MalwareTeks Blog

Firefox 2.0.0.10 has been released to fix multiple vulnerabilities in the popular open source web browser.

What’s New in Firefox 2.0.0.10
Release Date: November 26, 2007
Security Update: The following security issues were fixed.
MFSA 2007-39 Referer-spoofing via window.location race condition
MFSA 2007-38 Memory corruption vulnerabilities (rv:1.8.1.10)
MFSA 2007-37 jar: URI scheme XSS hazard

Earlier Changes: For information about previous changes, please see the Firefox 2.0.0.9 Release Notes.
Firefox 2 Features: For an overview, please see Firefox 2 Features.

Secunia Advisory: SA27725 Mozilla Firefox Multiple Vulnerabilities

Firefox users should immediately upgrade to 2.0.0.10.

Once again found on Digg Are you Spyware Savy. OK you got me curious. So, I check out the blog post at Bauer-Power: Information is Power!

So, quickly scanning the page this passage just jumps right out at me:

2. What are browser cookies?

Ans: These are created by unethical persons to track your browsing preferences for their own use, to spam your pc with advertisements and marketing ploys, to steal personal information like bank account details, credit card numbers and so on, and to cause harm to your computer and business by stealing data/files.

Now, this guy clearly didn’t write this article himself, since Windows Defender Beta 2 is referenced later in the article.

Back to the subject of this article the HTTP Cookie, or Browser Cookie, or just simply Cookie That is one piece of Super Spyware to do all that. As, I stated in an earlier article, It’s a Cookie, Just Delete It!

Cookies are simple pieces of data unable to perform any operation by themselves. They are neither spyware nor viruses. Cookies are not program code. They cannot erase or read information from the user’s computer. However, cookies allow for detecting the Web pages viewed by a user on a given site or set of sites. This information can be collected in a profile of the user. Such profiles are often anonymous, they do not contain personal information.

Here are a few Myths about Cookies:

• Myth: Cookies are like worms and viruses in that they can erase data from the user’s hard disks;
• Myth: Cookies are a form of spyware in that they can read personal information stored on the user’s computer;
• Myth: Cookies generate popups;
• Myth: Cookies are used for spamming;
• Myth: Cookies are only used for advertising.

What exactly is a cookie? HTTP cookies, sometimes known as web cookies, tracking cookies, or just cookies, are small text files sent by a server to a web browser and back unchanged. Cookies are used for authenticating, tracking, and maintaining specific information about users, such as site preferences and shopping cart contents.

There are some privacy concerns around the use of cookies. They can be used for tracking browsing behavior. As a result, they have been subject to legislation in various countries such as the United States and in the European Union. Cookies have also been criticised because the identification of users they provide is not always accurate and they could potentially be used for network attacks.

Cookies are also subject to a number of misconceptions, mostly based on the erroneous notion that they are computer programs. In fact, cookies are simple pieces of data unable to perform any operation by themselves. They are neither spyware nor viruses, despite the detection of certain cookies by many anti-spyware products.

To delete cookies:

Internet Explorer Users
1. On the Tools menu, click Internet Options.
2. On the General tab, click Settings, and then click View files.
3. Select the cookie you want to delete, and then, on the File menu, click Delete.

To delete all of the cookies on your computer, click Delete Cookies on the General tab.

Firefox Users
On the Tools menu, Options, clicking the Privacy button, and under Cookies click the Clear button.

Opera Users
Can manage, disable, and enable cookies by clicking the File menu, Preferences, and selecting Privacy.

Note
Some Web sites store your member name and password or other personally identifiable information about you in a cookie; therefore, if you delete a cookie, you may need to re-enter this information the next time you visit the site.

FixIEDef can now be found on it’s very own web page at the MalwareTeks main site: http://www.malwareteks.com/FixIEDef.php

This is the official web page for FixIEDef, and this page may not be mirrored.

If you been following along, many are familiar with the IE Defender discussion at Castle Cops, http://www.castlecops.com/p1017137-iedefender.html#1017137. Previously blogged about, here.

Well, today Andy at Security Cadets, blogged this, Is this the new comedy? IE Defender Related.

Here is what the site looked like yesterday:

Image from Security Cadets.

Today:

The site now displays: IEDefender is coming…
Source: AndyAtHull (securitycadets.com)
Edited: 2007-11-12 12:16 PM EST

Site Live now serving IE Defender:

Whois Information for: xiedefender.com

[whois.estdomains.com]
Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: http://www.estdomains.comDomain Name: XIEDEFENDER.COM

Registrant:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649

Creation Date: 25-Oct-2007
Expiration Date: 25-Oct-2008

Domain servers in listed order:
ns2.xiedefender.com
ns1.xiedefender.com

Administrative Contact:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649

Technical Contact:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649

Billing Contact:
N/A
Alexander (iedefender@gmail.com)
Yborevicha street
Kiev
Kiev Oblast,93000
UA
Tel. +380.993363649

Status:ACTIVE

The data in this whois database is provided to you for informationpurposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this informationavailable “as is”, and do not guarantee its accuracy. By submitting awhois query, you agree that you will use this data only for lawfulpurposes and that, under no circumstances will you use this data to:( 1) enable high volume, automated, electronic processes that stress orload this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of massunsolicited, commercial advertising or solicitations via fascimile,electronic mail, or by telephone. The compilation, repackaging,dissemination or other use of this data is expressly prohibited withoutprior written consent from us. The registrar of record is Critical Internet, Inc.. We reserve the right to modifythese terms at any time. By submitting this query, you agree to abideby these terms.

Same folks, different page.

Over at Geek to go! Sari makes a very excellent case for why grammar and spelling are very important in written communication. Especially on the Internet.

It’s said that you only get one chance to make a first impression. Online, that first impression is made with the written word. What do you want yours to be?

You can read the entire article Geeks Need Grammar too at Geeks to go!

Yesterday while doing my usually rounds which include checking out Digg, is saw a Digg post about Vista blocking Firefox.

Initial reaction, What The …., then I forgot about it as I went back to checking sites and doing some additional research on IE Defender.

So, today here I am, back to what in the world is going on with Microsoft and blocking Firefox. Is there some sort of attempt to keep competing browsers, not running in Windows Protected mode, from accessing the internet? Nope, not even close.

Larry Osterman does a much better job of explaining what is going on, then I ever could. You can read about it in his blog post: Chris Pirillo’s annoyed by the Windows Firewall prompt

Information of how to configure the Windows Firewall, on both XP and Vista, for Firefox can be found in the Mozilla Support Tutorial Configuring Windows Firewall

Enough with the Web 2.0 drivel.

There are all sorts of articles all over the place about Web 2.0, securing your Web 2.0 site, are you ready for Web 2.0; and the like

There is no such thing as Web 2.0. It’s all media hype. The core programs that drive the Internet have not changed. Web 2.0 was a term coined by O’Reilly for one of his conferences that the media seized on, and have hyped beyond ridiculousness.

Web 2.0 is nothing more than fluff, eye candy. Period. End of Story.

So, stop with this Web 2.0 drivel, already.

Long over due rant.

The 2.0.0.8 release fixed some 200 issues, but accidentally regressed a few things. Most users won’t see any difference or experience any problems, and those 200 fixes make the 2.0.0.8 update very valuable, but you should never have to choose functionality over security.

The specific problems are:

• Bug 400406 - Firefox will ignore the “clear” CSS property when used beneath a box that is using the “float” property. There is a temporary workaround JS/CSS code available for web developers with affected layouts.
• Bug 400467 - Windows Vista users will get “Java not found” or “Java not working” errors when trying to load Java applets after updating. To fix this, users can right-click the Firefox icon and “Run as administrator”, then browse to a page with a Java applet — doing this once will fix the problem and permanently restore Java functionality.
• Bug 396695 - Add-ons are disabled after updating. Users can fix this problem by opening their profile folder and removing three files (extensions.rdf, extensions.ini and extensions.cache)
• Bug 400421 - Removing a single area element from an image map will cause the entire map to disappear. There is no workaround available at this time.
• Bug 400735 - Some Windows users may experience crashes at startup. There is no workaround available at this time.

For a list of changes and more information, please review the Firefox 2.0.0.9 Release Notes.

If you are still running Firefox 1.5.0.x, you are highly encouraged to upgrade to the Firefox 2 series as Mozilla ceased supporting Firefox 1.5.0.x in May 2007. Simply choose “Check for Updates…” from the Help menu to begin the upgrade process.

Download Firefox 2.0.0.9 

One of the biggest threats to you and your identity is spyware that can easily be added onto your computer without your knowledge. A key logger is a type of spyware that can be added to your computer and without knowing what to look for, you could never know it was there. A key logger records your keystrokes, all numbers, letters and symbols, and transmits them or saves them for the hacker.

If you make an online purchase from a website, your account information and your credit card number could be recorded by a key logger. Even though you are at a reputable website, you could still be having your identity stolen. You’ve provided the hacker with everything they need to rack charges up on your credit card and you are left unsuspecting. Your computer could be infected with spyware and/or a key logger right now and you probably don’t even know it.

Some spyware is pretty harmless but some of it leaves you and your information completely exposed and ripe for the picking. Some programs can collect all of your activity on the Internet, including messaging conversations, strokes on your keyboard, travel plans, information about you and your family, even photos and files.

To stop yourself from being a victim of identity theft due to spyware and key logger programs, there are a few things you can do.

First of all, ensure that you have ant-spyware installed on your computer and that you keep it updated regularly. Anti-spyware software can detect spyware on your computer and delete it. You should run an anti-spyware on your computer at least every other day, if not once a day. It’s not fool proof because hackers and spammers are always updating their programs to avoid detection - keeping your anti-spyware up to date, and even having more than one can be very beneficial and help keep you bug free.

Install an anti-virus on your computer as well as anti-spyware, and keep your anti-virus updated and on constantly. You should run an anti-virus on your computer at least every other day, if not once a day.

Practice safe sites - be wary when you are on the Internet and only download programs from web sites that you trust. Never allow anything to be installed on your computer via the Internet without first finding out what exactly it is. Keep your working programs, such as your Internet Browser up to date with the newest versions as well.

There are many ways to have your identity stolen online and spyware and key loggers are just a drop in the bucket. You have to be vigilant with your information that you provide on the Internet, even on trusted websites. Taking care of your computer and the software that is installed on it will help to increase your protection, but nothing is for certain. You must keep an accurate track of your finances and notice immediately if anything looks suspicious. Keep a watchful eye on your credit card and bank statements and if anything seems out of place, report it immediately. You should also check your credit report at least once a year from each of the credit bureaus to ensure that all the information recorded on there is correct. Identity theft is serious and it can completely financially destroy you, so be aware, vigilant and wary.

About the Author
Faithe Thomas is concerned about identity theft and online fraud. She designed a website to help victims and pre-victims: http://www.identity-fraud.info

Nowadays, spyware remover software is a must-have software product that is designed to protect your PC from possible online attacks. If your PC is used for work or any other important activities, then you cannot afford not to have one. But how do you choose the right software product? There are many of them out there, and you need to make sure to have high quality application that will do the job.

First of all, spyware and adware are simple programs running on your PC that can send out data to a third party server about your online activities or personal information. As the internet grew for the past 7 years, more people started shopping online and exchange very important information. This has also attracted so called hackers that try to intercept the data being sent from your computer for their own material benefits.

There are a few software applications out there that allow you to scan your PC free of charge, but they don’t always provide updated definitions of all the spyware and internet viruses out there.

Here are just a few tips you should consider before buying a spyware remover software:

- Does the merchant have a proven track record in the industry
- Do they offer a free trial
- The cost of the software compared with prices in the industry
- Features of the software
- Does it have user friendly interface
- Is their spyware and anti-virus definitions database being updated frequently
- Search online for customer’s reviews of the particular product
- Does the merchant offer “Money-Back Guarantee”

Keep in mind that you want the best software on the market if you are using the internet on daily basis, and making lots of purchases online.

To check if the merchant you are buying from has a proven track record, you could perform a search using Google for their business name to verify they are a legit company.

Make sure the company offers a free trial so you can test the software on your computer before you make the purchase. This way you can estimate how effective and user friendly the software will be.

Always compare prices with other similar products. The most expensive one is not always the best choice.

Compare different features of 3 or more software products to pick up some of the most important ones that you need.

Any good spyware remover software has frequently updated database of spyware and adware definitions.

I hope the above tips will help you with your purchase of a good spyware remover or anti-virus software. In today’s online world it’s a must have product that can save you a lot of headaches and money.

Author: Pawel Reszk