Free Republic

E Flaw Exploited Security firm identifies exploit technique for known browser hole. Matthew Broersma, Techworld.com Friday, January 07, 2005 Internet Explorer has become an even bigger security risk--even under Windows XP SP2--with the publication of a new and extensive exploit. Advertisement Security researchers have warned that the exploit, which takes advantage of known loopholes in SP2, could allow an attacker to run script code on a user's system via a specially crafted Web page. Known Hole The holes involved have been known publicly for more than two months, but previous exploit techniques required the user to take actions such as...

For a market segment Microsoft was said to have won decisively in the mid-1990s, the company spent a lot of time in 2004 putting out fires on the browser front. Like the ghost of the Netscape browser rising to haunt its slayer, Firefox emerged with a vengeance from the Mozilla open-source group, which was founded by Netscape in 1998 and last year spun off by parent company Time Warner. Firefox started off the year a prerelease, name-challenged project by a group that had lost much of its credibility after chronic delays and significant setbacks. But Firefox ended 2004 as a...

Users have a lot to worry about when downloading and playing media files. Are the files legal? Can their computers play the required file formats? Now there's yet another problem to add to the list: Will a media file try to install spyware? When Windows Media Player encounters a file with certain "rights management" features enabled, it opens the web page specified by the file's creator. This page is intended to help a content providers promote its products -- perhaps other music by the same artist or label. But the specified web page can show deceptive messages, including pop-ups that...

Search engine operator Google has blocked ads that attempt to exploit security holes in the Internet Explorer. In the past few days, Google has been displaying context-sensitive ads on the right margin from its program partner AdWords that link to sites with dangerous JavaScript for various search terms such as "Preisvergleich" (price comparison) and "Gebraucht PC" (used PC). If you clicked on one of the links in the Internet Explorer, a JavaScript attempted to install spyware on your system. And the normal list of hits also included a lot of sites with Trojans. This Monday, Google reacted to the problem...

Modest pioneer: Blake Ross. At 7, he was a computer game addict. At 17, he made the breakthrough that created Firefox. At 19, he is a student of computer science (DAVID ADAME) Is this internet prodigy about to knock Microsoft off its pedestal?By David AdamsA Miami teenager has created a free web browser that has been called Bill Gates's worst nightmare   A MIAMI teenager is basking in the glory of helping to create a new internet browser at 17 that is now challenging the grip of Microsoft, which once held a virtual monopoly on web surfing.Computer analysts say...

eBay (EBAY:Nasdaq - news - research) is dropping its support for Microsoft's (MSFT:Nasdaq - news - research) authentication service, the auction company announced this week. By late January, eBay users will no longer be able to log into the auction site using Microsoft's Passport system, eBay said in a post on its announcement board for users. eBay also will stop sending alerts to buyers and sellers' computers and mobile phones through the software giant's .Net service. eBay spokesman Hani Durzy declined to comment on why the company decided to drop support for Passport. But in a report by Reuters, Durzy...

A new Trojan horse - named Phel - that punishes users of Microsoft Windows XP operating system is in the wild. Security software firm Symantec has issued a bulletin warning Windows XP users to be on the look out for the program, which is distributed as an .html file. The malicious code can attack systems running XP Service Pack 2. The vuln was first found in October, and Microsoft is busy trying to catch up to it. "Microsoft is taking this vulnerability very seriously, and an update to correct the vulnerability is currently in development," the company told ComputerWorld....

A trio of new and unpatched vulnerabilities in Microsoft Windows were made public on security mailing lists over the weekend, nudging some security vendors to alert users that their systems may be open to attack and hijacking. The vulnerabilities, first reported by a Chinese group and then posted to the Bugtraq mailing list, are in Windows' LoadImage API function, its animated cursor files, and in the way it handles help files. All of the bugs are as yet unpatched. All currently-supported versions of Windows -- Windows NT, 2000, XP, and Windows Server 2003 -- are affected by the three flaws,...

BRUSSELS, Belgium - A European Union court ruled Wednesday that Microsoft Corp. must immediately divulge some trade secrets to competitors and produce a version of its flagship Windows operating system stripped of the program that plays music and video. The 91-page ruling effectively thwarts Microsoft's attempt to delay, pending appeal, implementation of the EU's landmark antitrust decision in March that demanded changes in the software giant's business practices. The implications for Microsoft are huge, though the company did not immediately disclose whether it intended to offer a version of Windows without the Media Player in Europe alone or more broadly....

Spyware used to be defined as applets, cookies or any other method used to collect statistics on your browsing habits. Gone are the days of such a benign interpretation. Spyware has evolved into a problem that surpasses those posed by traditional worms, viruses and Trojans. Today, these once relatively innocuous apps have evolved from anonymous, and often invisible, traffic statistics gatherers into beasts capable of crippling your PC's performance by installing unwanted toolbars, pop-up ads, desktop icons and many other nuisances. If that's not bad enough, some Spyware will modify system files, change security zone settings, keylog your sessions, spawn...

December 19, 2004 New Microsoft Patch Blocks Firefox Downloads by Scott Ott (2004-12-19) -- Microsoft Corp. today released a new security patch for its Internet Explorer (IE) web browser which prevents users from accidentally or intentionally downloading the new free, open-source Firefox browser from The Mozilla Foundation. "Firefox is a dangerous and contagious browser that could seriously jeopardize marketshare ," said an unnamed Microsoft spokesman. "Unless consumers take action to block Firefox, it could speed up web surfing and return control of user computers to the users themselves." The source added that Internet Explorer is a superior product because it...

Even SP2 versions of Microsoft's Internet Explorer are vulnerable to a spoofing exploit published yesterday. A vulnerability researcher posted details of a dangerous Internet Explorer (IE) flaw on Thursday that allows phishers to spoof Web sites more realistically than ever before. According to security company Secunia, Paul from Greyhats -- a research group -- has published details of a vulnerability that can be exploited to spoof the content of any Web site. Using the exploit, scammers are able to manipulate all versions of IE, including Windows XP SP2 -- the latest and most secure version of the browser -- and...

Schneier on Security A weblog covering security and security technology. December 13, 2004 Safe Personal Computing I am regularly asked what average Internet users can do to ensure their security. My first answer is usually, "Nothing--you're screwed." But that's not true, and the reality is more complicated. You're screwed if you do nothing to protect yourself, but there are many things you can do to increase your security on the Internet. Two years ago, I published a list of PC security recommendations. The idea was to give home users concrete actions they could take to improve security. This is an...

A security firm named the top 10 spyware threats this week, saying that the secretly-installed software poses an "insidious" threat to consumers and corporations alike. Webroot, which makes end-user and enterprise editions of Spy Sweeper, used its relationship with Internet service provider EarthLink to tally the most prevalent spyware, then selected the worst based on its knowledge of how each works and the damage it can cause. "We use the P-I index," said Richard Stiennon, Webroot's vice president of threat research. "P is for prevalence, I is for insidiousness." Each of the ten spyware programs cited by Webroot was spotted...

New Trojan poses as Lycos spam page Correspondents in Paris December 10, 2004A VIRUS that spies on keystrokes and downloads passwords and bank account details is masquerading as a screensaver designed by internet portal Lycos to attack spammers, an internet security company has warned. Finnish anti-virus company F-Secure said the so-called Trojan horse started to be distributed among emails on Monday. The mail has the subject line "Be the first to fight spam with Lycos screen" and comes with an attachment entitled "Lycos screensaver to fight spam," F-Secure said on its website. Whoever downloads it unwittingly installs a spying programme...

A European security vendor warned Wednesday that most browsers sport a bug that hackers can exploit to spoof a Web site and trick users into trusting bogus pop-up windows. The vulnerability, which Danish security firm Secunia rated as "moderately critical" is similar to previous bugs in browsers that was disclosed in July and September of 2004. Attackers could use it to add content into a trusted Web site's window by, for instance, inserting a fake form in a pop-up window seemingly opened by that site. Affected browsers, said Secunia, include the popular Internet Explorer and the up-and-coming Firefox, as well...

Unprotected PCs Fall To Hacker Bots In Just Four Minutes By Gregg Keizer, TechWeb.com The lifespan of a poorly protected PC connected to the Internet is a mere four minutes, research released Tuesday claimed. After that, it's owned by a hacker. In the two-week test, marketing-communications firm AvanteGarde deployed half a dozen systems in "honeypot" style, using default security settings. It then analyzed the machines' performance by tallying the attacks, counting the number of compromises, and timing how long it took an attack to successfully hijack a computer once it was connected to the Internet. The six machines were equipped...

Phishers tapping botnets to automate attacks By John Leyden Published Friday 26th November 2004 13:55 GMT Computer criminals are making phishing more potent by automating attacks. Anti-Phishing Working Group (APWG) analysts reckon fraudsters are using automated tools and botnets to ramp up attacks. It estimates attacks grew by an average of 36 per cent a month between July and October.Scam emails that form the basis of phishing attacks often pose as 'security check' requests from well-known businesses. These messages attempt to trick users into handing over their account details and passwords to bogus sites. The details collected this way are...

A flaw in Sun's Java Virtual Machine can open up the two most popular browsers, Microsoft's Internet Explorer and Mozilla's Firefox, to attack, security researchers said Tuesday. According to Reston, Vir.-based iDefense and Danish security vendor Secunia, the bug in Java 2 Runtime Environment (JRE), Standard Edition could let attackers bypass the Java security "sandbox" and all security restrictions within Java applets on Web sites. JRE is the plug-in software that establishes a connection between the browser and the Java platform, and makes it possible for Web browsers to run Java applets stashed on Web sites. Hackers using the exploit...

Entropy Squared & conniewFree Dominion November 21, 2004 Under attack President Bush is coming to Canada for a visit on November 30 and December 1. The MSM in Canada is going to paint it as a disaster of some type and many assorted Canadian leftists are planning on protesting his visit. Free Dominion is setting up welcoming demonstrations for President Bush to show him - and all Americans - that all Canadians are not Liberal weenies. Free Dominion has contacts in the U.S. Embassy, who know and trust us, and they are going to feed us information as to where...