----------------------------------- mimi_44 Thu 01 May, 2008 Hackers Focus Efforts on Firefox, Safari ----------------------------------- Hackers Focus Efforts on Firefox, Safari Many people are switching from Internet Explorer to alternative browsers such as Firefox and Safari. Though that might make them feel more secure, the shift has also opened new doors for bad guys. Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard. So forget the idea that just because you've switched to a new browser, you're magically safer. You may be for a time, but to stay safe with any software, you need to keep current with fixes. Firefox Holes In a somewhat dubious recognition of Firefox's growing popularity, hackers have focused their attention on it, leading to a rash of newly discovered holes. The folks at Mozilla recently released two Firefox updates in less than six weeks, fixing a total of five critical security vulnerabilities. All five can be exploited by planting a poisoned JavaScript file in a Web site and waiting for you to stumble across it. In an actual attack--neither the Safari nor the Firefox bugs have elicited one so far--a bad guy could take over your PC or steal your navigation history. The latest versions of Firefox--2.0.0.13 on--will stop all five bugs. Mozilla's Thunderbird and SeaMonkey are also at risk (if you have JavaScript enabled), so download updated versions. Safari in the Wild Safari 3.1 patches 13 holes affecting Mac OS X, Windows XP, and Windows Vista. Think you're safe because you don't have Safari? You may have it without realizing it. Apple now distributes its browser with iTunes updates. Forget to uncheck a box in one of these updates, and it's there. The Safari holes could allow an attacker to trick you into thinking that a fake site is really your bank site, or to take over your PC via a poisoned page. Download Safari 3.1. Office Bugged Again Microsoft recently released four patches that fix a dozen dangerous holes in Office. I warned you about one of those holes--a zero-day attack on Excel--in April. Be sure to apply the patches, if your system doesn't install them automatically. Get the four new Office patches and more info. (You are not affected if Microsoft Office 2007 is the version you use.) No sooner had Microsoft shipped those patches than the company acknowledged the existence of yet another bad Office bug that needs patching. And this one is urgent because some users have already been attacked. Luckily, Windows Vista, Windows Vista SP1, and the beta version of Windows XP SP3 are not at risk because they ship with a newer version of the affected "Jet" database. But earlier versions of Windows are vulnerable, as are all supported versions of Office, including Office 2007. Becoming a victim of the bug involves saving two files to your PC's hard drive--one a mail-merge file that uses the database engine. There was no patch at press time. For more information, read Microsoft's advisory. POSTED by: PC World Friday, April 25, 2008 P.S. I use Flock. Any info or remarks on it? ----------------------------------- Mop Thu 01 May, 2008 Re: Hackers Focus Efforts on Firefox, Safari ----------------------------------- I was wondering when this would happen. No one is safe these days from hackers it seems. What goes on in their minds I wonder. Shit happens. Every day. Flock. Never heard of it. ----------------------------------- peiratns Thu 01 May, 2008 Re: Hackers Focus Efforts on Firefox, Safari ----------------------------------- What is that M$ propaganda? The author of this article, whoever s/he is affiliated to, is not mentioning that F/OSS such Firefox are developed much faster and because they are open to scrutiny their bugs can be found easily by the community of developers/users and corrected in speeds that M$ and the rest of proprietory software developers can only imagine in their dreams. What a bunch of Bull: Case in point: We have no IE bugs to report this month, but both Firefox and Safari have been hit hard. ----------------------------------- jkf Sat 03 May, 2008 Re: Hackers Focus Efforts on Firefox, Safari ----------------------------------- There are bug fixes done all the time in Firefox and its peers, you can even download the daily interim betas before they collect enough fixes and make a public release. The Open Source community will not and cannot hide fixes that are put in so they are much more trustworthy than change notices that microshit puts out. For the most part, a person cannot verify what exactly got changed in IE except for taking microshit's word for it, unless you work for them and work in the IE development area. As for Firefox, anyone can view the exact line of code that was changed, if anything was really changed, and its documented so that others can verify that it was and why it was done. We have to be careful about putting 100% trust in these stories in that they are starting to sound an awful lot like the news reporters that are cooking up good stories or adding a few extra twists into their stories to create sensationalism so people would take notice and they can build up their names. The difference being, what happens to celebrities do not affect our lives directly in most part... But most bad things that happen to our computers will imediately give us severe grief and most of these people writing these articles aren't that computer savvy as they pretend to be. You can never assume that there were no problems found for IE... maybe there were problems found in IE but not reported because it hasn't been fixed yet and that would be embarrassing to them ... :lol: ----------------------------------- peiratns Sat 03 May, 2008 Re: Hackers Focus Efforts on Firefox, Safari ----------------------------------- J. you are making some excellent points there: The Open Source community will not and cannot hide fixes that are put in so they are much more trustworthy than change notices that microshit puts out. For the most part, a person cannot verify what exactly got changed in IE except for taking microshit's word for it, unless you work for them and work in the IE development area. Touche! F/OSS by default makes the source code available to all to study, learn and modify as they please. When an F/OSS project has many users/developers (e.g. Firefox) bugs are discovered very quickly. Malicious code also can not be hidden easily due to the fact that many people can examine the code. Imagine now in M$ a disgruntled programmer that decided to mess with IE. How long will it take the rest of the M$ team to find out? Think about it! We have to be careful about putting 100% trust in these stories in that they are starting to sound an awful lot like the news reporters that are cooking up good stories or adding a few extra twists into their stories to create sensationalism so people would take notice and they can build up their names. ...these people writing these articles aren't that computer savvy as they pretend to be. When I read the title of the article "Hackers Focus Efforts on Firefox..." I expected to read about development efforts on Firefox or something along this line. The author of the article better do some research on the meaning of "hacker". Mass media twisted the true meaning of the word. When you read an article that uses the word "hacker" to have the meaning of "cracker" then stop reading it, or if you want to continue read it from a very skeptical position. Loaded articles are always biased. P. PS: F/OSS= Free/Open Source Software PS2: Mop, Flock is here: http://flock.com/ . It's based on Firefox. ----------------------------------- jkf Sat 03 May, 2008 Re: Hackers Focus Efforts on Firefox, Safari ----------------------------------- Flock. Never heard of it. Flock is a modified Firefox that has integrated enhancements for those that don't want to use a separate application for handling the tasks. I checked Flock version 1.1.2 it reports that it is built on Firefox/2.0.0.14 Gecko/20080418 Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) So it should cover the above mentioned firefox fixes. Check your Flock version by doing Help -> About Flock If the Firefox version in Flock is equal to or greater than 2.0.0.13, then it should be OK. The more I think about this article, it looks like old info regurgitated, as the latest Firefox is 2.0.0.14 released April 16, 2008, about a week before the article date. Even Firefox 2.0.0.13 which was release on March 25, 2008 is a month older than the article and it had fixed those problems already.... If this article came out in March... then it might have been fresh news... Flock Release Notes: http://www.flock.com/release-notes/1.1.2/ I have found a 1.1.3 and even a change page at flock.com that doesn't really tell you what the difference is... might be a beta... ----------------------------------- mimi_44 Sat 03 May, 2008 Re: Hackers Focus Efforts on Firefox, Safari ----------------------------------- If the Firefox version in Flock is equal to or greater than 2.0.0.13, then it should be OK. Thanks for the info on Flock jkf.