Posts tagged ‘firefox 3 vulnerability’

More about Phishing and XSS–avoiding being a victim…and gmail…and google GADGETS

That’s one of the latest and largest holes being exploited.  This article on eBay gives a hint of how it’s done, and one immediate check.  If you’re “talking” with someone online–live or by e-mail–and they mention Internet-based resources or business resources–search them (“Google” them, though that’s hardly the only search machine) and see if they exist.  There are several resources mentioned in that article that don’t; Yahoo Finance was perhaps the one that most struck my attention.

 

Believe it or not, I was going to let that one go.  I’ve seen three mentions so far of this vulnerability–gmail (which I use) and GOOGLE GADGETS.  It’s probably not too smart to use them or for that matter the Google Desktop.   As in, code is written to the browser.  This year, it’s generally been that then a link is deposited in the Startup folder (that one is supposedly fixed) or now in the desktop.  Reboot, or turn your computer back on in the first instance–you’re running someone else’s code.  In the second instance, what’s happened is a link you think you know, you don’t.  Quite likely, you’ll be loading among other things a keylogger.

 

I’m nearly exclusively using the Avant Browser.  I now know what happened while I was down, and why my computer was down when I got back into action.  You don’t have to do something stupid in order to get infected with a virus.  The reason I use the Avant Browser is because it’s easy to turn off Java, Active-X and half the other cool things–which makes it a bit less easy to mis-direct.  I’m also using Zone Alarm.  Note that these are in fact download links, as well, because there was quite a bit of DNS mis-direction apparently going on last week.

 

Oh, and another note.  When the fixes come…let Windows (or Leopard–hell, even Linusx) download and use the fixes.  That’s this Tuesday with 11 scheduled, if I remember correctly.  XP users may actually have or have had only one fix that applied.

–Glenn

August 10, 2008 at 12:14 pm Leave a comment

Current and Important Security News: Firefox 3.0 Vulnerability

The new browser version, which was finally released as non-beta a couple of days ago.  In an extreme surprise, users shouldn’t click on links without all due caution, particularly in e-mails from strangers.  I’d advise not taking candy from strangers, either.  The most likely thing is visiting a rigged website, although it would be possible to trigger any kind of executable from a link, including downloads–my particular gripe with Firefox, because I’ve initiated downloads myself that I could have easily missed if I’d done something by mistake.  I haven’t really poked around a lot to disable the download manager but in this iteration couldn’t do it easily.  As is I’m completely sold on Avant.  I also find myself nearly regretting I’m saying that, because if it becomes deservedly popular it’s going to get heavily attacked.

 

This bug was also present in 2.0, so while if whatever it is happens it’s rated potentially severe it’s evidently unlikely.  Be careful typing in any web names, because a lot of hacking is based on typos (“typo-squatting”).

–Glenn

June 20, 2008 at 2:29 pm Leave a comment