|
Author |
Message |
mimi_44 VIP Member
Joined: 18 Jan 2006
Posts: 411
|
Hackers Focus Efforts on Firefox, Safari |
Posted: Thu 01 May, 2008 |
|
Hackers Focus Efforts on Firefox, Safari
Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys.
Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard.
So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes.
Firefox Holes
In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it.
In an actual attack--neither the Safari nor the Firefox bugs have elicited one so far--a bad guy could take over your PC or steal your navigation history.
The latest versions of Firefox--2.0.0.13 on--will stop all five bugs. Mozilla's Thunderbird and SeaMonkey are also at risk (if you have JavaScript enabled), so download updated versions.
Safari in the Wild
Safari 3.1 patches 13 holes affecting Mac OS X, Windows XP, and Windows Vista.
Think you're safe because you don't have Safari? You may have it without realizing it. Apple now distributes its browser with iTunes updates. Forget to uncheck a box in one of these updates, and it's there.
The Safari holes could allow an attacker to trick you into thinking that a fake site is really your bank site, or to take over your PC via a poisoned page. Download Safari 3.1.
Office Bugged Again
micros0ft recently released four patches that fix a dozen dangerous holes in Office. I warned you about one of those holes--a zero-day attack on Excel--in April. Be sure to apply the patches, if your system doesn't install them automatically. Get the four new Office patches and more info. (You are not affected if micros0ft Office 2007 is the version you use.)
No sooner had micros0ft shipped those patches than the company acknowledged the existence of yet another bad Office bug that needs patching. And this one is urgent because some users have already been attacked.
Luckily, Windows Vista, Windows Vista SP1, and the beta version of Windows XP SP3 are not at risk because they ship with a newer version of the affected "Jet" database. But earlier versions of Windows are vulnerable, as are all supported versions of Office, including Office 2007.
Becoming a victim of the bug involves saving two files to your PC's hard drive--one a mail-merge file that uses the database engine. There was no patch at press time. For more information, read micros0ft's advisory.
POSTED by: PC World Friday, April 25, 2008
P.S. I use Flock. Any info or remarks on it? |
|
|
|
|
Mop VIP Member
Joined: 22 Jan 2006
Posts: 354 Location: Somewhere in busy The Hague
|
Re: Hackers Focus Efforts on Firefox, Safari |
Posted: Thu 01 May, 2008 |
|
I was wondering when this would happen.
No one is safe these days from hackers it seems.
What goes on in their minds I wonder.
shiit happens. Every day.
Flock. Never heard of it. |
_________________ Are you talking to me? I'm the only one here.So....are you talking to me? |
|
|
|
peiratns VIP Member
Joined: 17 Jan 2006
Posts: 183 Location: Somewhere in time!
|
Re: Hackers Focus Efforts on Firefox, Safari |
Posted: Thu 01 May, 2008 |
|
What is that M$ propaganda?
The author of this article, whoever s/he is affiliated to, is not mentioning that F/OSS such Firefox are developed much faster and because they are open to scrutiny their bugs can be found easily by the community of developers/users and corrected in speeds that M$ and the rest of proprietory software developers can only imagine in their dreams.
What a bunch of Bull:
Quote: Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard. |
_________________
NOTE: Links are not tested unless specified otherwise! |
|
|
|
jkf Site Administrator
Joined: 25 Nov 2005
Posts: 3454 Location: Your Right Temporal Lobe
|
Re: Hackers Focus Efforts on Firefox, Safari |
Posted: Sat 03 May, 2008 |
|
There are bug fixes done all the time in Firefox and its peers, you can even
download the daily interim betas before they collect enough fixes and make
a public release.
The Open Source community will not and cannot hide fixes that are put in so
they are much more trustworthy than change notices that microshit puts out.
For the most part, a person cannot verify what exactly got changed in IE except
for taking microshit's word for it, unless you work for them and work in the IE
development area.
As for Firefox, anyone can view the exact line of code that was changed, if
anything was really changed, and its documented so that others can verify
that it was and why it was done.
We have to be careful about putting 100% trust in these stories in that they are
starting to sound an awful lot like the news reporters that are cooking up good
stories or adding a few extra twists into their stories to create sensationalism
so people would take notice and they can build up their names. The difference
being, what happens to celebrities do not affect our lives directly in most part...
But most bad things that happen to our computers will imediately give us
severe grief and most of these people writing these articles aren't that
computer savvy as they pretend to be.
You can never assume that there were no problems found for IE...
maybe there were problems found in IE but not reported because it
hasn't been fixed yet and that would be embarrassing to them ... |
_________________ jkf
|
|
|
|
peiratns VIP Member
Joined: 17 Jan 2006
Posts: 183 Location: Somewhere in time!
|
Re: Hackers Focus Efforts on Firefox, Safari |
Posted: Sat 03 May, 2008 |
|
J. you are making some excellent points there:
Quote: The Open Source community will not and cannot hide fixes that are put in so they are much more trustworthy than change notices that microshit puts out. For the most part, a person cannot verify what exactly got changed in IE except for taking microshit's word for it, unless you work for them and work in the IE development area.
Touche! F/OSS by default makes the source code available to all to study, learn and modify as they please. When an F/OSS project has many users/developers (e.g. Firefox) bugs are discovered very quickly. Malicious code also can not be hidden easily due to the fact that many people can examine the code. Imagine now in M$ a disgruntled programmer that decided to mess with IE. How long will it take the rest of the M$ team to find out? Think about it!
Quote: We have to be careful about putting 100% trust in these stories in that they are starting to sound an awful lot like the news reporters that are cooking up good stories or adding a few extra twists into their stories to create sensationalism so people would take notice and they can build up their names.
...these people writing these articles aren't that computer savvy as they pretend to be.
When I read the title of the article "Hackers Focus Efforts on Firefox..." I expected to read about development efforts on Firefox or something along this line. The author of the article better do some research on the meaning of "hacker". Mass media twisted the true meaning of the word. When you read an article that uses the word "hacker" to have the meaning of "cracker" then stop reading it, or if you want to continue read it from a very skeptical position. Loaded articles are always biased.
P.
PS: F/OSS= Free/Open Source Software
PS2: Mop, Flock is here: http://flock.com/ . It's based on Firefox. |
Last edited by peiratns on Sat 03 May, 2008; edited 3 times in total _________________
NOTE: Links are not tested unless specified otherwise! |
|
|
|
jkf Site Administrator
Joined: 25 Nov 2005
Posts: 3454 Location: Your Right Temporal Lobe
|
Re: Hackers Focus Efforts on Firefox, Safari |
Posted: Sat 03 May, 2008 |
|
Mop @ Thu May 01, 2008 5:18 pm wrote: Flock. Never heard of it.
Flock is a modified Firefox that has integrated enhancements for those
that don't want to use a separate application for handling the tasks.
I checked Flock version 1.1.2
it reports that it is built on
Firefox/2.0.0.14
Gecko/20080418
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14)
So it should cover the above mentioned firefox fixes.
Check your Flock version by doing Help -> About Flock
If the Firefox version in Flock is equal to or greater than 2.0.0.13,
then it should be OK.
The more I think about this article, it looks like old info regurgitated, as the
latest Firefox is 2.0.0.14 released April 16, 2008, about a week before the
article date. Even Firefox 2.0.0.13 which was release on March 25, 2008
is a month older than the article and it had fixed those problems already....
If this article came out in March... then it might have been fresh news...
Flock Release Notes: http://www.flock.com/release-notes/1.1.2/
I have found a 1.1.3 and even a change page at flock.com that
doesn't really tell you what the difference is... might be a beta... |
Last edited by jkf on Sat 03 May, 2008; edited 2 times in total _________________ jkf
|
|
|
|
mimi_44 VIP Member
Joined: 18 Jan 2006
Posts: 411
|
Re: Hackers Focus Efforts on Firefox, Safari |
Posted: Sat 03 May, 2008 |
|
Quote: If the Firefox version in Flock is equal to or greater than 2.0.0.13,
then it should be OK.
Thanks for the info on Flock jkf. |
|
|
|
|
|
|
Page 1 of 1 [ 7 Posts ]
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot post attachments in this forum You can download attachments in this forum
|
Powered by phpBB © 2001, 2024 phpBB Group All content is copyright © WastedTimes and its original authors |