A software security researcher has warned that the password manager features of Mozilla’s open source, Firefox 2.0 and Microsoft’s (Nasdaq: MSFT), Internet Explorer (IE) Web browsers could be exploited, placing unsuspecting users at risk.

Users of Firefox or Explorer, both of which may be vulnerable to the attack known as “Reverse Cross Site Request” (RCSR), are not fooled directly by the password theft exploit. Instead, it provides a fake login site that fools a browser’s saved password feature into automatically providing the information, Robert Chapin, president of Chapin Information Services, reported.

Microsoft and Mozilla acknowledge about this probem. While waiting for the next update for this security issue, please disable Passwod Manager in your Firefox.

[via TechNewsWorld][tags]firefox, ie, security, vulnerable[/tags]

Cypher: Btw incase you don’t know yet, you also can discover saved passwords in Firefox. It is really dangerous if your computer use by multiple users.

According to The Times of London, a criminal gang in U.K was able to steal confidential banking data by bugging ATMs with a MP3 player.

The gang tapped the phone line between the targeted freestanding cash dispenser ATM and a wall soket by placing a two-way adaptor on it and connect it to a MP3. The electronic noise from the data traffic will be recorded into the MP3 player and will be interpreted by using a modem line tap or using special software program.

They managed to get copies of credit cards and make purchases worth $380 000 according to The Times.

[via CNET News] [tags]atm, mp3, player, hack, handphone[/tags]

Cypher: How about if we tapped the phone line by using handphone. Then we transfer the recorded noise to a software to interpret the data. Just an idea.

Starting 15th Jan 2007, AVG Free 7.1 version will no longer be free. So get AVG Free 7.5 instead.

GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and user interface is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 15th of Jan 2007.

Link: AVG Free Advisor [tags]avg, avg free, avg free edition, antivirus[/tags]

Edit: This report is not accurate. For more info, read this news. [Thanks to aMer]

After few days Microsoft released Internet Explorer 7, new vulnerability has been found in this software. This vulnerability can be exploited by malicious people to disclose potentially sensitive information.

Secunia had make a demonstration tool which is you can check whether your IE7 is vulnerable or not. The test will try to read content from Google News in the context of your browser. This vulnerability is caused by due to an error in handling of redirections for URLs with the “mhtml:” URI handler. And this weak spot can be exploited to access documents served from another web site.

Right now, there is no patch for this vulnerability. But for the moment, you can disable active scripting to prevent from this exploit.

Cypher: Wondering how much new vulnerabilities will be discovered by “techie” guys… [tags]vulnerable, exploit, ie, ie7, microsoft[/tags]

Duh… Check out this screenshot below. My university, UTM has block access to FeedBurner. But it doesn’t block the whole domain, it only block access to feed reader counter only.

The script that blocking the page is WebMarshall. I think this is a new security script that UTM impliment to protect the network from malicious attacks. And I also noticed that they had tighten the security level on their server because last night I can’t access some of websites that I usually visits.

By the way, I must say that this is a good action taken by UTM. Because if they don’t install these security scripts, students computers will be in more vulnerable and danger. Before this, many computers in UTM got attacked by Brontok virus. And recently, virus Ravmon attacks are on the rise. By implimenting this security protection, atleast it can reduce the risk to get infect.

But anyway, please don’t block websites that are not harmful… Duh… [tags]utm, webmarshall, brontok, ravmon, malaysia[/tags]

Edit: Here is another screenshot from WebMarshall script.

Everyone hate spams and so do I. But if you don’t want more spams coming into your email, TURN OFF the Vacation Response setting in your email. [tags]spams protection, stop spams, spams[/tags]

Many email services include this options. By default it is turn off. But you can turn it on if you want to give auto-response to incoming emails while you are away or on a vacation.

Beware that turn this settings on will give spammers chance to keep spamming on you. How? Ok let say spammers send an email to you. Usually spam emails will directly send to Bulk/Spam Folder. If you turn on the Vacation Response setting, your email will automatically send a reply back to the spammers saying that you are away or something else that you have set it before. So when the spammers receive the email, they will know that your email is active and they will keep spamming on you.

So how to make sure your email has turn this setting off? Ok here how to do it in GMail and in Yahoo. Other email services I don’t know, but you can check their help page for more help. Anyway, I like GMail more because it include extra feature in Vacation Response setting. I’ll explain it below.

GMail

1. After login into your GMail account, click on Settings .
2. In General tab, scroll down to Vacation reponder.
3. Make sure that Vacation responder is off.
4. But if you still want to use Vacation responder, you can set it to Only send a response to people in my Contacts . So your email is less “vulnerable” to spammers. This is the extra feature that I told you before.

Yahoo

1. In Yahoo, after you login to your email account, go to Options.
2. Click on Vacation Reponse under Management.
3. If Auto Responder is set to off, you will see Turn Auto-Response On button at the below of the page.
4. And if you want to use Vacation Response, just simply click the button on.

Well I hope with this short post can help you to stop more spams coming to your inbox. If you like want to know more about how to setup Vacation Response, just follow these links:

• How do I set up an automatic vacation response?
• How do I create a vacation response?

Have you upgrade your Firefox to Firefox 1.5.0.7 yet? The new update has been released yesterday. Yesterday, while I surfed the Internet, suddenly there was a pop-up from my Firefox browser asking me to install the latest version. So I chose ok and it install the latest updates in a minute.

Some of my friends (Internet Explorer users) asked me why I use Firefox. With calm and confidence I answered the question. I said that, with Firefox you can surf the net with tabbed browsing. Which means you no need to open new window if you want to visit other sites. Beside than that, there are many themes and extensions that you can use to enhance the usebility of your Firefox. And all of them are free to download.

I’m using 6 extensions for my Firefox and use Mostly Crystal as my Firefox theme. I really like Mostly Crystal. The theme uses colourful icons and there are really nice. You can see the screenshot below.

Ok back to the topic. He3. This latest update have fixed known critical flaws. You can see the details here. And I wonder when will Firefox 100% free from vulnerabilities. Hmm… [tags]mozilla firefox, firefox, internet browser[/tags]

MyOrionet is conducting a competition which is, webmaster who can listed his website on the first rank in Google will win. Today, WTJ commented on one of my post about MyOrionet had been hacked. The hacker named himself as Hacker_Amca and s/he (I don’t know the gender ) put link to other website. I don’t know what language used there. I think the website is from Tukey. Here is the print screen of the hacked website:

Lessons learned
Lessons that we can learn from this situation are:

1. Update your website scripts when there are new updates available
   This is a must because the latest updates have bugs fixed and some upgrades that can improve the security of your website.
2. Always backup your site and databases
   Make a backup of your website everyday if you update your site contents everyday. If not, make backup at least once a week.

I’m no security expert but I have little knowledge how to prevent sites from being hacked. Hope we can learn something from what had happen to MyOrionet. [tags]hacker, hack, website[/tags]

How strong your password is? Is it easy to guess? Using simple combinational characters? Or you don’t use any passwords at all in your life? Nah… I’m sure every each of you have their own password. Those who know how to surf the Internet should know how to use and how to create their password. But is your password really strong?

Can you remember these passwords?
Here are some examples of strong passwords:

m8+bbNY46u?z7$u?46
^X7HrJs867$s66P$s6867
n7_!nr8hr8h98b

Can you imagine how hard it is to remember these passwords? I admit that I also can’t remember these passwords. With all the special characters with multiple combinational used in the passwords, it is really hard to remember them. But with this tool (read below), you can create your own unguessable passwords without worrying to remember it.

Read more…

Beware for all Yahoo mail users. Don’t open email that came from av3@yahoo.com address with subject “New Graphic Site“. A new worm targetting Yahoo Web based email has been spotted in the wild. The worm targets address with the yahoo.com and yahoogroups.com.

This worm arrives as a message containing Javascript. When the user open the email, the worm will spread to other users in Yahoo address book.

Cypher says: Thats why I use Gmail as my primary email.

Yahoo Mail Worm Harvesting Addresses [TechWeb] [tags]worm, internet worm, yahoo[/tags]