December 2007 - Posts
I like and use both browsers and they offer improved security over past versions. A browser's main role is to fetch objects from a web site and present information in a structured format back to the user. There's only so much either product can accomplish, as the ultimate protection lies with the user and their own safety practices.
Below are several interesting links from both sides:
Jeff Jones Blog - Internet Explorer and Firefox Vulnerability Analysis
QUOTE: The report in detail examines vulnerabilities over the past 3 years, breaks them down by severity, looks at version-over-version trends for each browser and finally examines how each browser is doing in terms of unfixed vulnerabilities.
Computerworld - Microsoft and Mozilla trade punches over browser security
QUOTE: Mike Schroepfer, Mozilla's vice president of engineering, also took Microsoft to the woodshed,first criticizing the vendor for not providing a public bug database so that Jones' numbers could be verified, then discounting the figures entirely.
Schrep's blog -Apples, Oranges, and the truth
QUOTE: Bug counts are meaningless, what matters is whether you are at risk or not. Symantec looked at this problem before as has Brian Krebs of the Washington Post. I recently found this up-to-date analysis of data on Secunia which paints the same picture. Firefox is safer than IE.
Web Browser Security Summary
QUOTE: This document will summarize the security vulnerability levels in the three most popular web browsers on Windows. The information was collected from Secunia, a leading computer software security monitoring company. These statistics cover all reported vulnerabilities in Windows versions of Internet Explorer, Firefox, and Opera.
Below is an article recently written for Tech Target:
Disaster recovery for Windows: Four critical success factors
QUOTE: Anyone can take a backup, but can they recover? Even with today's improved capabilities, the actual recovery process continues to be a challenge for IT managers in Windows shops.
On the surface, disaster recovery seems simple enough. All you need are the backup files and similar hardware at another location, right? In some cases, this concept works if you're restoring just a workstation or server. But everyone who has restored a workstation or server knows that sometimes these seemingly simple tasks are more difficult than they should be ...
Four critical success factors
1. Streamline business and technology planning
2. Continuously fine-tune documentation
3. Maintain security at all times
4. Ensure success by actively testing
The storm worm uses innovation both technically and in social engineering tactics. Security researchers anticipate new e-card versions could surface during the holiday season. F-Secure is already reporting two Christmas e-cards that link to malicious sites. They appear to be similar to previous Storm worm attacks in format.
When clicking on these malicious web sites, spyware and viruses can be automatically installed without the user's knowledge if the browser is vulnerable to exploits used in these attacks. Folks should always exercise caution in email, IM, and website usage.
GNC news - Is a holiday Storm brewing?
QUOTE: Hanukkah begins this evening at sundown, and with the arrival of a new holiday season comes a reminder that not all e-greeting cards may contain best wishes. Researchers at MX Logic’s Threat Operation Center warn of a possible outbreak of new variants of the venerable Storm Worm.
“The Storm Worm developers notoriously release variants around holidays that prey on people’s vulnerabilities to open festive greeting cards,” said Sam Masiello, director of threat management at Denver-based MX Logic. “We consider the Storm Worm variants that hit on the Fourth of July and Halloween as a precursor for another variant this holiday season.”
“Internet users should be cautious of opening e-mails that appear to be sent directly from greeting card companies such as Hallmark,” Masiello said. “Legitimate greeting card companies offer ways to open e-cards other than clicking an e-mail link. These include a confirmation code within the message. Users should copy and paste these codes directly on the e-card Web site.”
So have a Happy Hanukkah, a Merry Christmas and a Happy New Year, but think twice before clicking on that link
Some current examples of e-card based malware as noted by AV security firms
F-Secure - Merry Christmas e-card version #1
QUOTE: It's December, and we've already seen the first malware runs using fake Christmas Cards as the lure. In reality, it's a Zapchast mIRC-based backdoor.
F-Secure - Merry Christmas e-card version #1
QUOTE: We've just seen another fake Christmas card malware run. The site prompts the user to download malicious macromedia-flashplayerupdate.exe. We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.
Trend - Season’s eGreetings from Spammers
QUOTE: Spammers would like recipients to believe that these eCards come from a legitimate sender; the From line, which is spoofed, is displaying the name of a reputable company. Interestingly, the mail body bears the phrase “no worm, no virus” to falsely allay users’ fears of infection. But of course, since spammers are not exactly purveyors of truth, users do get infected.
Symantec - Xmas eCard Spam - Malicious Downloader
QUOTE: These eCards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the eCards, which have underlying tricks to try and infect the computer. With the Xmas bells starting to ring, here is the first incidence where Xmas ecards have started doing the rounds. The URL included in the eCards attempts to download "sos385.tmp" file, which is a downloader.
As better anti-piracy measures were originally designed into Vista, a special analysis by Microsoft reveals that the estimated rate of piracy is half that of XP
Piracy rate for Vista is half that of XP
QUOTE: Microsoft on Monday said that piracy rates for Windows Vista are half those of Windows XP. There appears to be a variety of reasons for that, chief among them is probably the fact that Vista machines that are not properly activated become useless pretty quickly when they enter into “reduced functionality mode.”
Amazingly, in a significant change, those with non-genuine or non-activated copies of Vista SP1 will still be able to use their systems. With Service Pack 1, Microsoft is doing away with reduced functionality mode in favor of putting prominent notifications on systems that are not found to be genuine. Non-genuine systems with SP1 will display a warning at start-up that the system is not properly activated.
Microsoft has published an overview of the Windows XP Service Pack 3 features which should be released during 2008 after the beta and QA testing is complete.
Windows XP Service Pack 3 Overview <<< Select this link
QUOTE: Windows XP SP3 combines all previously released performance, security, and stability updates. It also provides a limited number of new and enhanced functionalities, although it does not significantly change the Windows XP experience or bring functionality from newer versions of Windows to Windows XP.
The goals of Windows XP SP3 are to:
* Provide a new baseline for customers still deploying Windows XP, to help them avoid the inconvenience of applying individual updates.
* Fill gaps in the updates users might have missed by declining individual updates when using Automatic Updates, and to deliver updates not made available through Windows Update.
Windows Vista provides the most advanced security and management capability, but for PCs that cannot be upgraded to Windows Vista right now, Windows XP SP3 ensures these PCs have all available updates and allows these PCs to leverage some new Windows Server 2008 capabilities, such as Network Access Protection (NAP).
This article provides a good update related to malicious links being embedded in returned search results. Folks should always avoid unusual links and keep AV/FW protection up-to-date. The current malicious links have domain names ending in "cn" (representing China, although they could be hosted from anywhere and this could change as this sophisticated attack continues).
VIRUS EXPERTS WARN OF 'GOOGLE POISONING'
QUOTE: You might want to take an extra half-second the next time you click on search engine results to make sure you know where you're going. Computer criminals have refined a sinister technique for tricking Web surfers into clicking on infected Web pages, turning search engines like Google into unwitting partners.
It's known as “Google poisoning,” because Google is the biggest target, but it can impact any search engine. Criminals construct booby-trapped Web pages, then dupe search engines into giving them high rankings.
A Google spokeswoman who declined to be identified said the company is aware of the problem and working to keep its results clean. "Google works hard to preserve the quality of our index,” the company said in a statement. “We actively identify sites that serve malware or abuse our quality guidelines in other ways."
No one knows how successful the tactic is, though Eckelberry points out the criminals wouldn't keep doing it if it didn't work. Still, even an attack of 40,000-50,000 fake Web sites still represents an infinitesimal portion of the sites in Google's index, making the odds of any individual consumer encountering a poisoned Google link still quite small. "I don't want people to get scared of Google," he said. “Google is impressive with how quickly they remove bad sites.”
Most users should autoupdate, as v11 was quickly released to address issues associated with the v10 security release
QUOTE: Several readers have informed us on the release of Firefox 188.8.131.52. It corrects a bug that was found in the previous release, Firefox 184.108.40.206.
More Posts « Previous page