Serious security flaw found in IE

[Fop 1]

Firefox update

 

Mozilla has released a scheduled update for its open source Firefox web browsers for at least 10 different vulnerabilities.

 

The bugs in the browser could have been "used to run attacker code and install software, requiring no user interaction beyond normal browsing," said Mozilla.

 

It is also reissuing calls for users to upgrade from Firefox 2.0 to Firefox 3.0 as soon as possible and said it is "not planning any further security and stability updates for Firefox 2".

 

This means Mozilla will no longer support the Firefox 2 browser against future online scams and attacks.

 

http://news.bbc.co.uk/2/hi/technology/7788687.stm

 

 

 

Again this shows exactly what I was talking about; Firefox identifies and fixes regularly anyway, Microsoft doesn't. That why its moving this quickly just shows the seriousness of the flaw (not just potentially used to run attacker code and install software al la FF [which it absolutely couldn't if you were using noscript anyway], but a gateways directly into and onto your PC).

 

And even IE8 was vulnerable.

[Happy Face 29]

Three million hit by Windows worm

 

A worm that spreads through low security networks, memory sticks, and PCs without the latest security updates is posing a growing threat to users.

 

The malicious program, known as Conficker, Downadup, or Kido was first discovered in October 2008.

 

Although Microsoft released a patch, it has gone on to infect 3.5m machines.

 

Experts warn this figure could be far higher and say users should have up-to-date anti-virus software and install Microsoft's MS08-067 patch.

 

According to Microsoft, the worm works by searching for a Windows executable file called "services.exe" and then becomes part of that code.

 

It then copies itself into the Windows system folder as a random file of a type known as a "dll". It gives itself a 5-8 character name, such as piftoc.dll, and then modifies the Registry, which lists key Windows settings, to run the infected dll file as a service.

 

Once the worm is up and running, it creates an HTTP server, resets a machine's System Restore point (making it far harder to recover the infected system) and then downloads files from the hacker's web site.

 

INFECTED IPs WORLDWIDE

China 38,277

Brazil 34,814

Russia 24,526

India 16,497

Ukraine 14,767

Italy 13,115

Argentina 11,675

Korea 11,117

Romania 8,861

United States 3,958

United Kingdom 1,789

Source: F-Secure

 

Most malware uses one of a handful of sites to download files from, making them fairly easy to locate, target, and shut down.

 

But Conficker does things differently.

 

Anti-virus firm F-Secure says that the worm uses a complicated algorithm to generate hundreds of different domain names every day, such as mphtfrxs.net, imctaef.cc, and hcweu.org. Only one of these will actually be the site used to download the hackers' files. On the face of it, tracing this one site is almost impossible.

 

Speaking to the BBC, Kaspersky Lab's security analyst, Eddy Willems, said that a new strain of the worm was complicating matters.

 

"There was a new variant released less than two weeks ago and that's the one causing most of the problems," said Mr Willems

 

"The replication methods are quite good. It's using multiple mechanisms, including USB sticks, so if someone got an infection from one company and then takes his USB stick to another firm, it could infect that network too. It also downloads lots of content and creating new variants though this mechanism."

 

"Of course, the real problem is that people haven't patched their software. If people do patch their software, they should have little to worry about," he added.

 

Technicians have reverse engineered the worm so they can predict one of the possible domain names. This does not help them pinpoint those who created Downadup, but it does give them the ability to see how many machines are infected.

 

"Right now, we're seeing hundreds of thousands of unique IP addresses connecting to the domains we've registered," F-Secure's Toni Kovunen said in a statement.

 

"We can see them, but we can't disinfect them - that would be seen as unauthorised use."

 

Microsoft says that the malware has infected computers in many different parts of the world, with machines in China, Brazil, Russia, and India having the highest number of victims.

 

http://news.bbc.co.uk/1/hi/technology/7832652.stm

[Fop 1]

9 million+ already.

[Park Life 71]

I've got something when I run IE7 (very occasionally), when you open one window I get a cascade of that window opening dozens of times and I have to re-boot. Only happens on IE7, never on Firefox. What is this??

[Fop 1]

I've got something when I run IE7 (very occasionally), when you open one window I get a cascade of that window opening dozens of times and I have to re-boot. Only happens on IE7, never on Firefox. What is this??

 

Probably some sort of activeX malware if it's opening the same site every time, otherwise maybe just IE being flaky. Run some anti-virus+spybotSD+adaware and see what it detects.

 

Firefox3 is pretty difficult to get into the same situation, nearly impossible if you use noscript and adblockerplus correctly with it.

[Fop 1]

Windows worm trickery for Vista

The "Open folder" option appears in the "Install or run program" list

 

The Conficker virus has opened a new can of worms for security experts.

 

Drives such as USB sticks infected with the virus trick users into installing the worm, according to researchers.

 

The "Autoplay" function in Vista and early versions of Windows 7 automatically searches for programs on removable drives.

 

However, the virus hijacks this process, masquerading as a folder to be opened. When clicked, the worm installs itself.

 

It then attempts to contact one of a number of web servers, from which it could download another program that could take control of the infected computer.

 

Bad guys

 

The worm is unusually clever in the way that it determines what server to contact, according to F-Secure's chief research officer Mikko Hypponen.

 

"It uses a complicated algorithm which changes daily and is based on timestamps from public websites such as Google.com and Baidu.com," said Mr Hypponen in a blog post.

 

"This makes it impossible and/or impractical for us good guys to shut them all down — most of them are never registered in the first place.

 

"However, the bad guys only need to predetermine one possible domain for tomorrow, register it, and set up a website — and they then gain access to all of the infected machines," he added.

 

It has also emerged that the virus automatically disables the automatic updates to Windows that would prevent further infection.

 

As the virus - also known as Downadup - has spread to an estimated 9m computers globally, a number of high-profile instances of the virus have arisen.

 

The Ministry of Defence has been battling an outbreak of the virus across its network for more than two weeks, and on Tuesday a network of hospitals across Sheffield told technology website The Register that more than 800 of their computers had been infected.

 

Users are urged to download the KB958644 Security Update from Microsoft to mitigate the risk of infection.

http://news.bbc.co.uk/1/hi/technology/7842013.stm

 

MS and their dodgy automation, even with win7 they don't seem to have learnt lessons.

[Happy Face 29]

Microsoft steps up browser battle

 

Microsoft has stepped up the battle to win back users with the latest release of its Internet Explorer browser.

 

The US software giant says IE 8 is faster, easier to use and more secure than its competitors.

 

"We have made IE 8 the best browser for the way people really do use the web," said Microsoft's Amy Barzdukas.

 

"Microsoft needs to say these things because it continues to lose market share to Firefox, Chrome and Safari," said Gartner analyst Neil MacDonald.

 

Recent figures have shown that Microsoft's dominance in this space has been chipped away by competitors.

 

At the end of last year, data from Net Applications showed the software giant's market share dropped below 70% for the first time in eight years to 68%.

 

Meanwhile Mozilla broke the 20% barrier for the first time in its history with 21% of users using its browser Firefox.

 

Focus

 

The beta version of IE 8 was released last March and today the company has put out its first release candidate for the public. This is the last stage for the browser before it is finalised, although very few changes are expected.

 

Ms Barzdukas told the BBC: "What we are seeing for many consumers in particular is that their computing experience is a browsing experience.

The 'smart address bar' makes finding previously visited sites easier

 

"The role of the browser has become more and more important. Our focus is on delivering the best experience possible and one that is faster, easier and more secure."

 

To that end IE 8 offers performance upgrades to speed up page loading, new navigation features and tab isolation so that if you hit a bad site only that tab closes and not the whole browser.

 

WebSlices will give users a way to keep updated about a particular item on a web page like stock prices, the weather or an eBay auction.

 

Accelerators let users access Web services like maps or translations in a small window without having to leave the page.

 

"We believe with IE 8 much of the performance discussion is off the table," said Ms Barzdukas.

 

Security

 

Microsoft is making much of its security enhancements, which Ms Barzdukas said makes IE 8 "hands down the most secure browser on the market."

 

These include "InPrivate Filtering" which means users can see and block when a third-party content provider might be tracking their activities on the Web in an effort to target advertisements.

Intenet Explorer 8 is being touted as faster, easier and safer than ever

 

Web publishers and online advertisers have in the past expressed concern over this feature because it could "frustrate the business model".

 

"InPrivate Browsing" is also being touted as a major improvement which allows a user to start a browsing session during which the history of sites viewed will not be recorded.

 

Some bloggers have nicknamed the feature "porn mode" because it keeps online activity a secret and prevents those with access to a PC from seeing where other users of the same PC have been.

 

Online privacy advocates like the Centre for Democracy and Technology have called the features "a great step forward in terms of giving users more control".

 

Defectors

 

So will this be enough to persuade defectors to return to the IE fold?

 

"Microsoft does have the advantage of its browser being shipped with its operating system so people that want to shift have to do a lot of work to shift," said Mr MacDonald, a vice-president of analyst firm Gartner

Google's new web browser is called Chrome

 

"It's an area the European Union is looking at and I will let the lawyers figure that out but I don't think this will bring back the defectors. However it shows that competition in the browser space is good for innovation and good for the industry," said Mr MacDonald.

 

The EU last week accused Microsoft of harming competition by bundling its IE browser with its Windows operating system.

 

The Redmond-based company has said it is examining the preliminary finding and has not ruled out requesting a formal hearing.

 

Greg Sterling of Search Engine Land said if the product delivers, users will stick with it and others may well return.

 

"If this is a truly significant improvement, it will gain users loyalty and lure others back.

 

"At the end of the day if it has the functionality and features people want, they will respond to it. For those who have an emotional stake in this, and who like the idea of the underdog like Firefox, it's unlikely to sway them," said Mr Sterling.

 

Microsoft's Ms Barzdukas refused to get drawn into the numbers game but said she is positive IE 8 will hold its own against competitors.

 

"We have long advocated providing choice to customers and respect peoples' ability to choose.

 

"You can accuse me of bias, but I believe with IE 8 we will deliver the browser people will want to choose," said Ms Barzdukas.

 

http://news.bbc.co.uk/2/hi/technology/7852340.stm

 

Cheers For Microsoft

 

Microsoft is accused by EU again

 

The European Commission has accused Microsoft of harming competition by bundling its Internet Explorer browser with its Windows operating system.

 

The commission said it had reached the preliminary view that the US software giant had undermined consumer choice and infringed EU rules.

 

Microsoft and the European Union have engaged in legal battles over competition issues for years.

 

Last year, the EU fined Microsoft 899m euros ($1.4bn; £680.9m).

 

Browser battle

 

In its statement on Friday the Commission said: "Microsoft's tying of Internet Explorer to the Windows operating system harms competition between web browsers, undermines product innovation and ultimately reduces consumer choice."

 

Microsoft said that it was studying the commission's preliminary finding, and did not rule out requesting a formal hearing.

 

It has been given eight weeks to reply.

 

The US software firm controls the majority of the web-browsing market through its Explorer browser.

 

Analysts say the company has diversified enormously and is now no longer so reliant on its Windows operating system, with revenue coming from Xbox sales and server software.

 

In February 2008, the EU fined Microsoft 899m euros for defying sanctions imposed on it for anti-competitive behaviour.

 

The penalty - which was then one of the largest imposed by the European Commission - came after Microsoft failed to comply with an earlier 2004 ruling that it had abused its market position.

 

http://news.bbc.co.uk/2/hi/business/7834792.stm

 

Jeers for the European Union

[snakehips 0]

My AVG 'window' is asking if I want to download 'AVG Internet Security'. Is this advisable, or just overkill ??

[Fop 1]

At the end of last year, data from Net Applications showed the software giant's market share dropped below 70% for the first time in eight years to 68%.

 

They must be getting worried.

[Park Life 71]

At the end of last year, data from Net Applications showed the software giant's market share dropped below 70% for the first time in eight years to 68%.

 

They must be getting worried.

 

Firefox is da biz.

[Fop 1]

At the end of last year, data from Net Applications showed the software giant's market share dropped below 70% for the first time in eight years to 68%.

 

They must be getting worried.

 

Firefox is da biz.

 

It is effectively the undead, and as such is unstoppable.

[Happy Face 29]

Windows 7 to ship without browser

 

Microsoft said it would be easy to install its browser

European buyers of Windows 7 will have to download and install a web browser for themselves.

 

Bowing to European competition rules, Microsoft Windows 7 will ship without Internet Explorer.

 

The company said it would make it easy for PC makers and users to get at and install the web browsing program.

 

In response Brussels expressed scepticism over the move and whether it went far enough to ally accusations of it abusing its market position.

 

Abusive behaviour

 

"We're committed to making Windows 7 available in Europe at the same time that it launches in the rest of the world," Dave Heiner, said Microsoft deputy general counsel in a statement, "but we also must comply with European competition law as we launch the product."

 

"We believe that this new approach, while not our first choice, is the best path forward given the ongoing legal case in Europe," he added.

 

In response the European Commission said "It would also have to consider whether this initial step of technical separation of IE from Windows could be negated by other actions by Microsoft."

 

In early 2008, Microsoft was fined 899m euros (£765m) by the European Commission for anti-competitive behaviour over bundling in the media player and browser into Windows.

 

In January 2009, Brussels reached a "preliminary view" that Microsoft was denting the chance for true competition by bundling its browser software in with its operating system.

 

Microsoft is due to defend itself against the charges in a hearing.

 

If Microsoft fails to convince the Commission that it is not harming competition could mean more fines and enforced changes to the way it does business.

 

"We're committed to launching Windows 7 on time in Europe, so we need to address the legal realities in Europe, including the risk of large fines," said Mr Heiner.

 

Windows 7 is due to be released worldwide on 22 October.

 

"In terms of potential remedies, if the Commission were to find that Microsoft had committed an abuse, the Commission has suggested that consumers should be offered a choice of browser not that Windows should be supplied without a browser at all," said the Commission in a statement responding to Microsoft's announcement.

 

It said Microsoft's approach of offering the program to computer manufacturers "may potentially be more positive" in terms of remedying its alleged abusive behaviour.

 

It added that if Microsoft were found to be abusing its position, the Commission would have to work out if the uncoupling of IE offset that behaviour.

 

http://news.bbc.co.uk/2/hi/technology/8096701.stm

 

Fop's on the vinegar strokes.

[ChezGiven 0]

How do you download and install a web browser when you dont have a web browser??

[Fop 1]

http://news.bbc.co.uk/2/hi/technology/8096701.stm

 

Fop's on the vinegar strokes.

 

Aye but they are only doing it because they realise that shipping Win7 without IE8 is more $$$'s for them long term than shipping Win7 with IE8 and FF3.5/Opera/Chrome etc. (the EU's preferred choice).

 

Plus this way they then try to cast the EU as the "villain" of the piece.

 

Very sensible spin and damage control from M$ after having been caught in an illegal situation.

 

 

 

Although it's more amusing that they are having to release it with a visualised version of Win XP, even with all the steps forward they've made with Win7.

[Fop 1]

Firefox 3.5 soon!

[Fop 1]

Happy Face on vinegar strokes?

 

Old dog old tricks (NSFW ).

[Park Life 71]

Happy Face on vinegar strokes?

 

Old dog old tricks (NSFW ).

 

AVG has been doing a decent job for me for a couple of years now.

[Fop 1]

Happy Face on vinegar strokes?

 

Old dog old tricks (NSFW ).

 

AVG has been doing a decent job for me for a couple of years now.

 

Aye, in truth with the right programs/hardware and making sure you're as up to date as possible and if you don't download excessively, even with windows (with Linux AV software is largely about not spreading windows infections to other people), all AV software is a bit of over kill.

 

You can have a system connected to the internet for years without a problem.

 

 

 

But yes, AVG/Avast free are pretty good and a sensible precaution (and probably will remain better than MS's offering), the big problem is Netscape was much better when IE destroyed it and Word Perfect was much better when Word destroyed it.

 

The methods that MS and Happy Face like are very effective, if illegal, and tend to come out on top even if they are completely sub par.

[Happy Face 29]

Happy Face on vinegar strokes?

 

Old dog old tricks (NSFW ).

 

AVG has been doing a decent job for me for a couple of years now.

 

Aye, in truth with the right programs/hardware and making sure you're as up to date as possible and if you don't download excessively, even with windows (with Linux AV software is largely about not spreading windows infections to other people), all AV software is a bit of over kill.

 

You can have a system connected to the internet for years without a problem.

 

 

 

But yes, AVG/Avast free are pretty good and a sensible precaution (and probably will remain better than MS's offering), the big problem is Netscape was much better when IE destroyed it and Word Perfect was much better when Word destroyed it.

 

The methods that MS and Happy Face like are very effective, if illegal, and tend to come out on top even if they are completely sub par.

 

Why am I alligned with MS again Fop?

[Fop 1]

Happy Face on vinegar strokes?

 

Old dog old tricks (NSFW ).

 

AVG has been doing a decent job for me for a couple of years now.

 

Aye, in truth with the right programs/hardware and making sure you're as up to date as possible and if you don't download excessively, even with windows (with Linux AV software is largely about not spreading windows infections to other people), all AV software is a bit of over kill.

 

You can have a system connected to the internet for years without a problem.

 

 

 

But yes, AVG/Avast free are pretty good and a sensible precaution (and probably will remain better than MS's offering), the big problem is Netscape was much better when IE destroyed it and Word Perfect was much better when Word destroyed it.

 

The methods that MS and Happy Face like are very effective, if illegal, and tend to come out on top even if they are completely sub par.

 

Why am I alligned with MS again Fop?

 

Opposite reason you think Fop is against it, Fop supposes. Which is?