Computer Internet network security News

IE 8.00 the latest version from Microsoft has been launched with new security features.The latest intenet explorer 8.00 development adhere strict w3c standards of security. The issues like backward compatibility privacy etc has been dealt in the development by a smart way.

By inserting a specially created “meta” element into the webpage, IE8 triggers the old standards mode, emulate its behavior and show the old pages unscrambled.

Ryan a senior product manager said we have a responsiblity to make interoplerable with old versions of IE, which will allow smooth flow of information while browsing.

The IE 8.00 has been developed by detailed reviewing firefox which is considered as the safest browser in the world. The features like webslices, search suggestions, smart addresses has been improved.

Try the new version and dont forget to comment here about your browsing experience with IE 8.00

Browsers security, News ie 8.00, internet explorer 8, Internet Explorer security

 Microsoft Corporation about to release security updates, online attackers have begun exploiting a new flaw in the company’s Internet Explorer (IE) browser.

The flaw was made public in Chinese-language discussion forums two days ago by the Knownsec security team. In tests, attacks worked on IE 7 running on Windows XP, Service Pack 2 (SP2).

Attackers have already hosted it on hacked Web sites to attack unsuspecting visitors, said Wayne Huang, CEO of security vendor Armorize Technologies Inc. Now that the bug has been publicly disclosed, he said he expects attacks based on the flaw to become much more widespread.

The code exploits a bug in the way IE handles XML and works on the browser about “one in three times,” Huang said in an instant message interview. For the attack to work, a victim must first visit a Web site that serves the malicious JavaScript code that takes advantage of the flaw.

A Chinese-language statement on the flaw can be found online.

In attacks, the code drops a malicious program on the victim’s PC, which then downloads malicious software from various locations.

Microsoft is expected to release six critical patches on Tuesday, including a fix for IE. In a statement, the company said it was investigating the flaw made public by Knownsec but did not say whether it expected to patch the bug on soon.

Microsoft security ie security, Internet Explorer security, Microsoft security

Security researchers warned today that a new class of vulnerabilities dubbed “clickjacking” puts users of every major browser at risk from attack.

Details of the multiple flaws — six different types, by one count — are sketchy, because the researchers, who presented some of their findings at a security conference earlier this week, have purposefully kept their information confidential as at least one vendor works on a fix.

Although the clickjacking problem has been associated with browsers — users of Internet Explorer, Firefox, Safari, Opera, Google Chrome and others are all vulnerable to the attack — the problem is actually much deeper, said Robert Hansen, founder and chief executive of SecTheory LLC, and one of the two researchers who discussed the bug in a semi-closed session at OWASP AppSec 2008 on Wednesday.

n an interview on Friday, he called clickjacking similar to cross-site request forgery, a known type of vulnerability and attack that sometimes goes by CSRF or “sidejacking.” But clickjacking is different enough that the current anti-CSRF security provisions built into browsers, sites and Web applications are worthless.

“At a high level, almost everyone is affected by it,” Hansen said. “The problem is that a lot of people who spent a lot of time defending [against cross-site request forgery] didn’t see this coming. This works completely differently, and has much wider-reaching issues. [Attackers] can get users to click a button [in clickjacking] where they may not be able to get them to click a button in JavaScript.”

Hansen’s research partner, Jeremiah Grossman, chief technology officer at WhiteHat Security Inc., explained how attackers could exploit clickjacking vulnerabilities.

“Think of any button on any Web site, internal or external, that you can get to appear between the browser walls,” Grossman said in an e-mail on Friday. “Wire transfers on banks, Digg buttons, CPC advertising banners, Netflix queue, etc. The list is virtually endless and these are relatively harmless examples. Next, consider that an attack can invisibly hover these buttons below the users’ mouse, so that when they click on something they visually see, they actually are clicking on something the attacker wants them to.”

Hansen seconded Grossman’s example with one of his own. “Say you have a home wireless router that you had authenticated prior to going to a [legitimate] Web site. [The attacker] could place a tag under your mouse that frames in a single button an order to the router to, for example, delete all firewall rules. That would give them an advantage in an attack.”

Hackers would not need to compromise a legitimate site in order to conduct a clickjacking attack underneath it, Hansen added.

Browsers security browser, clikjacking, firefox, Internet Explorer security

A page may be corrupted if a previous user interrupted its transmission and an incomplete page is stored in cache, or a user may wish to download a new copy of a page to ensure it is the most up-to-date.In Netscape Navigator, hold the Shift key and press Reload (Macintosh users should use option instead of shift). Netscape sends a special code causing all proxies on the way to bypass the cache, go directly to the source and cache the result.

Currently, Internet Explorer does not implement this facility. If you run a Squid server, you may also use the Cache Manager, cachemgr.cgi, which allows you to force a refresh of a cached object.

Internet security cache manager, Internet Explorer security, proxies, shift key

In the same vein, if your web browser (what you are using to read this) can accomplish a number of other things on your computer, perhaps that is because it is made by the same company that made your operating system. It’s very convenient to use, isn’t it? You can use it to look at any file on your computer, and clicking on those files will make them run. That’s very convenient. Your convenient browser will also install software automatiically, change your computer’s settings easily, and do most anything you can think of on your computer. Yep, that’s convenient.

A browser should be used for reading web pages and not much else. Using FireFox regardless of what operating system I am using. It’s a better web broswer than Internet Explorer. It has a number of features that are useful: tabbed browsing (you can have multiple pages open in a single window), pop-up blocking, on-demand cookie management (you can choose to accept which cookies) are just a few. There are other choices as well, any of these is safer than using Internet Explorer

Internet security Internet Explorer security, using internet, web broswer, web--browser

The biggest problem is e-mail. E-mail can deliver a virus/trojan program right to your computer that can destroy your computer (or do any number of nasty things) with a single click if your e-mail program is able to automatically do a bunch of other things. For this reason, it is a bad idea to use Outlook Express with Windows. Similarly, if you read your email with a web browser instead of retrieving it to your machine (yahoo, hotmail, etc), using Internet Explorer to do that is a bad idea. Why do you lock your doors at home and in your car? Because the convenience of unlocked doors is not worth the risk of burgulary. The same rule apples here.

Any other email program is safer than Outlook Express, and the simpler it is the better. I recommend the use of Thunderbird these days.

Email security Internet Explorer security, mail program, outlook express, using internet, virus trojan

 This site may harm your computer can avoid by following a simple cross browser technique. Here it goes

1. First, download the blockPorn.pac file (right-click on link, select Save target as…) to a location on your local hard disk that is accessible to everyone

a) Open Internet Explorer
b) Pull-down Tools menu
c) Select Internet Options
d) Goto Connections tab
e) Press the LAN Settings button
f) Check on the Use automatic configuration script checkbox
g) Type-in file:// then the location of the blockPorn.pac file.
For example: file://C:\blockPorn.pac

h) Press OK twice to close both dialogs.

Computer security education Computer-security-education, cross-browser, harmful-site, Internet Explorer security

A cookie is information that a Web site puts on your hard disk so that it can remember something about you at a later time. (More technically, it is information for future use that is stored by the server on the client side of a client/server communication.) Typically, a cookie records your preferences when using a particular site. Using the Web’s Hypertext Transfer Protocol (HTTP), each request for a Web page is independent of all other requests. For this reason, the Web page server has no memory of what pages it has sent to a user previously or anything about your previous visits. A cookie is a mechanism that allows the server to store its own information about a user on the user’s own computer. You can view the cookies that have been stored on your hard disk (although the content stored in each cookie may not make much sense to you). The location of the cookies depends on the browser. Internet Explorer stores each cookie as a separate file under a Windows subdirectory. Netscape stores all cookies in a single cookies.txt fle. Opera stores them in a single cookies.dat file.Cookies are commonly used to rotate the banner ads that a site sends so that it doesn’t keep sending the same ad as it sends you a succession of requested pages. They can also be used to customize pages for you based on your browser type or other information you may have provided the Web site. Web users must agree to let cookies be saved for them, but, in general, it helps Web sites to serve users better.

C, Glossary of computer security browser, C, Glossary-of-computer-security, http, Internet Explorer security

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
You can use Registry Editor to do the following:

The navigation area of Registry Editor displays folders. Each folder represents a predefined key on the local computer. When you access the registry of a remote computer, only two predefined keys appear: HKEY_USERS and HKEY_LOCAL_MACHINE.

More at http://support.microsoft.com/kb/256986/EN-US/ 

Browsers security, Microsoft security Browsers-security, Internet Explorer security, Microsoft-security, registry, security-zone

Sometimes, if you have a directory containing files, but not an index file, then the server will display the entire contents of that directory. To prevent this from happening, include this:

The * is known as a wildcard and means all files. You could just block the gif and jpg files for example:

That basically sums up the major functions you can use with .htaccess! I hope you have fun with it!

You can read more about Apache Directives here http://www.apache.org/docs/mod/directives.html which lists all the possible uses the .htacess file has!

Browsers security Internet Explorer security

To stop people from using your images on their site while the image is still on your site (stealing valuable bandwidth), add the following to the .htaccess file:

Replace mydomain.com with your domain name and the gif|jpg with any other file extension, such as gif|jpg|swf

Browsers security Internet Explorer security

There are many reasons why a servlet container may issue an HTTP 404 error for a servlet. You should check you have added a servlet configuration and mapping to your web.xml file and make sure you are requesting the URL path specified in the mapping.If your servlet compiles successfully, another possibility is that it throws a ServletException in the init(ServletConfig) method. If so, the servlet container will log the exception and take the servlet out of service. Check your log files for any details.

Browsers security Internet Explorer security