« Mobile | Main | Mozilla Thunderbird »

Saturday, February 02, 2013

Twitter Hack and Java

The recent hack of Twitter appears to have been accomplished via some Java exploit. The insecure nature of Java is well known and unless you specifically require Java your best practice is to uninstall it via the Control Panel under Windows. If you do require Java you need to uninstall the Java plugin for browsers. Check out 'ole Krebs on Security for the details.

If you keep Java set it to auto-update once a day. Handy, dandy screencaps illustrating the simple process are here.

Wednesday, September 19, 2012

Critical Internet Explorer Hole

Those still using Internet Explorer as their browser of choice are well advised to use an alternative such as Firefox, Chrome or Opera to avoid being a victim of the latest security problem. According to several sources a Microsoft FixIt patch will be issued ASAP to solve the issue - at that time you can apply the patch and go back to using Internet Exploder. An exhaustive exploration of the problem (and a partial fix) can be viewed at https://krebsonsecurity.com.

Posted by Matthew Carrick at 9:30.20 AM EDT | Permanent Link
Comment by Matthew - Wednesday 19th September 2012 08:44:13 PM

Damn, that was quick! Visit http://support.microsoft.com/kb/2757760 to apply the FixIt.
Comment by Byte me - Saturday 03rd November 2012 06:10:02 PM

I never met a hole I didn't think was critical.

| Categories: Alternative Apps, Best Practices, Google Chrome, Java, Mozilla Firefox, Opera, Security Alerts

Saturday, April 02, 2011

BrowserCheck

This Firefox add-on, which also works with other browsers such as Opera, Chrome and IE8, checks your installed browser plugins for outdated versions and allows you to easily download the newer version.

This security plugin to be a mini-Secunia PSI that just checks your plugins such as Adobe Flash, Shockwave Player and Quicktime. A very useful tool to do what normally is a very annoying job.

It is here: https://browsercheck.qualys.com

Wednesday, March 23, 2011

Firefox 4 Released

The latest and greatest Firefox, version 4.0, is being downloaded in some serious numbers.

Since Microsoft's Internet Explorer 9 is not available for XP users this is not surprising.

I'll stick to Firefox until I'm satisfied IE9 actually works.

Firefox has some nice features you might want to use:

Don't want websites to track you as you browse the web? You can enable this feature in Firefox 4:

Click on the Firefox button (in XP, click the Tools menu) and then click Options.

Select the Advanced panel and ensure the checkbox is checked for "Tell web sites I do not want be to tracked".

Click OK.

Want to clear the Recent History?

Click on the Firefox button (in XP, click the Tools menu) and then click Options.

Click History then "Clear Recent History".

Choose which settings you wish to delete and the time range and click "Clear Now".

Posted by Matthew Carrick at 2:39.46 PM EDT | Permanent Link

| Categories: Alternative Apps, Mobile, Mozilla Firefox, Online Apps

Wednesday, March 16, 2011

Internet Explorer 9 Filters ActiveX

Microsoft's Internet Explorer 9 (IE9) allow for filtering of ActiveX controls. This should allow for much greater security from devious scripts. All you Windows XP users are out of luck as IE9 will not run on this Operating System (OS). Use Firefox, Opera or Chrome browsers for maximum security under Windows XP. If you run Windows 7 or (gasp) Windows Vista you can and should use IE9.

Thursday, December 23, 2010

IE Exploit for Xmas!

Microsoft's Internet Explorer is the target of a new zero day attack.
Best Practice? If you're using IE, stop.
If you must use IE then perhaps Sandbox it with Sandboxie.
Why not try Firefox (with the awesome No-Script Add-on) or Opera instead?
Safer, Better and hip . . . like the kids say.
Posted by Matthew Carrick at 10:26.44 PM EST | Permanent Link
Comment by Matthew - Wednesday 05th January 2011 08:29:54 PM

Bill has posted a 'Fix it' for this annoyance here: http://support.microsoft.com/kb/2490606

| Categories: Adware/Spyware, Best Practices, Internet Explorer, Mozilla Firefox, Opera, Privacy Issues, Security Alerts, Viruses-Trojans-Worms

Saturday, November 27, 2010

Gmail and WOT

If use the WOT Add-on for Firefox you may have noticed that the icons appear when you use Gmail not just when you use Google or Bing search engines. All those text advertisements are examined and catagorized as safe (green doughnut), questionable (yellow doughnut) or unsafe (red doughnut). Very nice!

Posted by Matthew Carrick at 9:23.16 AM EST | Permanent Link
Edited on: Saturday, November 27, 2010 11:22.09 AM EST

| Categories: Firefox Extensions, Mozilla Firefox

Firefox Add-on Updates of Note

If you don't use these four Add-ons for Firefox (or Opera) then you suck:

Posted by Matthew Carrick at 9:07.40 AM EST | Permanent Link
Edited on: Saturday, November 27, 2010 11:23.24 AM EST

| Categories: Firefox Extensions, Mozilla Firefox

Monday, November 08, 2010

Firefox BlackSheep: Anti-Networking Sniffing Tool

Not too long ago a Firefox extension called Firesheep designed to (according to the writeup at Lifehacker.com) ". . . sniff out weak security and/or hijack web site credentials on open Wi-Fi networks." was released. While useful for legitimate tasks it also gave crackers a tool that could allow them obvious access to PC's at your local coffee shop.

Now BlackSheep, an anti-Firesheep tool has been released. It is designed to alert you whenever Firesheep is active on your local network.

If you frequent establishments where you use Wi-Fi you might consider using this Firefox extension. The download page is here: http://www.zscaler.com/blacksheep.html

You should also look into grabbing the HTTPS Everywhere Firefox extension which encrypts your entire session not just the login portion.

Thursday, October 28, 2010

Firefox Update Again

Firefox has been updated (again) so make sure your Help, About Mozilla Firefox

dialogue looks like the pic below:

If you have not been updated check Firefox Tools, Options menu to change the settings.

Posted by Matthew Carrick at 11:23.35 PM EDT | Permanent Link

| Categories: Mozilla Firefox

Wednesday, October 20, 2010

Firefox Update

Firefox has been updated so make sure your Help, About Mozilla Firefox

dialogue looks like the pic below:

If you have not been updated check Firefox Tools, Options menu to change the settings.

Posted by Matthew Carrick at 12:42.43 PM EDT | Permanent Link
Edited on: Wednesday, October 20, 2010 12:47.24 PM EDT

| Categories: Mozilla Firefox

Tuesday, March 23, 2010

German Gov't Warns About Firefox

First they warned about IE. Now the German authorities are warning users to beware of a Firefox exploit that will only be fixed with the release of version 3.6.2 towards the end of this month. Details from the Beeb here. Time to use Opera!

Posted by Matthew Carrick at 5:06.21 AM EDT | Permanent Link

| Categories: Alternative Apps, Mozilla Firefox, Opera

Friday, November 06, 2009

Firefox Update

Y'all better check yer Firefox to see that you are running version 3.5.5 - if you aren't then run a manual upgrade (Help - Check for Upgrades). You might also set Firefox to automagically download and install upgrades:

Firefox Options for Updating

Posted by Matthew Carrick at 5:03.54 AM EST | Permanent Link

| Categories: Best Practices, Mozilla Firefox, Security Alerts

Sunday, November 01, 2009

Damn Yer Quiz, Facebook!

I thought Facebook was a means where by one could (virtually) keep in touch with loved ones, friends and colleagues? A place to share pictures and thoughts? Now it appears cluttered with quizzes, games and virus-filled applications. Yeech. Greasemonkey to the rescue!

Greasemonkey Script: Facebook Purity

What? Never used Greasemonkey? Hmmm . . . You do use Firefox, right? Check this previous post.

Sunday, October 18, 2009

Firefox Plugs Microsoft Security Hole

If you use Firefox (and you should, imho) you have probably already seen a pop-up alert informing you that it is blocking Microsoft`s .NET Framework Assistant and Windows Presentation Foundation add-ons that were stealthily installed by Microsoft earlier this year.

This hole was supposed to have been fixed earlier by having users edit the Windows registry - but this idea stunk because editing the registry is potentially dangerous. Microsoft later released a simple point and click removal tool - except this left behind the Windows Presentation Foundation plug-in which is what was just killed by Mozilla.

So, the confusion up to now has been addressed by both Mozilla and Microsoft to remove both nasty bits. Whew!

Wednesday, July 15, 2009

Critical Firefox 3.5 Security Flaw

The newest Firefox, version 3.5, includes Tracemonkey, a new feature designed to speed up Javascript scripts. A flaw within Tracemonkey could allow attackers to remotely install evil software when users visit compromised Web sites.

A simple fix is available until the next patch fixes the vulnerability:

  1. Open up a new Firefox window and type ‘’about:config‘’ (without the quotes) in your browser's address bar
  2. In the ‘’filter‘’ box, type ‘’jit‘’ and a setting called ‘’javascript.options.jit.content‘’ will appear.
  3. If the setting is set to ‘‘true’’ it means the option is enabled.
  4. If it is, double-click on the setting. This should change the option to ‘’false‘’ disabling it.

Tuesday, April 14, 2009

Twitter Awareness

The recent cross-scripting attack on the newest buzzword universe called Twitter is merely another bump on the rocky road through Interpipe 2.0

These XSS attacks are the bane of Web 2.0 and will cause disasters for individuals who refuse to become aware of their online surroundings. Compound this with users who remain clueless about what is running on their PC's and you have a large impediment in the push through to Web 3.0 applications.

Now add smartphones and netbooks to the mix ;(

For a fine write up on the Twitter XSS attack see: http://twittercism.com/protect-yourself-on-twitter/

Be sure to check out the fine tip from Twittercism about XSS busting using Firefox browser with the Add-on NoScript with screencaps from Better Safe Than Sorry here.

Posted by Matthew Carrick at 12:07.44 PM EDT | Permanent Link
Edited on: Tuesday, April 14, 2009 12:07.58 PM EDT

| Categories: Adware/Spyware, Best Practices, Firefox Extensions, Mobile, Mozilla Firefox, Online Apps, Security Alerts, Viruses-Trojans-Worms

Wednesday, December 17, 2008

The Ultimate Greasemonkey Script

Oh baby! Where have you been all my life!

Greasemonkey has always been a killer add-on for Firefox. Little scripts that work within Firefox to address many of the issues folks have with various websites. Simple things like adding easy to print pages to sites that have so many graphic ads that printing was a paper and ink nightmare.

The problem was that one had to go to the giant repository of Greasemonkey scripts at Userscripts.org search for the one that might address your specific problem and install it.

Well, a new script called Greasefire does all this for you. Once installed the Greasemonkey icon appears, in a slightly different form then you are used to, in the Firefox taskbar.

The new and improved Greasemonkey icon

From then on if you browse to a site that any Greademonkey scripts that are related to it the icon turns a lovely shade of red.

Greasefire has found some scripts!

If you then right-click on the icon it will further inform you of how many scripts are available. In this case our example shows the enormous number of scripts available at the uber-geek site slashdot.org.

Greasefire tells you how many scripts are available

Clicking on the top line (the one indicating how many scripts are available) opens up a window giving descriptions of the scripts. Clicking the giant grey button on the right towards the bottom initiates the usual Greasemonkey install routine.

Greasefire install window

So, if you have not yet installed Greasemonkey and Greasefire get thee hence to Userscript.org and help yourself to some great Add-ons.

Posted by Matthew Carrick at 7:19.52 PM EST | Permanent Link

| Categories: Firefox Extensions, Mozilla Firefox, Software Tools

Sunday, December 14, 2008

Severe IE Vulnerability

An unpatched vulnerability in Internet Explorer 7 (which also affects older versions of the browser as well) is on the loose. Microsoft has stated that IE 5.01 with SP 4, IE 6 with or without SP 1 and IE 8 (Beta 2) on all versions of the Window OS are affected. To complete the horror IE 7 on Windows XP SP 2 and 3 and Windows Vista with or without SP 1 are also vulnerable. Web sites are now actively exploiting the vulnerability. One has to merely view a Web site in order to have a Trojan horse program automatically downloaded to their machine. Once downloaded the evil doers can manipulate the rogue program to download other software which could perform actions such as sending spam emails or steal data. Since Microsoft's next patch is not due until January 13, 2009 one would be wise to use an alternative browser such as Firefox or Opera. Just sayin' . . .

Thursday, December 04, 2008

Firefox Greasemonkey Targeted

A new type of malware that collects passwords for banking sites is in the wild. In this instance it only targets Firefox browser through the popular Greasemonkey script. The malware uses JavaScript to identify some 100 financial web sites (including PayPal). It then harvests logins and passwords which are forwarded to a server in Russia.

So, short of disabling or uninstalling Greasemonkey your best defence is the usual: do not download anything, including Firefox add-ons, from any site other than Mozilla's, do not visit dubious sites located in dubious domains (such as .ru) and always have your firewall, anti-virus, router and brains active ;)

Saturday, September 27, 2008

Firefox Update Available

Get it while it's hot. This update fixes one bug: ‘’where users were unable to retrieve saved passwords or save new passwords‘’.

Yikes.

Click on ‘’Check for Updates‘’ from the Help menu to update and don't forget to restart Firefox for the update to take effect.

Firefox update available  

Posted by Matthew Carrick at 8:25.38 AM EDT | Permanent Link

| Categories: Best Practices, Mozilla Firefox

Wednesday, May 28, 2008

Patch your Flash NOW

Time to patch your Adobe Flash. Numerous evil sites are exploiting Flash vulnerabilities to install password stealing software Trojans when users visit them with unpatched Web browsers. The latest version is available here.
Of course, if you use Mozilla Fiefox you will already have installed ‘‘Noscript’’ which goes a long way to protect you from this particular exploit.