Firefox 3.0.7 Released

March 4, 2009 – 6:35 PM

Firefox 3.0.7 has been released today and this version fixes several issues found in Firefox 3.0.6.

• Fixed several security issues:

-URL spoofing with invisible control characters
-Upgrade PNG library to fix memory safety hazards
-XML data theft via RDFXMLDataSource and cross-domain redirect
-Mozilla Firefox XUL Linked Clones Double Free Vulnerability
-Crashes with evidence of memory corruption (rv:1.9.0.7)

• Fixed several stability issues.
• Official releases for the Estonian, Kannada, and Telugu languages are now available.
• Items in the “File” menu show as inactive after using the “Print” item from that menu – switching to a new tab restores them (bug 425844). This issue has been fixed.
• For some users, cookies would appear to go “missing” after a few days (bug 444600).
• Mac users of the Flashblock add-on, experienced an issue where sound from the Flash plug-in would continue to play for a short time after closing a tab or window (bug 474022).
• Fixed several issues related to accessibility features.

Posted in Internet, Linux, Windows | 2 Comments

Project Honey Pot – Help Make The Internet A Better Place

March 3, 2009 – 6:02 PM

Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.

To participate in Project Honey Pot, webmasters need only install the Project Honey Pot software somewhere on their website. We handle the rest — automatically distributing addresses and receiving the mail they generate. As a result, we anticipate installing Project Honey Pot should not increase the traffic or load to your website.

Admin Note: PC Sympathy now has two honey pots installed on two different sites and what reminded me to blog about this was that I got an email today that stated this site caught it’s first Harvester and this bad guy was previously unknown until today when it hit my honey pot and exposed itself.  Nice.  PC Sympathy has made the world just a wee bit better today.  🙂

Anyway, webmasters…it’s worth it to help out and there’s no additional load on your server.  All it takes is a free registration on the Project Honey Pot website and one line of code to be added to your web pages.  Well worth it, in my opinion.

Please check it out:
http://www.projecthoneypot.org?rf=54861

Posted in Internet, Privacy, Security | 1 Comment

Opera 9.64 Fixes Security Vulnerabilities

March 3, 2009 – 6:26 AM

Opera 9.64 is a recommended security and stability upgrade, incorporating the Opera Presto 2.1.1 user agent engine. Opera highly recommends all users to upgrade to Opera 9.64 to take advantage of these improvements.

Changes and improvements since Opera 9.63:

Security

• Fixed an issue where specially crafted JPEG images ccould be used to execute arbitrary code, as reported by Tavis Ormandy of the Google Security Team; see our advisory
• Fixed an issue where plug-ins could be used to allow cross domain scripting, as reported by Adam Barth; details will be disclosed at a later date.
• Fixed a moderately severe issue; details will be disclosed at a later date.
• Added support for the following platform-specific features:
  • DEP (Data Execution Prevention) in Microsoft WindowsXP with Service Pack 2 and higher and Microsoft Windows Server 2003 with Service Pack 1
  • ASLR (Address Space Layout Randomization) in Microsoft Windows Vista
• Added Untrusted Rootstore Capability:
  • Opera downloads only the detailed information about untrusted (blacklisted) certificates when they are encountered
  • If download fails for certificate information in the list, Opera considers any certificate matching the ID as untrusted
• Added version conditional fetching of certificate dependencies from an online repository
• Fixed a problem downloading the CRL (Certificate Revocation List)
• Fixed a problem that could cause SSL to deadlock in one state, hanging the connection
• Fixed a problem that could cause the incorrect calculation of Certificate IDs
• Implemented Extended Validation (EV) for cross-signed EV Root Certificates not shipped by default
• Implemented preshipping of the Entrust 2048 CA (Certificate Authority)
• Implemented Root Certificate fetching from an online repository when an intermediate matches a certificate in the repository
• Improved support for weak encryption when importing .p12 private certificates
• Prevented security information documents from being written to disk

Miscellaneous

• Fixed a problem which created separate feed notifications; Opera now groups them together
• Fixed a problem with inline find when no content was entered and the Enter key was pressed
• Implemented opacity on text styled with hexidecimal color codes
• Installing an external source viewer no longer requires an Opera restart
• Installing Opera sets it as the default browser; this may be reset during the install process

Source:
http://www.opera.com/docs/changelogs/windows/964/

Posted in Internet, Software, Windows | 2 Comments

GMail Service CSRF Vulnerability

March 3, 2009 – 5:53 AM

Gmail is Google’s “free webmail service. It comes with built-in Google search technology and over 2,600 megabytes of storage (and growing every day). You can keep all your important messages, files and pictures forever, use search to quickly and easily find anything you’re looking for, and make sense of it all with a new way of viewing messages as part of conversations”.

Cross-Site Request Forgery, also known as one click attack or session riding and abbreviated as CSRF (Sea-Surf) or XSRF, is a kind of malicious exploit of websites. Although this type of attack has similarities to cross-site scripting (XSS), cross-site scripting requires the attacker to inject unauthorized code into a website, while cross-site request forgery merely transmits unauthorized commands from a user the website trusts.

GMail is vulnerable to CSRF attacks in the “Change Password” functionality. The only token for authenticate the user is a session cookie, and this cookie is sent automatically by the browser in every request.

An attacker can create a page that includes requests to the “Change password” functionality of GMail and modify the passwords of the users who, being authenticated, visit the page of the attacker.

The attack is facilitated since the “Change Password” request can be realized across the HTTP GET method instead of the POST method that is realized habitually across the “Change Password” form.

Source:
http://www.securiteam.com/securitynews/5ZP010UQKK.html

Posted in Coding, Internet, Security | No Comments

Koobface Variant Hits Facebook

March 3, 2009 – 5:33 AM

Researchers at Trend Micro are reporting that a new variant of the Koobface worm is spreading on Facebook.

Koobface first appeared in 2008, with separate variants striking members of Facebook and MySpace.com. Now the Koobface worm is back again, with an eye toward stealing cookies for other social networking sites.

According to Trend Micro, the new variant sends Facebook messages claiming to be from a friend. The messages link to a spoofed YouTube video. In an interesting social engineering ploy, the malicious landing page not only displays the friend’s name, but also a picture pulled from the person’s Facebook profile.

The page prompts the user to install a new version of Adobe Flash. Users who agree are redirected to a download site for the file setup.exe, which is the new Koobface variant. Trend Micro detects the worm as WORM_KOOBFACE.AZ, and reported March 1 that its researchers had seen more than 300 unique IP addresses hosting the .exe file.

Trend Micro is expecting to see more.

“We’re only flagging a few hits at the moment, but the complexity with which this threat has been created shows how much work has been done to social-engineer social networks with the end game of creating [botlike] accounts to send out third-party links to almost anything,” said Jamz Yaneza, a threat researcher at Trend Micro.

The latest iteration of the worm runs on Windows 98, ME, NT, 2000 and XP and Server 2003. It sends and receives information by connecting to several servers, allowing hackers to remotely execute commands on a compromised machine.

Once installed, the worm searches for cookies created by a number of social networking sites, including MySpace.com, Hi5 Networks, MyYearbook.com and Bebo. After the cookies are located, the malware attempts to use the user log-in session information stored in the cookies to connect to the Web sites.

From there it searches out the victim’s friends and sends an HTTP POST request to a rogue server. As a reply, the server sends the message to the user’s contacts with a link to where a copy of the worm can be downloaded.

Source:
http://www.eweek.com/c/a/Security/New-Koobface-Variant-Hits-Facebook-Targets-Other-Social-Networks/?kc=rss

Posted in Internet, Privacy, Security, Windows | No Comments