Firefox

Firefox is one of the most important inventions in modern history.  Not only did it directly challenge the monopoly of the web browser industry by microsoft’s internet explorer, but it was innovative as well.  Another GPL product, Firefox has an endless number of plugins and extensions available to the end user.  All made to make your online life easier.  Firefox is also the most secure browswer on the web.  Opera is decent but is quirky and doesnt have anywhere near the number of developers making extensions for the browser.  Many of you have probably downloaded firefox at one time or another but because of a lack of time or experience never got familiar with the program. Please check out this article about browser safety.  One of the many benefits of working with us in one of our easy to understand training classes is we go over all recommended Firefox extensions and custom tailor a web browsing experience made for you.  Did I mention we also work remotely?

• 0

GPL.  What the heck does that mean?

For the common good.

GPL stands for General Public License and refers to all free software available on the internet used for the common good of mankind.  Usually this software is made available by the developers in order to promote further development by private individuals.  Collaboration between great minds working towards a common goal is truly the only way we as humans can evolve from our current selfish state.  Companies like Mozilla, Open Office, Linux, and others are advancing end user technology at lightning speed.  So why is this important to you?  Because you can stop paying for expensive software programs! Anti-virus, disk cleaners, registry cleaners and productivity software are all free and usually much more functional than their pricey counterparts.  In our training classes and our 1 on 1 sessions we teach our students how to leverage the latest and greatest free software to streamline not only their computer and internet activity, but their lives as well.

• 0

Microsoft Internet Explorer is the world’s most popular web browser and is installed by default on every Microsoft Windows system. Unpatched or older versions of Internet Explorer contain multiple vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The most critical issues are the ones that lead to remote code execution without any user interaction when a user visits a malicious web page or reads a malicious email. Exploit code for many of these critical Internet Explorer flaws is publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in other core Windows components such as HTML Help and the Graphics Rendering Engine. During the past year, hundreds of vulnerabilities in ActiveX controls installed by Microsoft and other software vendors have been discovered. These are also being exploited via Internet Explorer.

Mozilla Firefox is the second most popular web browser after Internet Explorer. It also has a fair share of vulnerabilities. In 2007, it has released several updates to address publicly disclosed vulnerabilities. Similarly to Internet Explorer, unpatched or older versions of Firefox contain multiple vulnerabilities that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The web sites exploiting the browser vulnerabilities typically host a several exploits, and even launch the appropriate exploit(s) based on which browser the potential victim is using.

With the explosion of rich content in web sites, a parallel increase has been seen in the number of Browser Helper Object and third-party plug-ins used to access various MIME file types such as multimedia and documents. These plug-ins often support client-side web scripting languages such as Macromedia Flash or Shockwave. Many of these plug-ins are installed (semi-)transparently by a website. Users may thus not be aware that an at-risk helper object or plug-in is installed on his/her system. These additional plug-ins introduce more avenues for hackers to exploit to compromise computers of users visiting malicious web sites.

In October 2007, for example, systems running Windows XP and Windows Server 2003 with Windows Internet Explorer 7 were found not to handle specially crafted Uniform Resource Identifiers (URIs) properly. By creating a specially crafted URI in a PDF document attackers were able to execute arbitrary commands on vulnerable systems.

While some plug-ins such as Adobe Reader and Quicktime perform version checks and provide an update feature, these are often bothersome and ignored by users. It is often also difficult to detect which version of a plug-in is installed. For example, systems may have different versions of Shockwave installed for reasons of backward compatibility, but the user cannot easily discover which version or versions are running.

These flaws have been widely exploited to install spyware, adware and other malware on users’ systems. The spoofing flaws have been leveraged to conduct phishing attacks. In some cases, these vulnerabilities were zero-days i.e. no patch was available at the time the vulnerabilities were publicly disclosed. Many reported plug-ins were also widely exploited by malicious web sites before patches were made available by the vendor.

In 2007 alone, Microsoft has released multiple updates for Internet Explorer.

How To Protect Against These Vulnerabilities:

• If you are using Internet Explorer on your Windows XP system, the best way to remain secure is to upgrade to Windows XP Service Pack 2. The improved operating system security and Windows Firewall will help mitigate risk. For those unable to use Windows XP with Service Pack 2, switching away from Internet Explorer to an alternative browser is the safest path.
• Users should upgrade to version 7 of Internet Explorer, which provides improved security over previous versions. The latest version of Internet Explorer, IE7, is being distributed by Microsoft as a Critical Update (KB926874)
• Keep the systems updated with all the latest patches and service packs. If possible enable Automatic Updates on all systems.
• Pay attention to Microsoft Security Advisories; implementing suggested mitigations before the patch becomes available could alleviate exposure to zero day attacks.
• To prevent exploitation of remote code execution vulnerabilities at Administrator level, use tools like Microsoft DropMyRights to implement “least privileges” for Internet Explorer.
• Prevent vulnerable ActiveX components from running inside Internet Explorer via the “killbit” mechanism.
• Many spyware programs are installed as Browser Helper Objects. A Browser Helper Object or BHO is a small program that runs automatically every time Internet Explorer starts and extends the browser’s capabilities. Browser Helper Objects can be detected with Antispyware scanners.
• Use intrusion prevention/detection systems, anti-virus, anti-spyware and malware detection software to block malicious HTML script code.
• Windows 98/ME/NT are no longer supported for updates. Legacy users should consider upgrading to Windows XP.
• Consider using other browsers such as Mozilla Firefox that do not support ActiveX technology.

To configure the security settings for Internet Explorer:

• Select Internet Options under the Tools menu.
• Select the Security tab and then click Custom Level for the Internet zone.
• Most of the flaws in IE are exploited through Active Scripting or ActiveX Controls.
• Under Scripting, select Disable for Allow paste operations via script to prevent content from being exposed from your clipboard. Note: Disabling Active Scripting may cause some web sites not to work properly. ActiveX Controls are not as popular but are potentially more dangerous as they allow greater access to the system.
• Select Disable for Download signed and unsigned ActiveX Controls. Also select Disable for Initialize and script ActiveX Controls not marked as safe.
• Java applets typically have more capabilities than scripts. Under Microsoft VM, select High safety for Java permissions in order to properly sandbox the Java applet and prevent privileged access to your system.
• Under Miscellaneous select Disable for Access to data sources across domains to avoid cross-site scripting attacks.
• Ensure that no un-trusted sites are in the Trusted sites or Local intranet zones as these zones have weaker security settings than the other zones.
• Microsoft has published a “Internet Explorer 7 Desktop Security Guide” to enhance Internet Explorer security. It examines the new features and setting that can be modified to provide a more “locked down” security configuration for Internet Explorer 7.

To configure the security settings for Firefox:

• Select Options under the Tools menu.
• Further customization of Firefox configuration can be obtained at http://kb.mozillazine.org/About:config.

To update the plug-ins used by the web browsers:

• Most plug-ins come with “Check for Updates” feature. It can usually be found under “Options”, Preferences” or “Help” menus.
• Select the “Check for Updates” to ensure you have the latest version of the software.

• 0

Most people are unaware of the far reaching implications of Google’s domination of everything internet related.  Nearly everyone who has ever used the internet has used Google.  Google is the modern day wheel! Not only does Google trade at over 400 dollars per stock, but search is just a portion of all the company has to offer.  The reason I bring all this to your attention is because we are in the information age, and those who control the information, control the world.  In this day and age the term knowledge is power has never been more relevant.

Think about it! Where do you go to find your local hardware store?  Where do you go to find directions? Or learn about that rash on your ankle, or find out what that rattling noise in the car is? How do you keep track of your friends and family?  With Google, you can even see your house from space! Consider this, there was the stone age, iron age, bronze age, and fast forwarding centuries later, we are in the information age and the tools of today are the computer and software like Google.  Do you know how to use the tools of our day?

• 0