BrowserCheck

This Firefox add-on, which also works with other browsers such as Opera, Chrome and IE8, checks your installed browser plugins for outdated versions and allows you to easily download the newer version.

This security plugin to be a mini-Secunia PSI that just checks your plugins such as Adobe Flash, Shockwave Player and Quicktime. A very useful tool to do what normally is a very annoying job.

It is here: https://browsercheck.qualys.com

Firefox 4 Released

The latest and greatest Firefox, version 4.0, is being downloaded in some serious numbers.

Since Microsoft's Internet Explorer 9 is not available for XP users this is not surprising.

I'll stick to Firefox until I'm satisfied IE9 actually works.

Firefox has some nice features you might want to use:

Don't want websites to track you as you browse the web? You can enable this feature in Firefox 4:

Click on the Firefox button (in XP, click the Tools menu) and then click Options.

Select the Advanced panel and ensure the checkbox is checked for "Tell web sites I do not want be to tracked".

Click OK.

Want to clear the Recent History?

Click on the Firefox button (in XP, click the Tools menu) and then click Options.

Click History then "Clear Recent History".

Choose which settings you wish to delete and the time range and click "Clear Now".

Internet Explorer 9 Filters ActiveX

Microsoft's Internet Explorer 9 (IE9) allow for filtering of ActiveX controls. This should allow for much greater security from devious scripts. All you Windows XP users are out of luck as IE9 will not run on this Operating System (OS). Use Firefox, Opera or Chrome browsers for maximum security under Windows XP. If you run Windows 7 or (gasp) Windows Vista you can and should use IE9.

IE Exploit for Xmas!

Microsoft's Internet Explorer is the target of a new zero day attack.
Best Practice? If you're using IE, stop.
If you must use IE then perhaps Sandbox it with Sandboxie.
Why not try Firefox (with the awesome No-Script Add-on) or Opera instead?
Safer, Better and hip . . . like the kids say.

Gmail and WOT

If use the WOT Add-on for Firefox you may have noticed that the icons appear when you use Gmail not just when you use Google or Bing search engines. All those text advertisements are examined and catagorized as safe (green doughnut), questionable (yellow doughnut) or unsafe (red doughnut). Very nice!

Firefox Add-on Updates of Note

If you don't use these four Add-ons for Firefox (or Opera) then you suck:

Firefox BlackSheep: Anti-Networking Sniffing Tool

Not too long ago a Firefox extension called Firesheep designed to (according to the writeup at Lifehacker.com) ". . . sniff out weak security and/or hijack web site credentials on open Wi-Fi networks." was released. While useful for legitimate tasks it also gave crackers a tool that could allow them obvious access to PC's at your local coffee shop.

Now BlackSheep, an anti-Firesheep tool has been released. It is designed to alert you whenever Firesheep is active on your local network.

If you frequent establishments where you use Wi-Fi you might consider using this Firefox extension. The download page is here: http://www.zscaler.com/blacksheep.html

You should also look into grabbing the HTTPS Everywhere Firefox extension which encrypts your entire session not just the login portion.

Firefox Update Again

Firefox has been updated (again) so make sure your Help, About Mozilla Firefox

dialogue looks like the pic below:

If you have not been updated check Firefox Tools, Options menu to change the settings.

Firefox Update

Firefox has been updated so make sure your Help, About Mozilla Firefox

dialogue looks like the pic below:

If you have not been updated check Firefox Tools, Options menu to change the settings.

German Gov't Warns About Firefox

First they warned about IE. Now the German authorities are warning users to beware of a Firefox exploit that will only be fixed with the release of version 3.6.2 towards the end of this month. Details from the Beeb here. Time to use Opera!

Firefox Update

Y'all better check yer Firefox to see that you are running version 3.5.5 - if you aren't then run a manual upgrade (Help - Check for Upgrades). You might also set Firefox to automagically download and install upgrades:

Damn Yer Quiz, Facebook!

I thought Facebook was a means where by one could (virtually) keep in touch with loved ones, friends and colleagues? A place to share pictures and thoughts? Now it appears cluttered with quizzes, games and virus-filled applications. Yeech. Greasemonkey to the rescue!

What? Never used Greasemonkey? Hmmm . . . You do use Firefox, right? Check this previous post.

Firefox Plugs Microsoft Security Hole

If you use Firefox (and you should, imho) you have probably already seen a pop-up alert informing you that it is blocking Microsoft`s .NET Framework Assistant and Windows Presentation Foundation add-ons that were stealthily installed by Microsoft earlier this year.

This hole was supposed to have been fixed earlier by having users edit the Windows registry - but this idea stunk because editing the registry is potentially dangerous. Microsoft later released a simple point and click removal tool - except this left behind the Windows Presentation Foundation plug-in which is what was just killed by Mozilla.

So, the confusion up to now has been addressed by both Mozilla and Microsoft to remove both nasty bits. Whew!

Critical Firefox 3.5 Security Flaw

The newest Firefox, version 3.5, includes Tracemonkey, a new feature designed to speed up Javascript scripts. A flaw within Tracemonkey could allow attackers to remotely install evil software when users visit compromised Web sites.

A simple fix is available until the next patch fixes the vulnerability:

1. Open up a new Firefox window and type ‘’about:config‘’ (without the quotes) in your browser's address bar
2. In the ‘’filter‘’ box, type ‘’jit‘’ and a setting called ‘’javascript.options.jit.content‘’ will appear.
3. If the setting is set to ‘‘true’’ it means the option is enabled.
4. If it is, double-click on the setting. This should change the option to ‘’false‘’ disabling it.

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

The Ultimate Greasemonkey Script

Oh baby! Where have you been all my life!

Greasemonkey has always been a killer add-on for Firefox. Little scripts that work within Firefox to address many of the issues folks have with various websites. Simple things like adding easy to print pages to sites that have so many graphic ads that printing was a paper and ink nightmare.

The problem was that one had to go to the giant repository of Greasemonkey scripts at Userscripts.org search for the one that might address your specific problem and install it.

Well, a new script called Greasefire does all this for you. Once installed the Greasemonkey icon appears, in a slightly different form then you are used to, in the Firefox taskbar.

From then on if you browse to a site that any Greademonkey scripts that are related to it the icon turns a lovely shade of red.

If you then right-click on the icon it will further inform you of how many scripts are available. In this case our example shows the enormous number of scripts available at the uber-geek site slashdot.org.

Clicking on the top line (the one indicating how many scripts are available) opens up a window giving descriptions of the scripts. Clicking the giant grey button on the right towards the bottom initiates the usual Greasemonkey install routine.

So, if you have not yet installed Greasemonkey and Greasefire get thee hence to Userscript.org and help yourself to some great Add-ons.

Severe IE Vulnerability

An unpatched vulnerability in Internet Explorer 7 (which also affects older versions of the browser as well) is on the loose. Microsoft has stated that IE 5.01 with SP 4, IE 6 with or without SP 1 and IE 8 (Beta 2) on all versions of the Window OS are affected. To complete the horror IE 7 on Windows XP SP 2 and 3 and Windows Vista with or without SP 1 are also vulnerable. Web sites are now actively exploiting the vulnerability. One has to merely view a Web site in order to have a Trojan horse program automatically downloaded to their machine. Once downloaded the evil doers can manipulate the rogue program to download other software which could perform actions such as sending spam emails or steal data. Since Microsoft's next patch is not due until January 13, 2009 one would be wise to use an alternative browser such as Firefox or Opera. Just sayin' . . .

Firefox Greasemonkey Targeted

A new type of malware that collects passwords for banking sites is in the wild. In this instance it only targets Firefox browser through the popular Greasemonkey script. The malware uses JavaScript to identify some 100 financial web sites (including PayPal). It then harvests logins and passwords which are forwarded to a server in Russia.

So, short of disabling or uninstalling Greasemonkey your best defence is the usual: do not download anything, including Firefox add-ons, from any site other than Mozilla's, do not visit dubious sites located in dubious domains (such as .ru) and always have your firewall, anti-virus, router and brains active ;)

Firefox Update Available

Get it while it's hot. This update fixes one bug: ‘’where users were unable to retrieve saved passwords or save new passwords‘’.

Yikes.

Click on ‘’Check for Updates‘’ from the Help menu to update and don't forget to restart Firefox for the update to take effect.

 

Patch your Flash NOW

RealPlayer Exploit

User of Internet Explorer under Windows are vulnerable to drive-by downloads simply by visiting an evil Web page. As usual, it is an unknown and unpatched ActiveX component that is causing the problem. Note that both Microsoft Outlook and Outlook Express clients are also at risk. Best practices? Uninstall RealPlayer, use an alternative browser such as Firefox or Opera and use another email client such as Thunderbird or Penelope. Those who just can't part with RealPlayer should visit http://service.real.com/realplayer/security/en/ and (when available) download and install the patch. Ryan Naraine over at ZDNet.com has a great write up with info and fixes.

Google: 1 in 10 Websites Unsafe

Especially if you use Internet Explorer as opposed to Firefox or Opera. The chance of being nailed by a "drive-by download" is almost non-existent when using any browser other than Internet Explorer. Do yourself a favour and try a safer alternative.

Firefox Password Manager Compromised

It seems a flaw in the way Firefox handles passwords is enabling evil doers to create Phishing holes at sites where .html is allowed such as myspace.com - no fix has been issued but Secunia is advising users to disable the "Remember passwords for sites" option in Firefox preferences.

Firefox 2.0 Released

All the downloads are here: http://www.mozilla.com/en-US/firefox/all.html.

MySpace.com + IE Flaw + Known Exploit = Chaos

It appears Internet Explorer is again being exploited by evil Windows Metafile (.WMF) images. Worse, these images reside on MySpace.com with some 50+ million users. This exploit quickly follows the most recent Microsoft Update forcing drastic action from someone.At out-of-cycle patch from Microsoft or a third-party fix from a two-person shop in Guyana all works for me. Until a fix appears use an alternative browser such as Opera or Firefox.

MS PowerPoint Attachment Trouble

If you receive an email from an unknown Gmail address and it contains an MS PowerPoint presentation then delete it.

Firefox mailto: exploit

This exploit could cause your default email client to launch allowing spam to escape. Or it could simply slow down your PC. The quick 'n dirty fix is here.

Firefox Update Available

The latest version of Firefox that includes several important security updates is available. Click Help . . . Check for Updates.

Firefox 1.5.0.1 Update

At around 6:00 EST the following appeared on my screen:

Woo-hoo! Firefox is doing its first auto-update. I had plum forgot that it was going to happen.
After Firefox restarted the following loaded showing all is well:

Excellent!

The Thirty Day Rule

An old Javascriprt vulnerability in all Firefox versions prior to 1.0.5 has taken on a new life since the code to take advantage of it has been published on the web. Those of you who are still happily using older versions should upgrade. Best Practices: Always upgrade to the latest version of software at about the thirty daymark after its release because . . . a) This gives any bugs in the release time to be found by all those early adopters allowing the developers time to patch the bug. b) Not enough time has passed that evil virus writers have released exploits. c) Authors of plugins and other add-ons (such as Firefox extensions) will have had time to patch their products.