Hackers reach beyond Windows, IE

Discussion in 'other security issues & news' started by ronjor, Mar 21, 2005.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,749
    Location:
    Texas
    Article
     
  2. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Indeed, I have read several articles where vulnerabilities in Firefox are being exploited.
    For IE users, a good and free anti-phising software could be the Earthlink toolbar for IE. It is free and is reasonably good for the average net user.
     
  3. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    Is firefox 1.1 going to have better protection?

    Now malicious things are targeting firefox is firefox preparing itself for the spyware hackers etc....

    And the toolbars that are going to be compatible with it will it protect against spyware not only pop upso_O
     
  4. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    Last edited: Mar 21, 2005
  5. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Thanx Ron!!

    As long as M$ doesn't do anything regarding their Active-x policy, things will not change... :'(
     
  6. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    they are saying that firefox is not that good??

    That now it wont be so secureo_O
     
  7. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    Could be...But they are at least faster then Microsoft for fixing their holes :)
     
  8. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Well, the shape of things to come depends a lot also on the popularity of Firefox. If the popularity factor soars, several compatible privacy protection software will come in the market. Yahoo! is already working on introducing the Anti-Spy Yahoo toolbar for firefox. Now, Anti-spy is powered by CA's Pest-Patrol.

    After all, a buzzing market is a must for a product to allow complementary products to crop up.
    Just look at IE...a plethora of tools are available to plug in the holes left by RICH Bill's guys.

    So, its essential that this beautiful piece of browser called Firefox flourishes even more. With growing popularity will come discovery of vulnerabilities and tools to plug these as well.

    Abhishek
     
  9. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    Hopefully more companies support firefox not only yahoo.

    I have Microsoft antispyware, Spybot-search & destroy and adaware se.
    And when i get the yahoo toolbar with antispyware protection it will be like having pestpatrol as well??

    You know the free browser Avant Browser it free like mozilla can't it fuse together to make a better producto_O?
     
  10. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    I think Bill Gates said that once when he thought about how Windows should be :D purchasing everything and everyone...and imho I think they will have or all ready had contact with Firefox for whatever reason ;)

    I think it's the nature of the beast if I may say this?

    Inf.
     
  11. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    Avant uses the rendering engine of IE. Firefox is based on the Gecko engine.

    If you want a browser that is a marriage of Firefox and IE, then you can check out the Netscape 8 (Beta). It is a healthy mixture of both these browsers and provides a good secure browsing environment alongwith maximum compatibility with different websites. You can actually CHOOSE which engine you prefer to view A particular webpage in realtime. I have tested it and its stable.

    If you try it, do let me know how it worked for you.

    Take Care
    Abhishek
     
  12. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    wats the advantage of firefox and wats the advantage of netscape 8o_O
     
  13. abhi_mittal

    abhi_mittal Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    887
    Location:
    Bangalore
    You want a mixture of Avant and Firefox. Since Avant is based on IE technology, a mixture of IE and Firefox will do good.
    The main advantage of firefox is that it doesnt allow Active-X controls which install spyware on your PC. It can also be customized as per your prefernces with various free extensions. On the whole, its much more secure than IE as of now. But, the only problem is that some websites are not compatible with Firefox, so you have to use IE.

    So why not use a product that has both the engines and you can choose which engine you want for a particular website.

    Hope you found this useful.

    Abhishek
     
  14. chaos16

    chaos16 Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,004
    yep thnx alot

    but i hope firefox improves with its protection and stability.

    hopefully it stays ahead of threats.(firefox)
     
  15. JamesBown

    JamesBown Guest

    I think you meant to mention this. But to clarify this is Netscape 8.

    As for all the nay saying about firefox, let me be frank, this is not the first article to came out talking about how firefox will be exploited, how there will be spyware for firefox etc etc.

    Are there exploits listed in Secunia? Sure. But are they serious? When was the last time you heard a firefox user getting hit, and I mean not that he tried on purpose (eg most of those idiots who wanted to see Java in action "bypass" firefox and so clicked Yes for fun ).

    Remember even if exploits do exist for firefox, Opera, etc, does that mean you will run back to IE like a scared rabbit? Of course not, nothing is perfect, but some browsers will still be more secure than others.

    To lose sight of that, merely because there is some minor exploit that requires user intereaction is to fall into the trap of those spreading FUD.
     
  16. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Personally, I use the PrefBar extension and that works for both mozilla and firefox, it can be found at http://prefbar.mozdev.org/

    You can have tick boxes visible in your browser that allows you to easily turn off javascript, java, images, flash, popups, animation and warn about all cookies (and optionally just allow them as session cookies so that the site still works...)

    Its a very good idea to leave most functionality off until you need it... and this makes it easy to do so
     
  17. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    *The Ronjor's link is interesting, especially because web applications attacks will be more frequent for home users.
    And browsers can be infection vectors of many threats:

    http://www.securityfocus.com/columnists/306

    *Here some tools available against phishing and idn/url spoofing:

    -Phishguard: http://www.phishguard.com/

    -spoofstick: http://www.corestreet.com/spoofstick

    -Spoofguard; http://crypto.stanford.edu/SpoofGuard/

    -Spoofchecker: http://www.jroller.com/page/hatano/20050209

    *Against phishing for instance, Microsoft will try to prevent the problem by using authentication solutions: http://www.compliancepipeline.com/159900427

    Even if Bruce Schneier thinks it could not be a panacea:
    http://www.schneier.com/blog/archives/2005/03/the_failure_of.html

    *About the IDN vulnerability, the new versions of Mozilla and Firefox (1.0.1) are not totally convincing for many people:
    http://www.jroller.com/page/hatano/20050228

    Anyone can test his browser on the next link.
    If Spoofstick is installed, there will be an alert by clicking on the fake sites:
    "Warning:Homograph detected": http://www.retrosynth.com/misc/phishing.html

    A recent vulnerability has been found for firefox:
    http://www.securitytrap.org/mail/full-disclosure/2005/Mar/0371.html

    In all case, the best prevention is the Prudence.

    Regards
     
Loading...
Thread Status:
Not open for further replies.