Saint_Michael
Apr 26 2008, 06:08 AM
QUOTE Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.
Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.
So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes.
Firefox Holes
In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it.
In an actual attack--neither the Safari nor the Firefox bugs have elicited one so far--a bad guy could take over your PC or steal your navigation history.
The latest versions of Firefox--2.0.0.13 on--will stop all five bugs. Mozilla's Thunderbird and SeaMonkey are also at risk (if you have JavaScript enabled), so download updated versions.
Safari in the Wild
Safari 3.1 patches 13 holes affecting Mac OS X, Windows XP, and Windows Vista.
Think you're safe because you don't have Safari? You may have it without realizing it. Apple now distributes its browser with iTunes updates. Forget to uncheck a box in one of these updates, and it's there.
The Safari holes could allow an attacker to trick you into thinking that a fake site is really your bank site, or to take over your PC via a poisoned page. Download Safari 3.1.
Office Bugged Again
Microsoft recently released four patches that fix a dozen dangerous holes in Office. I warned you about one of those holes--a zero-day attack on Excel--in April. Be sure to apply the patches, if your system doesn't install them automatically. Get the four new Office patches and more info. (You are not affected if Microsoft Office 2007 is the version you use.)
No sooner had Microsoft shipped those patches than the company acknowledged the existence of yet another bad Office bug that needs patching. And this one is urgent because some users have already been attacked.
Luckily, Windows Vista, Windows Vista SP1, and the beta version of Windows XP SP3 are not at risk because they ship with a newer version of the affected "Jet" database. But earlier versions of Windows are vulnerable, as are all supported versions of Office, including Office 2007.
Becoming a victim of the bug involves saving two files to your PC's hard drive--one a mail-merge file that uses the database engine. There was no patch at press time. For more information, read Microsoft's advisory. Well no wonder we had those two new Firefox versions so quickly, but I wonder if that will push back Firefox 3's release date at all because of those big security holes that have been found. Well I figured it would just be a matter of time before Firefox started to have its underground hackers go after it and so I would assume that Firefox 3 will be receiving a lot of updates once the final version is release. Of course, I can't talk about this without mentioning the other side that the mozilla team has spent about two years and some change on this version of the browser, but to do an 180 once again, they mostly focus on the memory issues that I am aware of so there could be some security holes they they might have missed. As with safari I am not surprise just because they lack a lot of the security features needed to have a secured browser, but I guess after these attacks Apple will be thinking about adding some security stuff to safari in later editions. The same with Office as that software has always had security holes in them, reminds me though that I should update office 2003 on my vista computer just to make sure about that.
Reply
bluedragon
Apr 26 2008, 06:36 PM
Thanks for the info m8.  But I am going to stick with Mozilla.. I think My IE is somehow corrupted.. (I was experimenting with something when it just sort of ate my IE) I think its not much of a deal if you are careful with what you are downloading and running on the internet  . but then Ofcourse most of us just press Yes/Okay to almost every alert that we see..  I've listed two articles for ppl interested to see how the Vulnerabilities work .. 1.) http://sunbeltblog.blogspot.com/2006/04/ps...exploit-in.html2.) http://www.theregister.co.uk/2005/05/09/fi...x_0day_exploit/
Reply
Similar Topics
Keywords : hackers, focus, efforts, firefox, safari, office
- Mozilla: Firefox Plugin Shipped With Malicious Code
(2)
Opera, Firefox Bug Could Reveal Web Travels
(0) OH NO!!! (sarcasm there) QUOTE A flaw in the way the Firefox and Opera browsers
handle an image file could allow an attacker to see what Web sites a person has visited. The
problem concerns how the two browsers handle a ".BMP," or bitmap, image file, according to an
advisory written by Gynvael Coldwind of Vexillium.org, who posted a video illustrating the problem.
A malicious bitmap file can be created that pulls other information from the browsers' memory.
Some of the information that can be captured is random, but at other times could be valuable....
Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?
(4) I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
(my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
Internet Explorer to my default browser and won't let me change certain things which browsers
will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="....
Firefox Flaws Galore
(7) Well it seems firefox flaws are becoming a popular now, the two flaws that have been reported all
follow the same protocol that had posted about before; QUOTE The flaw lies in Firefox's URL
handler component.. Like the first flaw, this one could be exploited by attackers to launch
programs on the victim's PC without authorization, said Tyler Reguly, a security research
engineer at nCircle Network Security Inc. "They're both related to the URL handling process," he
said "It's just different errors within that handling process." So far it would se....
Interesting New Ie - Firefox Bug ( A Must Read Asap)
FF 2.0.02 and up users need to know about this (3) Well it has finally happen and strangely enough I didn't really think about it until now, but it
seems a security team found a very high level bug that requires both Internet Explorer 7 and
Modzilla Fire Fox. This is the jist of the bug; QUOTE The root of the matter is a Firefox
uniform resource identifier (URI) that allows Web sites to force Firefox to launch with the
"firefoxurl://" URI, Secunia reported. The way in which the URI handler is registered by Firefox
causes any parameter to be passed from IE (or another application) to Firefox when the "firefoxurl....
Microsoft Update Program Being Used By Hackers
(6) Although I am bit surprise that no one really take about way back then, but it seems the hackers and
crackers I starting to use the microsoft update downloading to transmit there malware and torjans to
compromised computers. The reason being is that the Microsoft update program bypasses firewall
security protocals and so when that malware is getting download, your firewall and virus programs
will not pick it up. I know a few people turn it off and either download them manually or don't
download them at all. So to toss out a warning, when you get he windows update ....
Spammers, Hackers Seize On Virginia Tech Shootings
(3) Ok to me I consider the sickest form of human idiots ever, bad enough you have some people mocking
the shooter but now you got people using spam and hacking computers by using the Virginia Tech
shootings, This person should be found and beating for using a tragic event like this and trying to
profit from it. The spam/hack goes like this QUOTE If clicked, the link caused a computer to
automatically download a malicious screensaver, called TERROR_EM_VIRGINIA.scr by Sophos, which
installs a Trojan horse program that collects banking details, Cluley said. It was a....
Myspace Has A Team Of Hackers
(7) I found this to be very interesting, a group of hackers routinly attack Myspace to find flaws and it
looks like they have already started finding them /laugh.gif" style="vertical-align:middle"
emoid=":lol:" border="0" alt="laugh.gif" /> I find it funny that they actually told Myspace that
they were going to do this, although I doubt they could find them anyways. /laugh.gif"
style="vertical-align:middle" emoid=":lol:" border="0" alt="laugh.gif" /> But again they already
found one which has to do with the url set up of which I won't post because of the legality o....
Windows Crashing. Can't Use Opera Or Firefox
deleted files in temp folder (3) Windows has been acting strangely by now, it freezes/clogs badly, I can't use Opera, MF or
continue my tutorials due to this problem. It gets on my nerves as I think it was MY problem because
I deleted MOST of the files in the Temp folder. CODE (Start>Run...>%Temp%)
That folder, most of the files were deleted by me. I consulted my friend by half-screwed MSN, he
said I "effed me up the arse" by doing that. He recommended me backing up and formatting. I never
did that before so I think it will be most-likely half-impossible for me. And as I d....
Zero-day Firefox Exploit
(5) Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
Whats even more scary is they said they have about 30 other flaws found.......
Firefox Exploit
(0) QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
on what you are running. One of the things the site will do is detect if you have Firefox, and
attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
....
Firefox 1.5 Flaws
For Microsoft User (22) I got this information from mailing list. yesterday I didn't know why my pc always heavy to be
loaded. and now i got the answer read Firefox Flaws For A Simple Way. if you use Mozilla
Firefox 1.5 as your default browser. type Ctrl+Alt+del or open Task Manager. You will see how much
memory being used by firefox. QUOTE(www.informationweek.com) On December 8, 2005, we published
a story that wondered: Firefox 1.5: Not Ready For Prime Time? In response, some 450 (and climbing)
InternetWeek, InformationWeek, TechWeb Pipelines, and Scot's Newsletter readers ha....
Firefox 1.0.7
... firefox! :D (14) To some this may seem a bit late. Firefox has released a new version that covers several critical
issues, and adds more stability. It is a wonderful alternative to Internet Exploer, and offers (in
my opinion) more security because it blocks most spyware. Article:
http://www.mozilla.org/products/firefox/releases/1.0.7.html Fixes:
http://www.mozilla.org/projects/security/k...es.html#Firefox Download:
http://download.mozilla.org/?product=firef...=win&lang=en-US ....
Firefox Has A Big Time Security Flaw
better get the patch (3) just found out on yahoo news that firefox just got a nailed with a big security flaw so a new patch
is out right now for so better download or you might get hacked phreaked spammed and juice all at
the same time.....
Critical Firefox Exploits
How fast can they fix it... (16) Again 2 critical vulnerabilities where discovered/made public last weekend. Critical because
there's no patch yet.... a workaround is to disable javascript... This will be a nice test...
How fast can they fix it? Greetz, Rik©....
? Doesn't G-mail Notifier Work Wit Firefox?
??Why?? (15) Does anyone know ? g-mail Notifier doesnt work on Firefox? It doesnt log u in it jus takz u 2 tha
login PG. Do u know ?. I accually work @ Google so its embarrasin askin hre. ....
Another Firefox Security Update
Firefox v1.0.3 (6) Yes, another update. You can read the fixes at ZDNet or here at the Mozilla Release Notes .
Before installing v1.0.3 make sure that the directory you've chosen to install into is clean and
doesn't contain any previous Firefox installations! (known issue) Greetz, Rik©....
Firefox Security Update (firefox 1.0.2)
Released 23-03-2005 (14) Yesterday Mozilla (foundation) released another security update for Firefox. QUOTE(Mozilla
Foundation) March 23, 2005, (Mountain View, CA). The Mozilla Foundation, a non-profit organization
dedicated to preserving choice and promoting innovation on the Internet, today announced a security
update for its Firefox Web browser. The update is a proactive security release to patch a bug
identified by Internet Security Systems, a premier security research, products, and services
company. No known exploits of the bug have been reported prior to the update's release. ....
Firefox Content Enabling And Disabling
Content checking (1) Where can i find content checking enabling and disabling in firefox like it used to be in Internet
Explorer ? Is there any method to block a particular website by using password? What is the use
of profile setting in firefox. It has shown me only one time, since then I am not able to find
profile setting. Does my problem can be solved by using profile setting?....
Status Bar Spoofing In Firefox
(10) Hi /cool.gif' border='0' style='vertical-align:middle' alt='cool.gif' /> Now that Firefox
get's more popular each day people find more 'bugs' /dry.gif' border='0'
style='vertical-align:middle' alt='dry.gif' /> The next vulnerability was reported yesterday on
SecurityTracker.com: QUOTE A spoofing vulnerability was reported in Firefox. A remote user can
create HTML that, in certain cases, will spoof the status bar. A remote user can create HTML with
an A HREF link in a table, where the table is embedded within an A HREF tag. If the target user ....
Phpbb Hackers
LOL (21) I got an email today: The following is an email sent to you by an administrator of "KORUPTION OWNZ
YOUR S****Y SITE". If this message is spam, contains abusive or other comments you find offensive
please contact the webmaster of the board at the following address: korupted@korupted.com Include
this full email (particularly the headers). Message sent to you follows:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dear members. Your petty website has been hacked. The hacker's
name is Koruption. Next time dont use a outdated verison of phpbb b***hes So im a bit pissed off
and chec....
Looking for hackers, focus, efforts, firefox, safari, office
|
|
Searching Video's for hackers, focus, efforts, firefox, safari, office
|
advertisement
|
|
