Security

Firefox and IE Vulnerable to Password Theft

25 November 2006 3 Comments

A software security researcher has warned that the password manager features of Mozilla’s open source, Firefox 2.0 and Microsoft’s (Nasdaq: MSFT), Internet Explorer (IE) Web browsers could be exploited, placing unsuspecting users at risk.

Users of Firefox or Explorer, both of which may be vulnerable to the attack known as “Reverse Cross Site Request” (RCSR), are not fooled directly by the password theft exploit. Instead, it provides a fake login site that fools a browser’s saved password feature into automatically providing the information, Robert Chapin, president of Chapin Information Services, reported.

Microsoft and Mozilla acknowledge about this probem. While waiting for the next update for this security issue, please disable Passwod Manager in your Firefox.

[via TechNewsWorld][tags]firefox, ie, security, vulnerable[/tags]

Cypher: Btw incase you don’t know yet, you also can discover saved passwords in Firefox. It is really dangerous if your computer use by multiple users.

Hack ATMs using MP3 Player

17 November 2006 9 Comments

According to The Times of London, a criminal gang in U.K was able to steal confidential banking data by bugging ATMs with a MP3 player.

The gang tapped the phone line between the targeted freestanding cash dispenser ATM and a wall soket by placing a two-way adaptor on it and connect it to a MP3. The electronic noise from the data traffic will be recorded into the MP3 player and will be interpreted by using a modem line tap or using special software program.

They managed to get copies of credit cards and make purchases worth $380 000 according to The Times.

[via CNET News] [tags]atm, mp3, player, hack, handphone[/tags]

Cypher: How about if we tapped the phone line by using handphone. Then we transfer the recorded noise to a software to interpret the data. Just an idea. :d

AVG Free 7.1 will be discontinued on Jan 2007

1 November 2006 Leave a Comment

logo avg trans 1

Starting 15th Jan 2007, AVG Free 7.1 version will no longer be free. So get AVG Free 7.5 instead. 🙂

GRISOFT is announcing a new version of the AVG Anti-Virus Free Edition. This new 7.5 version with improved performance and user interface is available. Users that are using AVG Free 7.1 will be provided with a specific dialog, within the next few weeks, with the opportunity to choose the right option fulfilling their needs. AVG Free 7.1 version will be discontinued on 15th of Jan 2007.

Link: AVG Free Advisor [tags]avg, avg free, avg free edition, antivirus[/tags]

Vulnerability found in IE7

20 October 2006 8 Comments

Edit: This report is not accurate. For more info, read this news. [Thanks to aMer]

IE7 launch 2 10 After few days Microsoft released Internet Explorer 7, new vulnerability has been found in this software. This vulnerability can be exploited by malicious people to disclose potentially sensitive information.

Secunia had make a demonstration tool which is you can check whether your IE7 is vulnerable or not. The test will try to read content from Google News in the context of your browser. This vulnerability is caused by due to an error in handling of redirections for URLs with the “mhtml:” URI handler. And this weak spot can be exploited to access documents served from another web site.

Right now, there is no patch for this vulnerability. But for the moment, you can disable active scripting to prevent from this exploit.

Cypher: Wondering how much new vulnerabilities will be discovered by “techie” guys… 😕 [tags]vulnerable, exploit, ie, ie7, microsoft[/tags]

UTM server block FeedBurner access

15 October 2006 6 Comments

Duh… Check out this screenshot below. My university, UTM has block access to FeedBurner. But it doesn’t block the whole domain, it only block access to feed reader counter only.

The script that blocking the page is WebMarshall. I think this is a new security script that UTM impliment to protect the network from malicious attacks. And I also noticed that they had tighten the security level on their server because last night I can’t access some of websites that I usually visits.

By the way, I must say that this is a good action taken by UTM. Because if they don’t install these security scripts, students computers will be in more vulnerable and danger. Before this, many computers in UTM got attacked by Brontok virus. And recently, virus Ravmon attacks are on the rise. By implimenting this security protection, atleast it can reduce the risk to get infect.

But anyway, please don’t block websites that are not harmful… Duh… 🙁 [tags]utm, webmarshall, brontok, ravmon, malaysia[/tags]

Edit: Here is another screenshot from WebMarshall script.

« Previous Page