Lots and lots of computer security related news recently, the IE and Firefox brouhaha concerning a high security risk with how IE handles a “firefoxurl://” URI (uniform resource identifier), Haute Secure blocks malware, Microsoft security bulletins and Facebook pimping da crudware baby.
Firefox and IE together brew up security trouble News.com article about the Firefox and IE combo flaw that could allow someone to compromise their machine remotely.
Site Advisor 2.0: Haute Secure Launches To Detect and Block Malware Little review of Haute Secure from Michael Arrington, he says, “Haute Secure launched moments ago: it?s a new browser plug-in that the company says will detect and block malware before it has a chance to infect your computer. The timing couldn?t be better as news spreads of more Windows-based vulnerabilities.”
Haute Secure They block bad sites and then let you decide if you want to allow it or not. Sounds like the UAC feature of Windows Vista, but I haven’t tried it yet myself.
Microsoft Security Bulletin MS07-036 – Critical Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542) This critical security update resolves one publicly disclosed vulnerability and two privately reported vulnerabilities as well as other security issues identified. These vulnerabilities could allow remote code execution on your computer if a user opens a specially created Excel file. Users whose accounts are not configured to run as Administrator will be less impacted than those who do. This is a critical security update for supported editions of Microsoft Office 2000. For supported editions of Microsoft Office XP, Microsoft Office 2003, 2007 Microsoft Office System, this update is rated important. This update is also rated important for the Excel Viewer 2003, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.
Microsoft Security Bulletin MS07-039 – Critical Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122) This critical security patch resolves a vulnerability in Active Directory on Windows 2000 Server and Windows Server 2003 that could allow remote code execution or a denial of service condition. Attacks attempting to exploit this vulnerability would most likely result in a denial of service condition, and remote code execution could be possible. On Windows Server 2003 an attacker must have valid logon credentials to exploit this vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
Facebook found pimping crudware Facebook has become the latest website to be found pushing services that deliver highly deceptive security warnings designed to trick users into buying software. Purveyors of this scam are making use of Facebook Flyers, small ads that get posted on Facebook pages associated with a specific region. At 5,000 impressions for just $10, it’s a bargain.
Categories: Firefox, IE7, Security Tags: Facebook, Firefox, Haute Secure, Microsoft Excel, Microsoft Office, Microsoft Office 2003, Microsoft Security Bulletin, Office XP, Remote Code Execution, Windows Vista
Lots of interesting tech news today, lets get to it.
Universal search: The best answer is still the best answer Google updated their search engine results, they are introducing content from Images, Maps, Books, Video, and News into the search results, and making one big pile of stuff, instead of keeping it separate like they used to.
Making The Switch From Twitter to Jaiku Tired of the downtime Twitter has had lately? In a post from Techcrunch, Duncan Riley talks about people making the switch and some of the tools already available and some they want. He’s not switching, btw, and neither am I, at least not until everyone else does. Mine has been quiet recently, but you can check it here, Jimmy Daniels Twitter microblog.
More Firefox Bloat? Say It Ain’t So, Mozilla Do you feel bloated? Er, I mean, does your Firefox feel bloated? You’re not alone…
New Stuff At My Yahoo Michael Arrington covers the new stuff from My Yahoo. No, not my Yahoo, your Yahoo, no, just read it…
BitTorrent in Focus: TV-series are Hot TorrentFreak says TV is hot online, with 50% of people on BitTorrent downloading TV shows, while TV shows only make up 10% of the available “content”. Interesting, sounds like good news for Joost.
Latest AACS revision defeated a week before release Remember when Kevin Rose lost control of digg? I said they should just give up on the [tag]DRM[/tag] because someone will always be around to crack it for them, well they already have. A new volume key used by high-def films scheduled for release next week has already been cracked. The previous AACS volume key was invalidated by AACS LA after it was exposed and broadly disseminated earlier this month. The latest beta release of SlySoft’s AnyDVD HD program can apparently be used to rip HD DVD discs that use AACS version 3. Although these won’t hit store shelves until the May 22, pirates have already successfully tested SlySoft’s program with early release previews of the Matrix trilogy.
Google to Yahoo and Microsoft: the $1.65 billion was worth it Can you say du huh?
Microsoft apologizes for Halo 3 problems, extends beta The press invites sent out before the Halo 3 beta became widely available were the calm before the storm apparently, as there was a problem with gamers who had the Crackdown invites grabbing the file yesterday. Frank was caught up in the foolishness and it seemed like the entire Internet was going to come down. I know how hard it is to plan something this big, but seriously, this is Microsoft. They should have been better prepared. Now we’re at the point of apologizing, after a very unhappy player-base spent a frustrating day yesterday pulling out their hair waiting for the beta to become available.
The focus at Mix’07 has mainly been Microsoft Silverlight, the only other thing I can remember off of the top of my head is the mention of a Vista Gadget from Disney, but I am behind in my RSS reader. Ars Technica has posted an article about a post from Chris Wilson on the Internet Explorer blog, but, the site won’t come up for me, so I am just referencing the Ars Technica site.
While details may be lacking, the structure of the conferences planned for Mix’07 gives a few hints. Improvements in RSS, CSS, and AJAX support are all being given high priority. It is also widely speculated that IE 8 will include support for microformats, small tags embedded in HTML code that can be interpreted in various ways by software, such as calendar events or contact information. Microformat support is scheduled for Firefox 3, so IE 8 will have to include them in order to keep up. The new version may also include more options for user interface customization, as that was one of the biggest criticisms of IE 7, and one which the developers often blamed on lack of time.
The fact that there will be an IE 8 at all is a testament to the fact that the web browser market has become competitive again. When IE 6 finally vanquished Netscape, the team that created Microsoft’s browser was largely thrown to the winds, and development slowed to a crawl. It took Firefox gaining a ten percent market share to cause Microsoft to respond with IE 7. Source: Microsoft drops hints about Internet Explorer 8
At least we know Microsoft is working on the next version of IE, that is a good thing…
The folks over at Read/Write Web just posted an article, Web Browser Face-off, comparing web browsers, including the recent upgrades, IE7 and Firefox 2.0. It’s more of a “roundup” than a face-off, this is not a big review of each browser, just a comparison of their pros and cons. They look at [tag]IE7[/tag], Firefox 2.0, [tag]Safari[/tag], [tag]Opera[/tag], [tag]Flock[/tag] and [tag]Maxthon[/tag]. Anyway, if a good quick comparison of web browsers with no one picked as a winner is what you are looking for, read on.
The last few weeks have been packed with browser action and the two market leaders, Internet Explorer and Firefox, have launched major new versions. So to round out our recent browser coverage, we present the Web Browser Face-off – looking at how all the main browsers compare with each other in terms of features and innovation. We are basically looking for what is unique, interesting – and missing – in each browser.
Right now Microsoft still holds onto its huge market lead, but Firefox is gaining more ground every month. Probably more importantly, there are other major innovators in the browser space – such as the social browser Flock (a Read/WriteWeb sponsor) and the perennial innovator Opera. The Mac browser Safari of course has many passionate supporters, while new kid Maxthon is one to watch.
Regardless of who will prevail in the ‘browser 2.0 wars’, the users will win. While fighting each other, the browser makers innovate and simplify. They increase our productivity by integrating into the browser web concepts such as search, RSS, OPML, micro formats and more. The core browsers are getting slimmer and faster, while extensions that cover a wide range of services are being developed by external parties. Source: Read/Write Web
Over on PCWorld, they compare IE7 to Firefox 2.0 and come up with a winner, even if their reasoning is because one was first to the table with some of it’s offerings.
Firefox is a global, open-source project, so development has been very swift when compared to Microsoft’s closed-source development of Internet Explorer. We’ve had to wait a very long time between IE6 and IE7, so most users are installing IE7 with high expectations. The good news is that both browsers have seen some significant enhancements in three key areas: user experience, security and web standards. The bad news is that one browser still has better features and standards support than the other.
The better browser is Firefox 2 for two reasons: innovation and ease of use.
Both browsers are loaded with modern productivity features, but while Microsoft is just introducing these features to its browser, Firefox has already had them long enough to refine them, enhance them and make them even easier to use. While Microsoft has added an integrated search box to IE7, Firefox has added auto-suggest query completion and advanced search engine management to its own familiar search box. IE7 can now handle RSS feeds, but Firefox has several options for adding feeds within the browser, a client or your web service of choice. Source: PCWorld
I’m currently using both browsers and like both equally, but I am used to using the big blue E, so my time is mostly one sided, I need to remember to use Firefox. So, i guess I lean more towards IE7 by default, just as some of these people lean towards Firefox. They are both better browsers so you really can’t go wrong.
Ars contacted Firefox to find out if version 2.0 had been released a day ahead of schedule. We were told that “Mozilla has started the process to get Firefox 2 ready for release on Tuesday,” by a Mozilla spokesperson. “Mozilla does not guarantee that any set of files currently found within its Web site or elsewhere will be the final release. Starting tomorrow afternoon, everyone should go through Mozilla’s main channels for download at getfirefox.com or mozilla.com to obtain Firefox, as this is the pathway Mozilla has optimized for the high volume of Web traffic.” Source: Ars Technica
So, don’t download it until tomorrow when they officially release it, or you may end up with some problems you don’t need.
A report from Symantec has stated that Mozilla Web browsers are currently potentially more vulnerable to attack than Microsoft’s Internet Explorer (IE), and it also said that today’s hackers are still focusing their efforts on IE. This makes sense since that’s the largest installed base and a bigger target for hackers, virus writers, etc. Whatever browser has the most users will have the most people trying to hack it, it won’t matter how good their security is, they will still try to find a way to exploit the browser.
Mozilla browsers, such as the popular Firefox, have always been seen as more secure than IE, which has suffered many security problems and exploits in the past. Mitchell Baker, president and chief lizard wrangler of the Mozilla Foundation, insisted earlier this year that all of the Mozilla browsers were fundamentally more secure than IE, and would not face as many problems as IE even as their marker share grows. But Symantec’s Internet Security Threat Report Volume VIII contains data for the first six months of this year that may not agree with this perception.
There is one caveat: Symantec counts only those security flaws that have been confirmed by the vendor. According to security monitoring company Secunia, there are 19 security issues that Microsoft still has to deal with for Internet Explorer, while there are only three for Firefox.
Sure. There are always different ways you can spin stories, and always something that’s not included. From, news.com.
In a posting on it’s website yesterday, Microsoft released some details of their next monthly security bulletin.
As part of the monthly security bulletin release cycle, Microsoft provides advance notification to our customers on the number of new security updates being released, the products affected, the aggregate maximum severity and information about detection tools relevant to the update. This is intended to help our customers plan for the deployment of these security updates more effectively.
One update is critical and concerning Microsoft windows, another is an update to the Malicious software removal tool and one non-security high priority update.
They will also be hosting a webcast where they will answer questions about these bulletins. TechNet Webcast: Information about Microsoft’s [MONTH] Security Bulletins (Level 100) on Wednesday, 14 September 11:00 AM (GMT-08:00) Pacific Time (US & Canada). Click here for more info.
On News.com they added this commentary, “Microsoft’s Thursday notice did not specify whether one of the patches will be for Internet Explorer. Over the last few weeks, several security researchers have come forward with flaws in the Web browser. Some of these vulnerabilities could let an attacker gain control of a user’s PC.”
This is one of the big ones they should be updating, along with the Windows operating system updates. With more and more people getting online everyday, there’s more and more potential of them getting loaded up with spyware or adware or viruses and helping spread the problem. The web browser nowadays needs to be rock solid, and with more and more people using Firefox or Opera, we are starting to see exploits and problems with them as well. Like this one concerning Firefox,
“A new, unpatched flaw in that affects all versions of Firefox could let attackers surreptitiously run malicious code on users’ PCs, a security researcher has warned. The security vulnerability is a buffer overflow flaw that “allows for an attacker to remotely execute arbitrary code” on a vulnerable PC, Ferris said. An attacker could host a Web site containing the malicious code to exploit the flaw, he said. Though his proof of concept only crashes Firefox, Ferris claims he has been able to tweak it to run code.”