Page 4 of 4 FirstFirst 1 2 3 4
Results 61 to 77 of 77

Thread: Browsers

  1. #61
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Getting Personal

    Computer & Internet Security News

    28 March 2007
    Web attacks get personal

    By Matt Hines, InfoWorld
    Malware makers are increasingly tailoring their attacks to specific classes of victim, according to researchers with the Internet Security Systems' X-Force team at IBM.
    X-Force experts said that malware writers, phishers, and botnet herders are more frequently using so-called personalisation tools to make their attacks more effective.

    Much like the online marketing companies that gather information to target advertising at individual web users, criminals are scanning readily-available details about people's computers to more easily find victims.

    The approach uses any information that helps determine the right attack, based on factors like:
    browseroperating systemlanguagecache level
    security patch
    IP address
    By combining the more intelligent attack tactic with hard-to-detect Trojan, botnet, and cross-site scripting attacks, cutting-edge criminals are finding plenty of ways to take advantage of end users, said Gunter Ollman, director of security strategy for IBM ISS.

    "With every web page request, people send out a header that describes their browser and also tells you what language the request is being made in and sometimes even the cache level of the host it is running on; there's a lot of information in there, including the IP address of the person making the request," Ollman said.

    30 percent of malicious web sites were already using personalisation techniques by the end of last year.

    "By combining the IP address and all the host details in the browser, we're seeing that attackers build sites that ensure they only use exploits that will work against a specific host," the expert said.

    In addition to determining which version of browser or OS software someone is using, many of the attacks can assess what level of security patch a particular program has in place, according to the researcher.

    Criminals are also loading malware-infected web pages with numerous exploits to assault many different sets of users, with dozens of pieces of code being served up on a single URL.

    Many of the threats are hidden in individual elements of web pages, including Flash files, PDFs and images. Each may contain multiple attacks meant to take advantage of different vulnerabilities.

    Most of the exploits do not deliver spyware, but instead pass along smaller files known as droppers that are less likely to be identified by anti-virus systems that sit quietly but then call out across the internet and draw-in real malware programs.

  2. #62
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Optimized builds Firefox

    If your FireFox feels sluggish with 10.4.9, you might want to give one of the optimized builds for G4-G5-MacIntel a try:

    Use processor-optimized version Some users find better performance with the processor-optimized builds of Firefox 2.0.0.3, available from Neil Lee.

  3. #63
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Safari: spinning pinwheels, performance

    MacFixit: Speeding up Safari: Reducing spinning pinwheels, other performance bottlenecks Slow launching, Stalls (spinning pinwheels) or slowness, Plug-ins, overall network slowness, Change DNS servers.

  4. #64
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Web browsers are new frontline in internet war

    While installing firewalls and antivirus software on your computer may keep it safe from conventional threats such as worms and viruses, these security tools do not inspect data downloaded through browsers - a loophole that attackers can exploit. "The firewall is dead," says Google security specialist Niels Provos.

    New Scientist

  5. #65
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Apple Safari

    Danger Lurks Around the Corner with Apple's Safari
    DATE: 14-JUN-2007
    By Larry Seltzer Security IT Hub

    Opinion: Apple leaves plentiful low-hanging fruit for researchers. Will the iTunes "halo effect" lead many a Windows PC into the afterlife?
    www.security.ithub.com

    MacFixit
    AccelerateYourMac
    MacIntouch
    http://www.apple.com/safari/

    I can finally download files and photos to other than the "Downloads" location.

    Someone said "Find" is new and they like it better (reminds me of FF but in different location, under the Google search field).

    So I guess it is going to take time to learn all the new features.

    Help get the most out of Safari 3 - MacWorld: First Look

    Flaw hunters go off on Safari
    Published: www.SecurityFocus.com 2007-06-12

    Less than a day after Apple released a beta version of its Safari Web browser for Windows, three vulnerability researchers have already found a handful of bugs, many which appear to work against the currently shipping version of the browser for Mac OS X.
    BetaNews: Zero-Day Vulnerability
    www.betanews.com

    All three are critical vulnerabilities, although Apple does not rank threats, as do other browser makers such as Microsoft Corp. and Mozilla Corp. Instead, Apple uses the phrasing "may lead to arbitrary code execution," which is equivalent to the "critical" bug category for Internet Explorer and Firefox.

    "By enticing a user to visit a maliciously crafted Web page, an attacker can trigger the issue which may lead to arbitrary code execution," the Apple advisory said. "This update addresses the issue by performing additional processing and validation of URLs. This does not pose a security issue on Mac OS X systems, but could lead to an unexpected termination of the Safari browser."

    In that message, Apple is referring to the bug dug up by researcher Thor Larholm in just two hours on Monday, Larholm confirmed today in a posting on his blog. "As far as I can tell right now, the vulnerability has indeed been fixed," said Larholm. "I want to congratulate Apple for fixing a serious security vulnerability in such a short time frame. Their usual response time can be counted in weeks to months."

    Two other researchers, David Maynor and Aviv Raff, also posted claims about Safari vulnerabilities on Monday. In an e-mail today, Raff reported that the one bug he spotted has also been fixed. "I've tested the new version by running [the fuzzing tool] Hamachi again. Apparently, this version fixes the vulnerability."

  6. #66
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb QuickTime, FireFox, Opera

    Web Exploit
    at 10,000 Machines and Growing, Security Company Warns

    By Ryan Singel June 18, 2007 | 1:54:50 PM
    Categories: Hacks and Cracks

    More than 10,000 web sites have been infected with a malicious script that redirects visitors to a site installing malware through unpatched browsers, and the number is likely to rise as only 1,100 were infected on Friday, according to Trend Micro, which describes the infestation as the largest attack attributable to a single Trojan downloader.

    The attack started in Italy and largely targets little used web pages whose security is likely lax. The sites are hacked to include a malicious IFRAME tag, which redirects visitors through a computer in San Francisco, to one in Chicago, which attempts to install various forms of malware, including keyloggers, according to Trend Micro.

    Users should make sure their systems and browsers are fully patched, according to Trend Micro network architect Paul Ferguson, though he said the old advice of avoiding untrustworthy corners of the internet seems not be holding anymore.

    "Now almost every time you fire up your web browser, you are going in the bad part of town," Ferguson told THREAT LEVEL.

    The attack is the largest Trend Micro has ever seen of its type, but expects to see more of these in the future.

    As for cleaning up the mess, Trend Micro is looking to shut down the sites that users are being re-directed to, but suspects that the hackers will just find a new target server and update the redirecting address on the compromised boxes.

    "We have thousands of pages serving this malicious redirect and it's hard to identify and contact all these websites," Ferguson said. "It's getting to point we are going to have to blacklist half of the internet."

    Security Fix's Brian Krebs has more on Mpack, the exploit toolkit, being used in this attack, which targets multiple vulnerabilities in software including Internet Exploere, Quicktime, Firefox and Opera.

  7. #67
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Cross-site Request Forgery CSRF

    CSRF (cross-site request forgery)
    CSRF vulnerability—also known as one-click attack or session riding—differ according to vendor.

    With Check Point, the vulnerability allows an attacker to run commands on the Web interface of UTM devices if he or she can get the Check Point user to view a hostile Web page while logged into a Check Point device.

    An attacker can commit various actions with a successful CSRF exploit, including opening up remote access through a VPN tunnel. Through a separate but iteratively worse vulnerability, a logged-in user can also change the administrator password without knowing the existing password, according to Calyptix.

    The vulnerability is somewhat similar to XSS (cross-site scripting), said Calyptix Security Engineer Dan Weber, who headed the research that discovered the UTM device flaw. But, he added, the flaw deserves a class unto itself. While XSS requires the attacker to inject unauthorized code into a site, CSRF merely has to transmit unauthorized commands from a user the Web site trusts.


    To date there are no known public exploits on UTM boxes. And a successful exploit requires the user to have more than one browser window or tab open. If a user is viewing a secure site in one browser tab while visiting a hostile Web page in another tab, Weber said, the hostile page can then submit information through the secure page, which will accept the information as arriving through a secure channel.

    "[The UTM device] can't tell the difference," he said.

    Weber said the problem isn't a JavaScript flaw per se, although JavaScript makes it much easier to exploit. "It's really a problem with the Web site," he said. "But people haven't been paying attention to this until recently."

    Here are the advisory's mitigation steps for non-Check Point devices:

    "1. Use Web management in isolation. Each browser instance should only connect to one device's Web interface. Do not operate multiple windows or tabs when managing a device.

    "As a suggested approach, you could use Firefox to browse the Web while using Internet Explorer to manage only your firewall. You could also run your favorite browser inside of a virtual machine.

    "2. Log out of your Web interface when not using it, and configure its inactivity timeouts.

    "3. Update to the latest version of your product's software. CSRF attacks have only recently gained popularity, so any device more than a few years old is very likely to be vulnerable to them.

    "4. Disable JavaScript. Note that many devices and Web sites require JavaScript to be enabled. Authorizing sites on a case-by-case basis to use JavaScript can significantly reduce this vulnerability. (Please note that there may still be ways of exploiting this without JavaScript, but they generally involve social engineering or a poorly designed web interface.)

    "5. Operate your Web management interface on a non-standard address and/or port. (Please note that this is security through obscurity, and although it may protect you from general attacks, anyone targeting you will likely be able to figure out the address.)"

  8. #68
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Malware sites on the rise

    Six-Fold Increase in hacked sites.

    The number of malicious Web sites has skyrocketed over the past few months, going from 5,000 new ones a day in April to nearly 30,000 a day now.

    "This certainly is a huge increase," said Carole Theriault, a senior security consultant with Sophos, Inc., in an e-mail to InformationWeek. "In June, we saw it climb to 9,500 a day and then this huge jump up 29,000."

    Theriault said there is a two-pronged reason to the remarkable increase.

    One reason is that hackers are increasingly turning away from e-mail as their preferred method of spreading malware and putting their focus on the malicious Web site. In some cases, they are creating their own malicious Web sites, but in most cases they're hacking into legitimate sites and embedded malware into them.

    According to Sophos, researchers are finding 29,700 new infected Web pages every day, and 80% of them are legitimate sites that have been compromised.

  9. #69
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Critical flaw found in Firefox 2.0.0.4

    Critical flaw found in Firefox 2.0.0.4
    by Cyril Kowaliski - 11:24 am, July 10, 2007

    Security research firm Secunia has uncovered a security flaw in the latest version of Firefox (2.0.0.4) that it labels "highly critical." The flaw can reportedly be exploited by malicious users in order to compromise a victim's machine. Secunia describes the flaw as follows:
    The problem is that Firefox registers the "firefoxurl://" URI handler and allows invoking firefox with arbitrary command line arguments. Using e.g. the "-chrome" parameter it is possible to execute arbitrary Javascript in chrome context. This can be exploited to execute arbitrary commands e.g. when a user visits a malicious web site using Microsoft Internet Explorer.
    Secunia says it confirmed the vulnerability's presence in Firefox 2.0.0.4 on Windows XP Service Pack 2, and that "other versions may also be affected." Aside from simply avoiding malicious websites, Secunia CTO Thomas Kristensen tells CNet that system administrators can get around the hole by un-registering or removing the Firefox URI handler.

    Neither Kristensen nor CNet provides instructions for that procedure, however.
    2 comments — Last comment by mac_h8r1

  10. #70
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb FireFox 3

    New URL highlighting feature in FireFox 3 aims to make phishing harder

    By Joel Hruska | Published: July 11, 2007 - 02:37PM CT


    When Firefox 2 and Internet Explorer 7 launched last year, both of them included anti-phishing technologies designed to block (or at least warn users away from) suspected phishing web sites and attacks. Partly as a result of this activity, phishers have stepped up attacks that rely on social engineering rather than relying strictly on approaches that use technology to steal data. From social networking sites to online games, phishers have continued to hunt for targets. A new security approach in Firefox 3 Alpha 7 aims to stop some of these attacks, but its value still depends on the end users' knowledge of how the 'Net is structured.


    The Firefox 3 Alpha 7 build incorporates the Locationbar2 add-on and displays the domain and subdomain information of any given web address while fading other address information to a lighter shade of gray, as shown below. (You can also find the relevant Bugzilla entry on this new feature available here).

  11. #71
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Finger-Pointing Wars

    An Odd Skirmish in the Browser Wars: Is that Vulnerablity in IE or Firefox?

    By Ryan Singel July 11, 2007 | 5:05:48 PM
    So there's a new critical browser exploit in the internet wilds, but this time, there's no real answer about which browser is at fault. Which is to say, there's a whole lot of finger-pointing going on.

    The gist: An internet user browsing with Internet Explorer goes to a page with a malignant link that starts with firefoxurl://. IE passes on this link to Firefox but doesn't check to make sure that the message it is sending on isn't malignant. A crafty attacker can use the hack to do whatever he likes on the targets computer (technically, the attacker can only do as much as the user profile running on the computer). Firefox says it will fix the problem, while Microsoft says its not a problem on their end.

    But that doesn't answer the question of which browser is to blame. Any user running only Firefox is fine. Any user running only IE is fine. Users running Firefox with IE installed are fine. Only users running IE with Firefox also installed are at risk.

    Ryan Naraine isn't wiling to let Microsoft slide:
    If there’s a way for Microsoft to sanitize those inputs to avoid potential problems down the road — with any piece of software sitting on Windows — the company should provide that fix as part of its defense-in-depth approach to dealing with security.
    Ignoring an attack vector that affects your customers — whether it’s your fault or not — isn’t being responsible.

    In this case, Microsoft shares the fault and should follow Mozilla and Apple's lead.
    Brian Krebs takes no sides, but points out the bottom line:
    While fans of both software makers are pointing the finger of blame at one another, one thing seems virtually certain:

    It may only be a matter of time before criminals begin exploiting the confusion to compromise home and business computers running the Windows operating system.

  12. #72
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb password management flaw

    Firefox hit with password management vulnerability

    The folks at Linux.com warn of a new security vulnerability that is said to affect the latest version of Mozilla's popular Firefox browser.

    Quoting a post on the Full-Disclosure mailing list, the site says Firefox 2.0.0.5 suffers from a password management flaw that could allow a malicious website to steal a user's saved passwords. "If you have JavaScript enabled and allow Firefox to remember your passwords, you are at risk from this flaw," the site warns.

    For those interested, Heise Security has put together a proof of concept demonstartion of the flaw that does indeed seem to work on Firefox 2.0.0.5.

    That said, Mozilla's browser isn't the only one affected.

    According to Linux.com, Apple's browser Safari is also vulnerable to the same flaw. The site advises that users either disable JavaScript or not use automatic password management on sites where users can post JavaScript pages.

  13. #73
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb DNS cache poisoning

    Most DNS servers cache queries, or store them in memory, to improve performance. But if an attacker requests a Web address that is not stored in the server's cache, a hacker could flood the cache with false information -- such as the address of a different Web site -- which would then be returned for future DNS queries, Klein wrote.

    That means a user could be directed to a fraudulent Web site, even though the user typed the correct address in their browser. The site could then try to exploit other security weaknesses in a user's PC, or trick them into providing sensitive information.

    BIND 9 flaw

  14. #74
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb

    Retro attack gets new life, worries browser makers
    Robert Lemos, SecurityFocus 2007-08-06

    LAS VEGAS -- On a summer day seven weeks ago, a small group of software architects and network engineers descended on Stanford University, worried.
    “It's bad, really bad. But it will be two or three years before the bad guys are using the attack.”
    - Jeremiah Grossman, founder and CTO, WhiteHat Security
    The group -- which, according to sources, included representatives from Microsoft, Mozilla, Sun Microsystems and Adobe -- had been summoned by a team of student researchers and professors at Stanford's Security Lab.

    The researchers had investigated reports that a critical part of browser security could be bypassed, allowing an online attacker to connect to browser-accessible resources on a victim's local network.

    While previous attacks using JavaScript could send data to a network, the attack investigated by Stanford -- known as domain-name service (DNS) rebinding -- could send and receive data from the local network, completely bypassing the firewall.

    To prove the danger, the Stanford students bought placement for a Flash advertisement on a marketing network and found that, for less than $100, an attacker could have hijacked as many as 100,0000 Internet addresses in three days.

  15. #75
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb iTunes + Quicktime

    iTunes Users Prey to Old QuickTime Vulnerability
    QuickTime plus Firefox equals danger

    Mozilla is scrambling to fix a vulnerability related to the Firefox browser that poses a serious danger for users who also have Apple's QuickTime installed.

    Whoever needs to fix code, however, should get going, intimated Greenbaum. Seconding yesterday's take by the DeepSight alert - which said in-the-wild exploitation is likely, and soon - he said: "Mpack, and other hostile drive-by attack kits are always looking for new exploits."

    Until fixes are in place for QuickTime, Firefox, and other affected applications, Symantec recommends that users update anti-virus software and browse with the fewest user privileges possible.

    eEye Digital Security, however, went much further in its advice. "The best form of mitigation is to disable the QuickTime plug-ins for each affected browser: IE7, Firefox and Opera," the California security company said.

    One of the best ways for Firefox users to protect themselves is to install the NoScript Firefox extension. NoScript allows JavaScript, Java and other executable content to run only from trusted domains of the user's choice and guards the "trust boundaries" against XSS (cross-site scripting) attacks. Another way for users to protect themselves is to simply uninstall or disable QuickTime runtime, he said.

    "The first method is a lot faster and more transparent to the user," he said, but it's only Firefox-specific. The technique used for Petkov's proof of concept can be applied to Internet Explorer, Skype and any other application that has protocol handlers associated with the underlying system, he told eWEEK.

  16. #76
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Browser plug-in bugs

    Hackers milk massive increase in browser plug-in bugs

    Plug-in vulnerabilities triple in first half of '07, Symantec says


    September 17, 2007 (Computerworld) -- Hackers loosed a record number of malicious code threats in the first six months of 2007, Symantec Corp. said today, with the most dangerous targeting vulnerabilities in browser plug-ins -- the weak link in Web 2.0.

    There's been a massive increase in the number of malicious threats, thanks to automation. In six months, we saw an increase of 185% in the number of samples of malicious code. And they weren't just variants, but entirely new binaries."

    According to Symantec's just-published Internet Security Threat Report, the security vendor tagged 212,101 malware threats.

    Symantec documented 237 plug-in vulnerabilities in the first half of the year, he added, compared with just 74 in the second half of 2006, a 320% jump. ActiveX controls, the Microsoft Corp. plug-in technology that it and numerous third-party developers use, made up the bulk of the buggy plug-ins, but others, including Apple Inc.'s QuickTime and Adobe Systems Inc.'s Acrobat Reader, were also fingered by Symantec. The former accounted for 18 vulnerabilities in the first six months, for example, while two flaws were identified in the latter.

  17. #77
    Join Date
    Jan 2001
    Location
    Mobius Strip
    Posts
    13,045

    Lightbulb Firefox 2.0.0.7 Quicktime patch

    Mozilla fixes Firefox-QuickTime bug

    Mozilla has plugged a security hole that let hackers take over PCs using Firefox and the QuickTime media plug-in. The flaw, reported last week by hacker Petko Petkov, gives attackers a way to run unauthorised commands on a victim's PC. "This could be used to install malware, steal local data, or otherwise corrupt the victim's computer," Mozilla said in a security advisory published Tuesday.

    A July 2007 patch was supposed to take care of this type of problem, but Petkov showed how attackers could still run commands on a victim's system by tricking a victim into opening a maliciously coded QuickTime media file.

    In fact, until Apple addresses the underlying flaw in QuickTime, there still could be headaches for users, Mozilla said in its security advisory. "QuickTime Media-link files could still be used to annoy users with pop-up windows and dialogues until this issue is fixed in QuickTime," the advisory states. The common security measure of disabling JavaScript does not prevent this attack, although the NoScript Firefox add-on does provide protection, Mozilla said.

    "Petkov provided proof of concept code that may be easily converted into an exploit, so users should consider this a very serious issue," Mozilla's security chief, Window Snyder said in a recent blog posting. Mozilla has been able to reproduce this bug only on the Windows operating system, she added. The flaw also affects the Internet Explorer browser, Petkov said on his blog. However, IE's security policies make the flaw less critical on Microsoft's browser, he added.

    The Firefox 2.0.0.7 update was pushed out to users yesterday.
    It contains only one security update: the QuickTime fix.

    Windows Media Player can hack your browser

    The British security researcher who found a way to use QuickTime and Firefox to break into PCs has now figured out how to hack Firefox users via Windows Media Player.

    Hackers can use Windows Media Player files to exploit any unpatched Internet Explorer vulnerability - even if the user relies on Firefox, Opera or some other browser, according to Petko Petkov.
    Last edited by TZ; 09-20-2007 at 07:37 AM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •