.comment-link {margin-left:.6em;}
Free Web Hosting by Netfirms
 Web Hosting by Netfirms | Free Domain Names by Netfirms

October 31, 2004

Mighty Happenings Newly discovered Internet Explorer vulnerability (with live demo) suggests safer browsing with Maxthon 1.1.050, Mozilla Firefox 1.0 RC1 or Opera 7.60 Preview 2 plus spyware blues and how Bagle.AB and Bagle.BB can ruin your life If you are still using Microsoft Internet Explorer, Beware! As its a very insecure browser. And discovered vulnerabilities increase by the day. Not that other browsers aren't less at risk. They too can be equally dangerous to surf the Net with. Especially if you allow pop-up windows to open unrestrained. Or web sites to (quietly) install software. Which is why I recommend using browsers that can block ads and script-powered pop-up windows. Browsers like Maxthon, Mozilla Firefox and Opera. The risks of using even fully-updated Internet Explorer installations is well illustrated by Yet Another Vulnerability that affects even Internet Explorer 6.0.2800.1106 (a fully patched and up-to-date version). The new glitch allows faked target-addresses in the status bar of the window. Just mouse over the link below while using Internet Explorer
Click here to visit www.Google.com
to display http://www.microsoft.com/ in the Status Bar instead of the real destination: http://www.google.com. Because this vulnerability can also be included in HTML mail messages. You need to protect yourself either by right-clicking links to view the link's Properties. Or by copying the URL shortcut then pasting it into a new browser window/tab. Do so especially when visiting warez or pornography sites. Looking for alternates? Well you can use Maxthon 1.1.050, an Internet Explorer add-on that offers tabbed browsing, ad blocking, mouse gestures and skinning. The new version, like Firefox and Opera, can install new skins on the fly. Access Skinnable.com to preview available skins (in a new Maxthon instance). Then directly download and install them. You can now apply specific plug-ins (e.g. FlashSave) to all open tabs instead of only the active tab. Ctrl+Tab pops-up a Tab navigator overlay. If you (already) use MyIE2. Or have upgraded to Maxthon and are unable to get the drag 'n Drop URL feature to work. This is not a bug. Its caused by an Internet Explorer setting. Go to Tools > Options > Security > Custom Level and enable the Miscellaneous > Drag and drop or copy and paste setting (disabled by a recent Internet Explorer update). The good news about Mozilla Firefox 1.0 RC1 is its more secure than previous versions. Plus the Password Manager can have a master password to improve security for shared computers. Other improvements include a small, more optimized 4 MB download. The download manager dialog too has improved and displays the defined default download folder size. But the bad news is that many Extensions no longer work consistently with the new build. Even after applying various hacks to either the browser version control. Browser configuration files. Or directly to the very extensions themselves. I still recommend giving these hacks your best shot. There's more information available here. These 'application' issues seem linked to Windows user security settings. Because how else would Extensions listed as disabled in the Extensions Manager continued to work. Firefox is available for Linux, Mac and Windows. What I find commendable is that few extensions are platform-specific and work with all versions. You can also read the detailed Release Notes.

Opera 7.60 Preview 2 lists blocked pop-upsI have also been testing the recently released Opera 7.60 Preview 2 (Build 7263) for Windows and Unix. There are several user interface changes to the startup menu, toolbars and menu bars. And the somewhat buggy voice recognition feature is now a separate download, initialized once the feature is enabled within the browser preferences. The first launch startup dialog has been simplified into Internet Suite and Web Browser only. And while block pop-ups is enabled by default, blocked pop-ups are displayed via a separate tabbed icon. Read the complete change log if you prefer to see what's been updated.

CounterSpy scan resultsI'm also participating in Sunbelt's CounterSpy beta. This new anti-spyware tool tries to dig pretty deep into Windows to detect and eradicate spyware including cookies and scripts. It includes separate History-, Process- and Application-level scans. However, so far I haven't been too impressed by the product. Its History scanner has a serious bug and testers have been asked not to use it. Period.

Ad-Aware finds 12 critical objectsUnfortunately CounterSpy is not as efficient as its developers would have testers believe at detecting spyware. Bar more obvious flag-wavers like Ala and Data Miner. It also kept insisting Messenger-Plus (an MSN Messenger enhancer) installed without its adware component was indeed adware. Spybot finds two moreIn contrast Ad-Aware SE 1.05 scanned my computer next and found over 12 critical objects. This updated version now detects data-mining, aggressive advertising, parasites, scum ware, traditional Trojans, dialers, malware, browser hijackers and tracking components. I finally rounded off with a third scan by Spybot Search & Destroy 1.3 TX that detected two more items. But even if you already have both software installed, you'll still need to separately download the updated versions for both products. Its a sad truth about today's Internet is lot less safer than it was about a decade or so ago. And I'm not referring to the flood of spam, with or without infected message attachments. Or the web sites that contain VB Script viruses. But about software that pretends to resolve a problem. But is really the cause of your problems. Take MarketScore, an Internet accelerator to speed up your access to Web sites. Its advertising states "Free Internet Accelerator allows you to surf the Web up to 100% faster." And appears on sites promoting shareware utilities. This app is really an enhanced key logger that intercepts all web traffic, including information entered into forms; secure server or not. This spyware used to be called Netsetter and has been included as a hidden ActiveX control with several adware-supported programs. More details available here. And if that wasn't enough, there's a resurgent Bagle virus infection. I have already received about 60 mail over the weekend from a single unfortunately infected by the virus. Who (apparently) doesn't have an email scanner installed! The new Bagle.BA and Bagle.BB still supposedly attempt to block the Netsky virus. Yet both also harvest addresses from local files then uses these addresses in the "from" field to replicate. Messages sent include a spoofed sender address. And the subject line reads (variously) "Hello," "Thank you!" or "Thanks : )” Once released, these viruses copy themselves to the Windows system directory and open TCP Port 81 for remote access to (your) compromised machine. They then try to download a file and execute it to terminate running security-related processes. However, in an intriguing twist, Bagle.BB only tries terminating running instances of the NetSky worm. While Bagle.BA also installs a file Wingo.exe on infected machines. The Bagle strain was first detected in January 2004. And finally I'd like to thank the few readers who wrote in for my free GMail ID give-away. Sorry folks! The IDs vanished in a matter of days! But you may not want a GMail account. Because besides the exploit that lets a GMail user (mis)use their account as a file storage area. A new one can allow a hacker full access to an account. All you need to gain entry is the user name grabbed via a hex-encoded XSS link that captures the victim's cookie file. So if you do have a GMail account and access it via a public computer, remember to delete all cookies after logging out. That's it for now. Stay Safe! Click Here to Email Me

# posted by seeolfreeloader : 8:36 PM
Comments:

Post a Comment



Links to this post:

Create a Link



<< Home

This page is powered by Blogger. Isn't yours?