security blog » firefox

Zero-Day IE Exploit Takes Control of PCs

elamb.security — Mon, 28 Nov 2005 22:36:44 +0000

Yikes, all you have to do is browse to the affected page. Glad I have Firefox!

Firefox tops IE on security. Update IE early and often. Make sure you lock IE down or simply disable it and use Firefox. But be aware that Firefox still has some limitations.

IE is swiss Cheese!!

Firefox Still Tops IE for Browser Security

elamb.security — Sat, 08 Oct 2005 04:57:31 +0000

The number of security holes that occur isn't as telling as how they're handled.

Here is the skinny. FireFox actually has more security issues
than Internet Explorer, but the thing is that it usually takes
Microsoft weeks to fix security issues. This gives malicious code
writer PLENTY of time to create and distribute something juicy.

“Mozilla is forthcoming about vulnerabilities,” Levy said, whereas “it takes Microsoft far longer to acknowledge vulnerability.”

Now here is another thing about Microsoft (and CISCO) they lie and
cover up some of the security flaws. This is probalby because of
reputation and shareholder protection or who knows what other
beauracracy and formalities.. but FireFox is very fast.

I was at Defcon 11 and I recall some Gray Hats found a few flaws in
Microsoft products (serious ones… nothing new about that). They attempted to submit these
flaws to Microsoft and other companies and were completely
ignored. Sometimes it seems giant corporations can only put out
fires instead of prevent them.

Here is an example of how slow the Microsoft people are on security —> 6 Month old exploit.

Cleaning Internet Explorer

elamb.security — Wed, 05 Oct 2005 07:34:51 +0000

IE 6.0 and below suck. Honestly, it is updated a few times every other
month with SERIOUS security issues. Those security issues are
constantly exploited by spyware and spam. It really is ridiculous
how much business Microsoft has given to spammers.

Switching to FireFox, or Opera

FireFox is the Shiznit!

CLEAN IE, DOWN AND DIRTY:

1) Get Rid of Cookies.
Do a search on your entire computer for cookies just as you would search for ANY file. Type in “cookie” in the search app
2) ADD/REMOVE SpyWares
Next uninstall the blatant crap on your system: Go to Add/Remove
Programs | look for applications like “search” or “accelerator” or
“optimizer”. Don't just arbitrarily remove stuff, only remove
stuff you know it crap. If you not sure, google it.
3) Get the TOOLS
Next download “adaware” its free on majorgeeks.com
Another good one is CWShredder and Hijackthis (use with great
caution. In fact, don't use it without reading up on it.)
4) USE SAFEMODE
Boot into safemode and use all your new found tools.
Safemode only runs your essential processes.
Get to safemode by rebooting and hitting “F8″ like crazy as computer starts to come up.

This should clean your system unless you have some very special Trojans
or RootKits on your system. If the problem is really bad you can
always back up your important data and reload Windows from scratch.

EXCLUSIVE: New security flaw in IE

elamb.security — Thu, 29 Sep 2005 22:29:23 +0000

The problem lies in the way Microsoft has implemented a JavaScript
component in its Web browser, security researcher Amit Klein wrote in a
research document. Internet Explorer does not validate some data fields
provided by a PC when the component, called XmlHttpRequest, is used, he
wrote.

This affects IE 6 (even with Window XP SP2). It can be thwarted by setting the security to “High.”

This just another example of how bad IE is and how vulnerable our
browser can be. Once again I recommend switching to Firefox.

Lets hope and pray that IE 7 is not as flawed as all previous versions of Internet Explorer.
read more | digg story

Some feeling on Windows

elamb.security — Sun, 25 Sep 2005 08:45:59 +0000

Windows Vista is the next version of the Windows operatings system.

I must admit, Microsoft has evolved greatly from one operation system
to the next from a security and functional perspective. Many
geeks complain about Windows and say that Linux is way better or that
the HATE Microsoft and Bill Gates (the Anti Christ), but 98% of those
geeks use Windows and many of those use it as their main box.

I like Windows 2000 on up. Sure there are issues but I can't use
a Linux box to play Age of Empires (or at least I don't think you can).

I love Linux but many times when I come home from work I just don't
feel like messing around with a computer for anything except
entertainment. I use my *nix OSes for testing, trouble shooting,
hacking and pentesting. My biggest issue with Windows (besides
Microsoft) is Internet Explorer… I really don't use it so I guess its
not that big of an issue. Hopefully, IE7 will be as good as
Firefox.

Spending too much time aimlessly on the internet?

elamb.security — Tue, 28 Jun 2005 04:22:01 +0000

Combines FireFox live Bookmark update feature with Del.icio.us and organize them by time.

Neat tip on how to save time while browsing the internet using Firefox and a Del.icio.us account.