From Internet Explorer to Mozilla Firefox to Google Chrome – that’s the path that many computer users have followed in the past years. Personally, I have stuck to Mozilla but I do use Chrome every now and then when I want things to go much faster. But did you know that Google’s streamlined browser has its share of security issues as well?

This is not really that surprising. After all, most any product you see in the market will be exploited by those who want to do so. In any case, Google has come out with updates to their browser, making it more secure for us users.

The most recent update for Google Chrome fixes some issues on how the browser handles Javascript and XML. For the Javascript engine, the fix makes sure that an infected web site will not allow malicious Javascript to run arbitrary code. You and I know very well that the phrase “run arbitrary code” simply translates to “install malware.” With this problem supposedly fixed, Chrome is definitely safer.

Another fix deals with the possibility of a web page using XML to, again, run arbitrary code. This happens when the malicious XML crashes a Chrome tab.

Last, the Chrome update will not allow you to connect to “HTTPS (SSL) sites whose certificates are signed using MD2 or MD4 hashing algorithms.” The reason for this is that these algorithms are prone to hacking and that it is relatively easy to pose as a fake HTTPS site.

For more detailed info, read it from Google’s own blog.

Photo courtesy of Ivan Zlatev

Categories: General, Google Chrome, Malware, News

Leave a Comment

This piece of news is not so good for Mozilla. It had to shut down the operations of its online store late on Tuesday because of an alarming finding. The fact is that the firm that Mozilla had hired to deal with their backend operations has suffered a security breach. Mozilla immediately issued a statement about the issue:

Today, Mozilla discovered that GatewayCDI, the third-party vendor entrusted to run the backend of the Mozilla Store, suffered a security breach. Once notified, we took the immediate preventative step of shutting down the Mozilla Store to ensure that no additional users could be compromised.

And just to be sure, the company immediately shut down the international version of their online store. While this was not really necessary since the international edition is being maintained by a separate company, Mozilla still shut it down as a precaution. As of this writing, there is no news yet as to the whether the security breach has been fixed. Indeed, Mozilla did not even really divulge details as to the nature and extent of the breach. I guess it is enough that they owned up to the issue and that they took immediate steps to stop the problem before it became serious.

And in case you were not aware of what Mozilla offers in its online store, this is where you can get T-shirts, coffee mugs, backpacks, mouse pads, and all sorts of other things that you can buy with the popular Mozilla logo prominently printed on them.

Moral of the story? Even one of the best IT companies in existence today is prone to hacking. Us “mortals” should learn from this.

Categories: Firefox, General, News

Leave a Comment

The world of cyber-crime has grown so much in these past few years due to the explosion of growth with respect to the number of internet users the world over. It has not only expanded on the side of normal people but on the side of cyber-criminals who now operate on their own networks, spanning the globe and ready to spread their products, malicious code that first scans the globe for weak points in the security net that we all put up to somewhat give us a sense of security from the ever-growing threat which is actually futile to some extent. Read the rest of this entry »

Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies

Leave a Comment

You’d think that men, who are supposed to be better at maths and similar subjects, would be better at online security as well. According to an online survey, though, the opposite is true. Carrie Anne Skinner reports:

When it comes to online security, men are less savvy than women, according to PC Tools.

Research by the security firm revealed that 47 percent of men use the same passwords when signing up to online banking and shopping facilities, compared to just 26 percent of women.

I can think of several reasons for this. One, men are notorious for forgetting details, and passwords are one of them. If you think about it, it is only understandable that the men would tend to use one password for most of their accounts. Two, men tend to have this feeling of invincibility. It’s that machismo factor that gets them into fights. They think that they’re not going to get hurt. Yes, it happens to others, but not to them. The same article confirms this:

Men have a more cavalier attitude to email attachments, with 60 percent admitting to opening them immediately without checking to see if they are legitimate, but only 48 percent of women do the same thing.

This is not to say that they are not AWARE of the potential threats. In fact, the same study showed that men knew more about the threats than women did. It really is just the attitude that makes a big difference. Well, maybe that’s why men have more viruses and other malware in their toys.

Categories: E-mail, General, IT Security Basics

Leave a Comment

Cool! But wait – Microsoft is giving away something for FREE? Am I dreaming? You better believe it, though. The software giant is jumping into the freeware fray with their latest security product. Dubbed Microsoft Security Essentials, the program is designed to detect, find, and kill malicious software that might find its way into your computers.

The beta version will be released next week. In the meantime, the company is continuing to develop the full version of the product, which is slated to be released in the fall. The security software is not going to be bundled with Windows 7, as this may provoke anti-trust issues, which Microsoft has had more than its share of. Still, critics have not been slow to point out that the description of the product is flawed and misleading.

David Cole of Symantec has stated that it is NOT an essential security solution. He also pointed out that users still need protection such as firewalls, spam fighters, and other features that are included in subscription products.

So what does Microsoft Security Essentials really offer? According to Theresa Burch, the program will try to spot malicious software, even if it is not part of the database of known threats. Once the suspicion of the software is aroused, it will first check with online servers before allowing the program to run. Users do not have to worry about the program interfering with trusted sources, however, as there will be a list of those, such as Google Toolbar.

I think I’ll see what it has to offer next week.

Categories: General, Malware, News, Spyware

Leave a Comment

If there is one thing that a lot of people do but deny doing so, it is buying fake software. This is actually understandable if you think about it. Licensed software is just so expensive and with the way things are going financially right now, people are always looking for ways to save a dime here and there. And if you buy unlicensed software, you will definitely save more than a dime!

Then again, if you are talking about security software, I do not really think that it is such a good idea to buy fake software. After all, you are talking about staying safe here, and who knows where all that fake software comes from?

Microsoft has actually issued statements regarding fake security software. Naturally, many will be skeptical about the statements – it is from the largest software company in the world. Of course they will tell you to stay away from fake products, right?

But they do have a very valid point, one which we will all benefit from. Canada.com has a report on this:

Fake computer security software, created by cyber criminals as smokescreens for viruses, is the No. 1 threat to computer security in Canada, software giant Microsoft said Wednesday in its latest biannual security report.

And experts blame hackers for playing on people’s fears of infectious malicious software, such as the Conficker worm.

According to Microsoft’s report, rogue security software, also called scareware, was found in 5.9 million computers, a rise of 66 per cent in the last six months.

What should you do? Make sure you are buying 100% legit software.

“If you see a message pop up (from a website) no matter how dire it is don’t click on it because almost 100 per cent of the time that message is a fake message,” said Mohammad Akif.

“Norton, Symatec, Microsoft — none of these companies sell their software this way.”

Sounds like a plan to me!

Categories: General, IT Security Basics, Malware, Spyware, Tips

Leave a Comment

If you have not heard, the RSA 2009 security conference was held in San Francisco in the past week. This conference is a significant one in the industry, and even more so now since we have been facing many different and new threats cropping up here and there. This year, however, what I have been reading about the RSA is not that good. A lot of people are saying that it came a little flat.

John Oltsik of CNET blames the economy for this. He also points out three other reasons:

1.The speakers. The keynote speakers really had nothing new to say. This was especially troubling because the lineup looked so strong. Unfortunately, the most disappointing speaker of all was President Obama’s cybersecurity point person, Melissa Hathaway, who read from a script and said next to nothing about her cybersecurity research effort. Hathaway underwhelmed an audience of security professionals, missing an opportunity to bond with a constituency whose support is critical to her success.

2. The topics. In the past, there was always one topic at RSA that grabbed everyone’s attention. Not this year–same old tired stuff.

3. The vendors. I’m now convinced that most security vendors have no conception of what their customers need. Vendors pitch point technology solutions while users are crying for help to secure their IT-based business processes. There are really only a few security vendors that recognize this. I can’t overstate how much this disconnect alienates the security community.

It is pretty depressing, isn’t it? Do you have other perspectives that might give us more positive views?

Categories: General, News, Security Policies

Leave a Comment

And I thought Apple was unhackable. That goes to show that there seems to be no such thing these days. After all, most everything has a “hole,” and it is only a matter of finding that hole and exploiting it, right?

Security expert Charlie Miller will surely agree with you, and unlike me, he can back up his statements too! Charlie Miller is known for hacking a MacBook Air last year. He did this feat in less than two minutes, and won $10,000 for it. He did not stop there, though. About two weeks ago, Miller joined another contest; this time to hack Safari.

He said that he discovered a hole in the security last year. This hole, when exploited, can give a remote user control of the machine. Miller was able to demonstrate how this is possible in about 10 seconds! This is how he did it: he got the computer user to click on a link (a “malicious URL”) and voila, in one click, he had control.

Naturally, the contest rules stipulate that Miller cannot disclose exactly how he got it done. He said, however, that he told the people at Apple the details of what he was planning to do. At the end of the day, everyone walks away happy. Miller gets his cash prize and the MacBook he used to boot. Apple, on the other hand, gets to discover a bug AND fix it as well.

As for us mere mortals, it just goes to show that we should be careful in clicking.

Photo from http://www.flickr.com/photos/colinzhu/542471747/sizes/s/

Categories: General, Web browsers

Leave a Comment

Seems everybody is out for cheap deals on just about everything and who wouldn’t be in this recession where cash is hard to come by and jobs are being shed by the thousands. Now, there are truly some honest cell phone deals out there but you have to be sure you’re getting the right stuff. Having the latest phone gadget might be one thing but keeping that new phone secure from hacks is another. Sure you can get it cheap from the internet but how sure are you you’re getting the real stuff.
Criminals are becoming craftier than ever and they have even managed to copy branded products complete with all the security stickers and holographic security seals with them. They can also be pre-loaded with malware for the amount of computing power they pack is enough to emulate an ultraportable, in function that is. Just how dangerous are these hacking attempts, for mobile devices using Windows very dangerous for there is a group bent on exacting damage on the software giant.
ensuring you have the latest updates to your operating system is vital to maintaining your ability to fend off attacks. Having intrusion prevention systems installed is also a good thing for like your PC, they also need protection. Given the power of these gadgets and their ability to connect to the internet, they are not immune to attack. Let’s set this as an example, an unprotected PC connected to the internet for the first time will last an average of 15 minutes before it is hacked and compromised. Now you do the math for your mobile!

Categories: Cryptography, E-mail, General, IM, IT Security Basics, Malware, News, Privacy & Anonymity, Real-World Issues, Spyware, Tips, Web browsers, Wireless Security

Leave a Comment

Blogs are the in-thing today and everybody on the planet wants to have one. Wordpress being one of the most trusted and used platforms has suffered a great deal from the relentless attacks conducted by hackers who use it for spreading malware to the millions of users on the platform. Another weak link in the blogging trends are the millions of hosting companies, who all want to host as many people on earth they can so they earn as much profit as possible. These hosting servers and service providers might smell good on the outside but can be quite rotten on the outside so getting the right information on the hosting service you aim to use is vital for the survival of your blogging efforts. Web hosting review sites have sprung all over the place and are proving to be the best source of information for budding bloggers and SEO marketers. They offer unbiased information regarding the several or so hosting services giving you the tools to determine the best web hosting information around. These analytical tools may spell success or failure for your blog and thus SEO efforts, so don’t go out without them.

Tags: Cost Analysis, Hosting Information, Web Hosting, Web Hosting Reviews

Categories: General, IT Security Basics, Malware, Real-World Issues, Tips

Leave a Comment