Better Safe Than Sorry

Government warnings about IE

When goverments warn about the dangers of using Internet Explorer you can be sure it's time to seek out a alternative application - a safer surfer.

There is, in no particular order, Firefox, Opera and Chrome as well as other browsers.

Do yourself and others a favour by not using Internet Explorer. It's a security hole.

Why, it's like the Adobe Reader of browsers ;)

Go here for links to two of the afore mentioned browsers or you can search for other browser options.

Adobe Security Issues

Adobe reports that a previously unidentified security hole in its Acrobat and PDF Reader software may compromise vulnerable computers. Malicious programs that evil-doers can use to remotely control these infected systems are triggered by evil PDF files that contain the exploit. Adobe has no patch for this exploit. You are advised to disable Javascript in your Adobe Acrobat/Reader software. To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript." Or download an alternative such as Foxit Reader.

Adobe Reader Critical Vulnerability

It appears the ever popular Adobe Reader (version 9.1.3 and earlier) has a gaping hole that could allow bad people to take over Windows installs. This problem as popped up before. One way to mitigate (but not eliminate) the threat is to disable Javascript in Adobe reader and/or change your browsers behavior to download .pdf files as opposed to view them. You also might want to try the free alternative called Foxit Reader which has a better record when it comes to security issues. Just sayin' . . .

.pdf Fixes Released

Adobe has released a newer fixed version of its Reader application that addresses previously documented problems. Those wishing to upgrade a previous release will have to wait until March 18th.

Those using the popular alternative, Foxit Reader, should upgrade their installed version by using the upgrade link under the help menu:

FoxitReader doing its thing:

Success!

Adobe Reader Vulnerability

Evil-doers are actively exploiting a security hole in Adobe Reader. Users need only open a rogue .pdf file to have their system taken over.

Since Adobe doesn't plan to patch the problem until March 11th, 2009 users should either disable Javascript within Adobe Reader (Choose "Edit", "Preferences", "Javascript", and uncheck the box beside "Enable Acrobat Javascript") or use an alternative to Adobe Reader called Foxit Reader which is available here: http://www.foxitsoftware.com

Opera 9.62 released

The latest version of the safest browser around has been released. You are advised to download and install to patch two security holes that could be used for, among other things, cross-scripting attacks. It is available here: http://www.opera.com/download/

Opera Upgraded to 9.60

Time time to visit http://www.opera.com and download the latest and greatest version 9.60 of the most secure browser.

Patch your Flash NOW

Foxit Reader Security Upgrade

Foxit Reader, a free alternative to Adobe's Acrobat software used for reading .PDF files, has been upgraded. These upgrades recent security holes. Please take the time to download the upgrade from here.

Foxit Reader Upgrade Available

Foxit Reader, a free alternative to Adobe's Acrobat software used for reading .PDF files, has been upgraded. These upgrades plug several security holes. Please take the time to download the upgrade from here.

Lessons Learned

It seems G-Archiver, a third-party tool for backing up Google's Gmail, was/is sending usernames and passwords back to evildoers. The lessons here are simple: Always check online to see if the software you are thinking of using is safe. A simple search should confirm if others have any concerns regarding security, privacy, function or usefulness. Secondly, consider trying open-source software when possible. Since these applications are constantly examined by users for problems you tend to be protected in part from hassles that effect proprietary applications.

How to kill ActiveX

ActiveX is generally a gross security problem waiting to happen within Internet Explorer. Having the ability to kill certain (A few? Some? All but what you really need?) ActiveX controls is detailed by Microsoft here. Or you could use Opera or Firefox in place of Internet Explorer.

RealPlayer Exploit

User of Internet Explorer under Windows are vulnerable to drive-by downloads simply by visiting an evil Web page. As usual, it is an unknown and unpatched ActiveX component that is causing the problem. Note that both Microsoft Outlook and Outlook Express clients are also at risk. Best practices? Uninstall RealPlayer, use an alternative browser such as Firefox or Opera and use another email client such as Thunderbird or Penelope. Those who just can't part with RealPlayer should visit http://service.real.com/realplayer/security/en/ and (when available) download and install the patch. Ryan Naraine over at ZDNet.com has a great write up with info and fixes.

AOL AIM IM BUST

Clear as mud, eh? Internet Service Provider AOL has been informed that its IM client has a flaw that makes it possible for evil attackers to remotely execute malicious code on users computers. Those using Internet Explorer are especially vulnerable. Best practices? Try an alternative such as Pidgin (formerly GAIM).

OpenOffice.org Virus Spreads

A virus written in numerous scripting languages that can affect Windows, Linux, and Mac OS X computers is slowly spreading via infected OpenOffice.org documents. Best practice is, of course, to never accept documents as attachments in email if you were not expecting them. Inform the sender that it is always best to announce attachments before sending. Having a good Anti-Virus and firewall is also an excellent idea just in case nasties end up on your system. Better safe than sorry!

Yahoo Messenger Critical Upgrade

Yahoo Messenger has released an upgrade to fix a known security hole that would allow attackers to execute code on your PC. Please upgrade to version 8.1.0.401 from here: http://messenger.yahoo.com/download.php

Opera 9.21 Released

It's fast, it's secure, it's got widgets and it seems to play any and all media files without choking right out the box - no fiddling with file associations, etc. - nope, just works. Check out the list of features here: http://www.opera.com/products/desktop/

Pidgin 2.0.0 Released

Are you an Instant Messaging freak job? If so, you should be using Pidgin (formerly GAIM) Instant Messaging client. The advantage is that Pidgin can connect with other IM clients such as Yahoo, ICQ, MS Messsenger or AOL AIM so even if your friends all use different IM clients you only have to use one.

Eudora Morphs Into Penelope

Some old (six months) news for those who use an email client cobbled together anywhere but Microsoft. The venerable email client from the early 1990's, Eudora, is no longer being upgraded, patched or otherwise looked at by its creator, Qualcomm. From the ashes comes a new open-source email client dubbed, Penelope, which appears based on the Mozilla branded engine that now powers Thunderbird.

Google: 1 in 10 Websites Unsafe

Especially if you use Internet Explorer as opposed to Firefox or Opera. The chance of being nailed by a "drive-by download" is almost non-existent when using any browser other than Internet Explorer. Do yourself a favour and try a safer alternative.

Flaw Allows Critical Windows Exploit

"Upon viewing a Web page, previewing or reading a specially crafted message, or opening a specially crafted e-mail attachment, the attacker could cause the affected system to execute code," sez Microsoft in its advisory. Using any version of Windows, including Vista, and Internet Explorer could lead to catastrophe merely by viewing a web site. Simply viewing an .html page as displayed by most email clients such as Outlook Express could lead the same result. Best Practices? Consider using another browser such as Opera or Mozilla Firefox and/or another email client such as Thunderbird.

Time to upgrade Opera to 9.10

A recent security hole in any version of Opera prior to version 9.10 should spur you slowpokes into upgrading. If you haven't tried Opera browser you should. Opera is the most secure browser of the big three (Internet Explorer & Mozilla Firefox being the other two) running under Windows. Other features include Opera Voice (voice commands for the browser), & Widgets (mini displays of info you choose) and BitTorrent (ask your teenagers...!). Try it - love it or hate it, there is always Firefox ;-)

Yahoo IM client flaw is patched

If you use Yahoo! Messenger IM client you should immediately upgrade to fix a highly critical breach that opened up. Visit Secunia at: http://secunia.com/advisories/23401/. Yahoo! has the information here.

MS Word Flaw

Don't accept Microsoft Word .doc attachments via email or Instant Messaging unless you are expecting it and you know the sender. Instead, try Openoffice.org why doncha?

Norton Anti-Virus Flaw

A recent update to Norton AV has pooched more than a few machines. If your Norton has been acting up the workaround is here. Perhaps it's time to consider an alternative application?

McAfee Flaw

McAfee's whole slew of consumer products is at risk from a flaw that can expose information stored on Windows PC's. Information is here and here. Perhaps it's time to consider an alternative applications such as AVG Free for virus protection?

MySpace.com + IE Flaw + Known Exploit = Chaos

It appears Internet Explorer is again being exploited by evil Windows Metafile (.WMF) images. Worse, these images reside on MySpace.com with some 50+ million users. This exploit quickly follows the most recent Microsoft Update forcing drastic action from someone.At out-of-cycle patch from Microsoft or a third-party fix from a two-person shop in Guyana all works for me. Until a fix appears use an alternative browser such as Opera or Firefox.

MS PowerPoint Attachment Trouble

If you receive an email from an unknown Gmail address and it contains an MS PowerPoint presentation then delete it.

OpenOffice 2.0.3 Released

This is a must have download that takes care of three recent security holes.

MSN Messenger Worm Spreads

A new worm that seems to be based on an old design (BlackAngel.B / W32/BlackAngel.B.worm) is slowly spreading over the MSN. If you use MSN for chatting only accept files from people and/or sources you trust - even then take all the usual precautions. Best practise is to use a safer IM client such as GAIM for chatting and ONLY chatting - file transfers are best accomplished other ways if you must.

IM Worm Targets Yahoo Users

A worm dubbed yhoo32.explr is spreading across Yahoo's IM network. It forwards itself using the contact lists of people whose computers have already been infected. If installed it hijacks the browser home page steering the users to an evil site that attempts to load spyware.

W32/Ginwui.A Word Trojan

In these trying times why not try an alternative to Microsoft Word such as Openoffice.org?

Opera 9 (Beta) Released

Opera 9 (Beta) is available for you early adopters. It has increased support for .torrent files and Widgets.

Windows Metafiles (.WMF) Exploits

You might add unionseek[DOT]com to your host file. The site is using images, specifically .WMF files (Windows Metafiles), to carry a payload of trojans. Internet Explorer is vunerable, older versions of Firefox and Opera are also at risk but at least they prompt users before they launch external applications ("Windows Picture and Fax Viewer") to view the image. F-secure has the details here: http://www.f-secure.com/weblog/archives/archive-122005.html#00000752. The first I saw of it was at The Register: http://www.theregister.co.uk/2005/12/28/messenger_virus/.

IM Worm 'Chats' to Victims

CNET is reporting a new worm that tricks users on America Online's Instant Messenger to download a .pif file containing a trojan that does the usual evil things. The worm, IM.Myspace04.AIM, appears to respond to keywords. Dubious people asking about possible viruses are assured, "lol no its not its a virus". If this trend continues (oh, it will) make sure you only chat with known users and DO NOT download files unless you have an up to date anti-virus, etc. on your Windows machine. You might also want to try using GAIM IM client.

Opera 8.51 Released

The latest version of Opera, Version 8.51, which patches a nasty security hole and should be downloaded, is available here: http://www.opera.com/download/.

The why's and where for's are here: http://www.opera.com/support/search/supsearch.dml?index=818.

VMware

VMware has released a new free player. This allows for the safe evaluating of beta software or other software distributed in virtual machineswithout any installation or configuration issues. Download the player at: http://www.vmware.com/products/player/

Flock You !

Flock is a new variant of Firefox. In this case the idea is to stuff it full of "social software" such as Flickr and del.icio.us. It also has RSS integration that makes posting to popular browser-based blogs such as Wordpress and Blogger very easy. It looks interesting but as this is the first public beta release it is apt to come crashing down so it sure won't be the default browser right away. Download it from http://www.flock.com/developer/ and provide some feedback to the developers so this puppy improves.

Firefox Vulnerability Reported

Firefox appears to have a problem handling URLs that contain a certain character in the domain name. This can be exploited to cause a buffer overflow. This results in a possible compromised system. The only solution thus far is to "avoid untrustworthy sites". Uh-huh. You may want to switch to your install of Opera until the patch is released. What, you don't use Opera? You've never even tried it? Oh, c'mon, what are ya new? Get it at http://www.opera.com.

Internet Explorer Exposes Clipboard Data

Microsoft's Internet Explorer exposes clipboard data via javascript with no security confirmation. Ever work on your company payroll or other sensitive material in Excel? Did you "copy and paste" any of the data? Anywhere you surfed after that could possibly be collecting that data. There is no fix for this and while it is highly unlikely you will pass data on to evil people you should clear your clipboard before surfing the web. Or use Firefox or Opera instead of Internet Explorer.

Opera 10th Anniversary

Opera browser is ten years old and still geting better. I like it so much I two paid versions: one on my PC and one on my phone. See what the fuss is about and for a (likely) limited time you can obtain a free registration code for your Opera which removes the advertising banner. The party is here.

MS Anti-Spyware Allows Claria Adware?

It appears that Microsoft's Anti-Spyware application now defaults to allowing these well known purveyors of spyware to exist on users computers. For this reason alone we suggest you always run more than one spyware removal application - consider this as the layered defence. Try Spyware Blaster, HijackThis! and Spybot - Search & Destroy.

Netscape 8.0 released

AOL Time Warner has released the latest (and last version) of the Netscape Browser. Based on the Mozilla Firefox 1.0.3 engine (including the security flaws?) this browser also promises to faithfully render sites that presently only view correctly in Internet Explorer. If this is accomplished using any part of the IE engine (can you say Active X) then this browser is a failed attempt. We'll see.

I would have downloaded and tested it but the licence aggreement indicated I would also have had to download AIM IM Client and AOL's Media Player. See below:



For some reason (Corporate Branding) AOL Time Warner has seen fit to bundle these applications with the browser. I consider both security risks and therefore won't try the browser.

Opera 8 Released

Worms Attacking Instant Messaging

Bropia Worm Spread Through MSN Instant Messenger

Classified Military Documents found on Kazaa

Microsoft Indexing Service

No More Internet for Them

Hackers Tune In to Windows Media Player

The 10 Immutable Laws of Security

Google: We've fixed desktop search tool flaw.

Portable Firefox on a USB Drive