Computer Internet network security News

IE 8.00 the latest version from Microsoft has been launched with new security features.The latest intenet explorer 8.00 development adhere strict w3c standards of security. The issues like backward compatibility privacy etc has been dealt in the development by a smart way.

By inserting a specially created “meta” element into the webpage, IE8 triggers the old standards mode, emulate its behavior and show the old pages unscrambled.

Ryan a senior product manager said we have a responsiblity to make interoplerable with old versions of IE, which will allow smooth flow of information while browsing.

The IE 8.00 has been developed by detailed reviewing firefox which is considered as the safest browser in the world. The features like webslices, search suggestions, smart addresses has been improved.

Try the new version and dont forget to comment here about your browsing experience with IE 8.00

Browsers security, News ie 8.00, internet explorer 8, Internet Explorer security

Internet explorer is more open to vulnerabilities and the hackers being busy in finding loopholes to attack the computers. It is because IE is the most popular browser and vastly used. Below are some tips through which one can save his or her machine from hackers.

Disabling  install on demand

Procedure:

1. Close all applications running on computer.
2. Go to Start – Settings – Control Panel and double click the “Internet Options” icon. The “Internet Properties” dialog box should appear.
3. Click on the “Advanced” tab. 
4. Under “Browsing”, about nine items down, uncheck the box “Enable install on demand (Internet Explorer)” and uncheck “Enable install on demand (Other)”.
5. Click “OK” to exit and save the changes.
6. Now you are safe.

Prompt your browser to run ActiveX, Java, and plugins

This will help you to prevent malware or intrusion.

1. In browser menu click tool and select internet options.
2. Click on the the Security Tab.
3. Make sure the Internet Zone is selected and click on the “Custom Level” button.
4. Set your Active X controls and plugins section prompt disable and disable.

Browsers security, Tips and Tutorials ie security, install on demand, internet safety

Internet explorer lost its considerable market in the recent past years where Firefox, safari, Google Chrome and few others gave a tough time to IE. Microsoft realised this thing and through comprehensive research manage to inroduce Internet Explorer 8 with new add ons security features.  It will be released any time in this month.

According to Micrososft Business Organizations will love IE 8 because of its security features. It will be more faster and immune to hackers. In the past user experience lost of data while surfing due to crash but in IE 8 there will be new feature in which if the website crash the effect will be only on a single tab on which the vulnerability appears. This feature will distinguish IE from other browsers.

There will be a smart screen function which prevent hackers from sending the malicious codes. The effectiveness of this  function can only be know after the release but it again seems to be a unique function.  

Another feature which recommend the users of not browsing the webpage which posess threat. This function can also seen in google tool bar where the message appears if the site is not trusted or contain potential harm. 

Beside above there will be more features which we can only asses after the release.  We will update our reader about that.

Browsers security, Microsoft security ie8, ie8 security, Microsoft security

Mozilla has recently released an update which fixes several security issues for Firefox. The security release fixes the issues relate to XML data theft via RDFXMLDataSource and cross-domain redirect and Crashes. In the new version the above fix is included.

Moreover a bug that caused items in the File menu to be ineffective after using Print has been fixed. The bug that makes cookies to appear to be missing after sometime has also been fixed.

Users of the Flashblock add-on that experienced an issue where sound from the Flash plug-in would continue to play for a short time after closing a tab or window will be happy to hear that problem has been fixed as well.

Mozilla also claimed that the stability and accessibility iisues were also taken into account in the new version of Firefox 3.07.

Browsers security firefox security, mozilla, xml-security

Microsoft has issued a third Internet Explorer 8 beta that includes a list of compatible websites for users less than “web savvy”.

The IE 8 Release Candidate is the third pre-release version of Microsoft’s browser but the first to include a list of web sites that Microsoft says actually work with its browser.

The Compatibility View List was announced last month by Microsoft after it found users testing the second beta had been unable to view websites without IE 8 scrambling them.

IE 8 introduces two modes for viewing sites: default and compatibility. Default supports the latest web standards, like CSS 2.1. Compatibility is designed to let you view the millions of sites and applications built for old versions of IE that were not compliant with web standards.

The idea was that a button would let users flip over to viewing such sites, but many forgot to make the switch, resulting in scrambled sites. Even sites supposed to work in default mode were getting scrambled.

Microsoft then introduced the idea of the Compatibility View List, which is supposed to tell the browser when it’s viewing a site that’s not been updated to support IE 8.

The list is composed and edited entirely by Microsoft, based on its reading of telemetry data and information from product support channels, the company said in December.

More at http://www.theregister.co.uk/

Browsers security, Microsoft security ie 8 release, ie beta, microsoft beta

Browsers security Browsers security, private browsers, private browsing

Grail applets can access certain objects in the Grail application through special attributes of the master argument passed to every applet instance. The most important objects are the App, the Browser, the Viewer, and the Context. The App object represents the entire Grail application, and contains information shared bewteen all browsers. The Browser object represents a top-level browser window. The Viewer object represents a viewer window. Often, there will be one viewer per browser, but when frame sets or tables are used, there may be several subviewers within the same browser. The Context object, finally, represents an intermediate level. Viewer objects representing table cells share their context with the Viewer object containing the table; however Viewer objects representing a frame have their own context (since each frame displays a separate URL).

grail_app

The Application object. Methods:

.get_cache_keys()

Return a list of URLs that are currently in Grail’s cache.

Instance variables:

.global_history

An object representing Grail’s global history (the set of URLs you have visited). Methods:

.remember_url(url [, title])

Add a URL to the global history, optionally with a given title.

.lookup_url(url)

Return a tuple (title, timestamp) representing the information in the global history about the given URL. If the URL is not known, return (None, None).

.inhistory_p(url)

Return true or false depending whether the given URL is in the global history.

.urls()

Return a list of all URLs currently in the global history.

grail_context

The Context object for the applet. Methods:

.get_baseurl([url, ...])

Return the base URL for the current document. If one or more URL arguments are give, resolves the first one relative to the base URL, the second one relative to the first one, and so on, and return the final result. Empty URLs are ignored.

.load(url)

Load the given URL into the context’s viewer, replacing its current contents. Careful: this will usually cause the current applet to be deleted!

.follow(url)

Like .load(url), but interprets the URL relative to the current document’s base URL.

.message(string)

Display a message in the document’s message area.

.get_async_image(url)

Return an “asynchronous image object”. This is a subclass of a Tkinter PhotoImage which will eventually be loaded with the image whose URL is given. Image objects are shared and should be considered read-only.

grail_browser

The Browser object for the applet. A description of the Browser object may be found in The Browser Object Interface in Grail.

grail_viewer

The Viewer object containing the applet. A description of the Viewer object may be found in The Viewer Object Interface in Grail.

Browsers security grail, grail interface

clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a car-jacker takes a car? Well, click-jacking is like that, except that click is the car. Clickjacking trace back to 1990 and now it is being used again by hackers.

Mostly the hacker use buttons links or small banners on which the user show trust to click but the behind script working on that banner or button retrieve your personal information. Let suppose the hacker put a button of BBC but when someone click to that button, the script behind the button will start functioning and the desire goal of the hacker achieved. In latest clickjacing the hacker is so smart that when the button is cliked the script work and then it redirect you to the destination page where you intend to go, even you dont suspect any thing fishy.

Clickjacking is a serious, potentially long-term problem for browser developers. Since the attack is enabled by a feature within HTML, it demands changes to the HTML specification.

Web standards groups are currently working on HTML 5, a specification that will incorporate new features into the programming language to accommodate future web design. But the standards process moves slowly, and changes to HTML could break existing web pages.

Almost all the browsers are updated smartly against clickjacking but precautionly one can do the simple test by looking at the link of the suspicious button or text. It is very simple just right click on the image or button and see the properties, in property popup see the link destination, if it goes to right destination then perform the action otherwise leave it as it is.

Browsers security Browsers security, clickjacking, hackers

Just a day after it released Firefox 3.0.2 to fix 11 vulnerabilities, Mozilla Corp. said that an overlooked password bug requires a fast-track update it hopes to launch next week.

Late Wednesday, Mike Beltzner, Mozilla’s director of Firefox, said that the bug, which prevents some users from accessing their browser-saved passwords, means another update is necessary. “While this doesn’t affect all Firefox users, it is a significant regression and has triggered a fast-release Firefox 3.0.3 which will contain a single fix,” Beltzner said in a message to the mozilla.dev.planning group.

The bug popped up in Firefox 3.0.2, which Mozilla released Tuesday, after developers added a fix to make the browser’s password manager work on international domain name (IDN) sites. IDN sites are those that have non-ASCII characters in their URLs, such as addresses with Arabic, Hebrew or Chinese characters, or ones with non-English diacritical marks.

According to Beltzner, users who have saved passwords on IDN sites or some non-English domains will be unable to access those passwords or save any new passwords after updating to Firefox 3.0.2.

“There is no permanent data loss, the saved data is just inaccessible,” Beltzner noted.

Regression bugs aren’t unknown to Mozilla or Firefox. Last November, the company rushed a release out the door to fix five bugs it had introduced in the previous version of the browser, which had been posted for download about a week before.

A fix for the password regression bug has been crafted and is being tested, Beltzner added.

Browsers security firfox, mozilla, password

Security researchers warned today that a new class of vulnerabilities dubbed “clickjacking” puts users of every major browser at risk from attack.

Details of the multiple flaws — six different types, by one count — are sketchy, because the researchers, who presented some of their findings at a security conference earlier this week, have purposefully kept their information confidential as at least one vendor works on a fix.

Although the clickjacking problem has been associated with browsers — users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack — the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, and one of the two researchers who discussed the bug in a semi-closed session at OWASP AppSec 2008 on Wednesday.

n an interview on Friday, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by CSRF or “sidejacking.” But clickjacking is different enough that the current anti-CSRF security provisions built into browsers, sites and Web applications are worthless.

“At a high level, almost everyone is affected by it,” Hansen said. “The problem is that a lot of people who spent a lot of time defending [against cross-site request forgery] didn’t see this coming. This works completely differently, and has much wider-reaching issues. [Attackers] can get users to click a button [in clickjacking] where they may not be able to get them to click a button in JavaScript.”

Hansen’s research partner, Jeremiah Grossman, chief technology officer at WhiteHat Security Inc., explained how attackers could exploit clickjacking vulnerabilities.

“Think of any button on any Web site, internal or external, that you can get to appear between the browser walls,” Grossman said in an e-mail on Friday. “Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue, etc. The list is virtually endless and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users’ mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to.”

Hansen seconded Grossman’s example with one of his own. “Say you have a home wireless router that you had authenticated prior to going to a [legitimate] Web site. [The attacker] could place a tag under your mouse that frames in a single button an order to the router to, for example, delete all firewall rules. That would give them an advantage in an attack.”

Hackers would not need to compromise a legitimate site in order to conduct a clickjacking attack underneath it, Hansen added.

Browsers security browser, clikjacking, firefox, Internet Explorer security

Google chrome browser is pretty simple.  Once you start you’re presented with a fresh white page that’s pretty much separate in borders and most of the common buttons that you would see on a traditional browser.  A security code work behind the application that tries to block malware from executing and interacting with the main operating system.  This “sandbox” feature gives all browser processes just enough privilege to run inside of Chrome and Google hopes it will stop the majority of hacker attacks.

Sandboxing applications isn’t anything new and most people have heard of JAVA applications running in a sandbox. Users dont bother about programming, they are concern of the application usage and its authentication.  Using a vulnerability that was showed off at this year’s Black Hat security conference, Aviv Raff has developed proof of concept code that forces Chrome to open up applications on the desktop.  You can run the code at this link, but don’t worry it doesn’t do anything too horrible as it just pops up a notepad window.

But before you shout OMG vulnerability!, notice what you had to do to get that window to open.  First you had to be tricked into browsing to the website (ok not really that hard to do) and then you had to click the download button in the bottom-left corner that shows an executable .JAR icon.  Hmmmm…. Not exactly a huge vulnerability for security conscious users, but perhaps a minor annoyance to regular folks – just hope the hacker doesn’t run anything more serious than Notepad.

Chrome browser has some great security features that far eclipses any “vulnerability” so far discovered.  New browser tabs inside of Chrome run are processed independently of others and if one tab crashes if doesn’t take the rest of the browser with it.  There’s also an incognito mode that lets you browse web pages without caching any information.

So don’t worry and give Chrome a try.  Yeah the browser is beta and yes there may be some undiscovered security vulnerabilities, but really can you say anything difference about Firefox and Internet Explorer?

One cannot say the chrome is foolproof but the concept behind its development is simple and aim at anti hacking activities. Lets see how the hackers discover the loopholes in this application especially designed to deal hackers.

Browsers security google, google chrome, hacker attacks, security code

To change your privacy settings go to the toolbar at the top of the page, click on [Tools], then on the drop down menu, click on [Options]. On the options page click on [Privacy] and the information you need to tell your new Firefox 2 browser are on this page. Go to the section labeled [History] and click on the first box which will tell Firefox you want it to remember the websites you visit for a certain number of days. If you leave this as 0 days, Firefox will remove the information each time it closes. In this way, Firefox deletes, from your computer the record of the websites you visit each time you close it.

Next, you want to decide if you want Firefox to remember data you enter into forms on the Internet or if you want the information deleted when you close the Firefox browser. If you do not mind retyping your personal information for completing a form now and then, it is a good idea to leave this box unchecked. There is a little risk to keep this information in your computer because a hacker could get unauthorized access to your computer and get access to it, so it is better to prevent this problem by letting Firefox delete all personal information when the browser closes.

The third check box here is personal preference. If you want a record of all of your downloads, then Firefox can create this record, which will be available by clicking an icon on your toolbar. However, it would probably not be necessary to keep such a record. You may want to read this section in the [Help] link on the bottom of this page before making your decision.

Cookies are a necessary part of web browsing because without certain cookies in your computer some websites cannot open correctly. It is a good idea to check the box beside the statement, [Accept cookies from sites] and then next to the statement [Keep until] select the Phrase [I close Firefox]. This means those Websites, which need to place a cookie in your computer so the site will open for you to view, will not be able to leave a thirty day cookie on your computer. Firefox will delete all cookies when you close this browser.

The next section related to Privacy is [Private Data] and here you probably want to check the first box with the statement, [Always clear my private data] so that each time you close the Firefox browser any personal information you may have entered and forgot to delete will be deleted when Firefox closes.

Browsers security browser, Browsers-security, firefox, Privacy