Shark Lady Tech » security

Mozilla Cleans Out Two Malicious Add-Ons

The Shark Lady — Sun, 07 Feb 2010 08:58:11 +0000

Add-ons are a great thing – they make your software more useful and much more to your taste.

Firefox has tons of wonderful add-ons, that turn the browser into a mean piece of software for web developers, web designers or power internet users.

Apparently, the popularity of add-ons also made them a target for malware creators. Two add-ons in the experimental section of addons.mozilla.org were found to be containing malware – Version 4.0 of Sothink Web Video Downloader and all versions of Master Filer. Mozilla has since increased the number of scanning tools, and will be taking additional steps to minimize the risk of further incidents.

This vulnerability is known to affect Firefox on Windows only, if either Master Filer or Version 4.0 of Sothink Web Video Downloader are installed. Versions of Sothink Web Video Downloader greater than 4.0 are not infected.

Simply removing the ad-ons won’t clear the trojans, so you need to scan your computer with an anti-virus.

Be careful out there…

Yet Another IE Security Problem

The Shark Lady — Thu, 04 Feb 2010 21:56:31 +0000

It’s not new – we already know it. Internet Explorer is a flawed browser, with many security holes – and it just ripped itself a new one.

Microsoft has issued Security Advisory (980088), which basically says that Internet Explorer, for those who use Windows XP or who have disabled Internet Explorer Protected Mode, allows access to files with an already known filename and location. In other words – hackers can browse your files vie IE.

Browser versions affected are: Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

Microsoft continues to encourage customers to follow the “Protect Your Computer” guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. The company hasn’t issued a patch yet.

I have a better tip for you: USE FIREFOX.

How DNSSEC Will Make the Internet Safer

The Shark Lady — Wed, 20 Jan 2010 10:32:29 +0000

Next week we will enter a testing phase where ICANN, the main organizing body of the Internet, and Verisign, the registry of .com and .net, start adding DNSSEC to the various DNS root servers on the Internet.

Since the root servers are so critical the rollout will be incremental and is planned to last well into May, with plenty of testing of the results in the meantime to make sure that there are no problems. After all, breaking the root zone would essentially break the entire Internet.

[ Read the full article ]