shows the titles, first few words, ages, and links to blog notes and articles that are related to the webpage you are currently viewing. Notes that are less than 48 hours old are emphasized so that you would not miss the most recent news about what you are reading.

Check it out and discover yet another way of broadening your sources of information !

The look of the sidebar has been improved, and its usability is better than ever even for small width.

It also offers the possibility to erase your Yoono account if you chose to uninstall the extension. Well, we’ve worked hard for that but in the hope it never gets used !
And, last but not least, some bug fixes and improvement on the bookmark synchronization features.

Let us know what you think !

Oct 24

Firefox extension 3.0.3

Announcements, Updates Comments

We are happy to introduce the 3.0.3 release of the Firefox extension.
You will be able to download it from mozilla.org just here. Feel free to let us know what you think.

The main features of this release are:

  • Brand new installation / registration / identification / sharing wizard, so that your yoono experience is smoother. Create a new account or log in an existing account and get your bookmarks back, chose what you want to share with others and what you want to keep private has never been easier.Toolbar can be dropped to the top
  • The toolbar can now be dragged and dropped, so that you can chose its position amongst other toolbars. If that is not enough, you are still able to chose which buttons you want to display, and where to display them.
    Dropping it to the top or the bottom of your browser window is just one click away !
  • Sidebar dropdown menu to chose a sidebarThe sidebar now offers a drop down menu of all available sidebars: the best way to quickly switch from Yoono to History, then to Bookmarks… And what’s cool is that not only Yoono’s sidebar is showing this drop down menu ! They all do !
  • Bookmarks Backup and Restore functionalities ensure that no bookmark will ever be lost !
  • Bookmarks Import and Export functionalities are available in XBEL and OPML formats (let’s have fun with Grazr !)
  • The Yoosers and Links sections in the sidebar can now be re-ordered to your convenience by Drag and Drop, and their positions will be persistent to your next Firefox session.
  • All sidebars links can now be dragged and dropped to the browser and even to an external application (text editor, mail editor, …).
  • Some bugs were fixed, such as the ticker running wildly after some blocking operations (like moving the window around…), identification from an anonymous account, icon sizes, Suprise-me freezing the browser for a few seconds, …

We do hope you like it. Your feedback will be appreciated and helpful.

Jun 28

Firefox extension 3.0.0.1270

Updates Comments

The lastest version of the extension has been approved by firefox team. This version resolves the following points :

  • bug : the open/close state of the ticker isn’t persistant.
  • bug : the creation of personnalized profile doesn’t always work.
  • enhancement : clean uninstall

This version is downloadable on the firefox portal.

Previous Entries
preload preload preload