Thursday, September 16, 2004
Mozilla fixes 10 security flaws
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
The three most serious flaws, fixed in new releases of Mozilla and Firefox, could let an attacker run code on the victim's computer.
The latest releases of the Mozilla and Firefox browsers, along with the Thunderbird email software, fix 10 security issues, including three critical vulnerabilities, according to the Mozilla Foundation, which develops the software.
The three critical flaws could let an attacker run code on the victim's computer, according to information published by the Mozilla Foundation on Tuesday. The vulnerabilities are caused by the improper handling of electronic business cards, known as vCards; overly large images in the bit map (BMP) format; and links that have host names using nonprintable characters.
The issues are fixed in the latest versions of the Mozilla Foundation's open-source software products: Mozilla 1.7.3, Firefox release candidate 1.0 and Thunderbird 0.8.
Security information provider Secunia gave the set of 10 holes a "highly critical" rating, its second-highest grade for Internet threats.
The plethora of new security issues comes a month after the Mozilla Foundation started offering money to researchers who found verifiable security problems in the browser. On Tuesday, the open-source group released its latest version of its software packages.
The Firefox browser in particular has benefited from the perception that its rival, Microsoft's Internet Explorer, suffers from security problems. A flaw revealed on Tuesday by Microsoft could put users of Internet Explorer at risk of having their PCs compromised by malicious Web sites.
Link to the story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
The three most serious flaws, fixed in new releases of Mozilla and Firefox, could let an attacker run code on the victim's computer.
The latest releases of the Mozilla and Firefox browsers, along with the Thunderbird email software, fix 10 security issues, including three critical vulnerabilities, according to the Mozilla Foundation, which develops the software.
The three critical flaws could let an attacker run code on the victim's computer, according to information published by the Mozilla Foundation on Tuesday. The vulnerabilities are caused by the improper handling of electronic business cards, known as vCards; overly large images in the bit map (BMP) format; and links that have host names using nonprintable characters.
The issues are fixed in the latest versions of the Mozilla Foundation's open-source software products: Mozilla 1.7.3, Firefox release candidate 1.0 and Thunderbird 0.8.
Security information provider Secunia gave the set of 10 holes a "highly critical" rating, its second-highest grade for Internet threats.
The plethora of new security issues comes a month after the Mozilla Foundation started offering money to researchers who found verifiable security problems in the browser. On Tuesday, the open-source group released its latest version of its software packages.
The Firefox browser in particular has benefited from the perception that its rival, Microsoft's Internet Explorer, suffers from security problems. A flaw revealed on Tuesday by Microsoft could put users of Internet Explorer at risk of having their PCs compromised by malicious Web sites.
Link to the story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
WALTER S. MOSSBERG - How to Protect Yourself From Vandals, Viruses If You Use Windows
September 16, 2004
By WALTER S. MOSSBERG
If you use a Windows personal computer to access the Internet, your personal files, your privacy and your security are all in jeopardy. An international criminal class of virus writers, hackers, digital vandals and sleazy businesspeople wakes up every day planning to attack your PC.
And the company that controls the Windows platform, Microsoft, has made this too easy to do by carelessly opening numerous security holes in the operating system and its Web browser. Even if you install the recent Service Pack 2 update to Windows XP, you will still be vulnerable.
As I have said before, I believe Microsoft and the computer makers should be taking care of all these problems with a unified, managed approach that would free users from having to learn about all the threats and constantly manage security. They should take responsibility for shielding users from hackers, spammers, viruses and spyware -- the malicious software that hijacks your browsing and searching, pushes ads into your face, and secretly logs your activities.
But until that happens, you will have to fend for yourself. So here's a quick, rudimentary guide to protecting yourself in the digital world.
Opting out: The single most effective way to avoid viruses and spyware is to simply chuck Windows altogether and buy an Apple Macintosh. Apple's operating system, Mac OS X, is harder for the criminals to infect, and the Mac's market share is so small that hackers, virus writers and spies get little thrill, financial gain or publicity from attacking the platform.
There has never been a successful virus written for Mac OS X, and there is almost no spyware that targets the Mac. Plus, the Mac is invulnerable to viruses and spyware written for Windows. Not only is it more secure, but the Mac operating system is more capable, more modern and more attractive than Windows XP, and just as stable.
Macs are as good as, and often better than, Windows PCs at doing the most common computing tasks: Web browsing, e-mail, word processing, spreadsheets, presentations, photos, music and video. The Mac version of Microsoft Office can handle Windows Office files with ease, and it produces files that Office for Windows handles effortlessly. Apple's computers are also gorgeous.
But switching platforms is expensive, and scary to people. So if you're sticking with Windows, read on.
Halting hackers: Buy a software firewall program, one that won't only stop hackers trying to get in but will also halt suspicious programs already on your PC from trying to send information out over the Internet. The one I recommend is ZoneAlarm, a free utility from Zone Labs, available at www.zonelabs.com. Use it instead of the wimpier built-in firewall Microsoft supplies.
If you have a broadband connection or a home network, make sure your modem or router (a common piece of networking gear) is equipped with a feature called NAT, or Network Address Translation. This technology makes it harder for criminals on the Internet to find your computers. Even if you have NAT, however, I still recommend you have a software firewall program, because NAT doesn't block every attack.
Curing viruses: You must run a strong antivirus program, and keep it updated, even if updates cost money. I recommend Norton AntiVirus (the stand-alone program, not the cumbersome security suite). It's very effective, and its automatic update system is the best I've ever tested. It costs $50, including a year of updates.
Stopping spyware: Since antivirus programs don't attack spyware, you will need to run, and keep updating, a separate piece of software called an antispyware program. I recommend Spy Sweeper from Webroot software, at www.webroot.com. It costs $30, including a year of updates. Like an antivirus program, it not only detects and removes spyware already on your PC, but also watches for, and blocks, new spyware.
Stuffing spam: Buy a decent antispam program. I know of none that is close to perfect, but the best is probably MailFrontier Desktop, available for $30 at www.mailfrontier.com. If you're really fed up, you can turn on the "challenge" feature in this program, which forces unknown senders to pass a simple test that baffles the mass-mailing software spammers use.
Browsing safely: I suggest dumping Microsoft's Internet Explorer Web browser, which has a history of security breaches. I recommend instead Mozilla Firefox, which is free at www.mozilla.org. It's not only more secure but also more modern and advanced, with tabbed browsing, which allows multiple pages to be open on one screen, and a better pop-up ad blocker than the belated one Microsoft recently added to IE.
Being careful: Never download software from the Web unless you are certain you know what it is and that you want and need it. If a Web site says you need some special plug-in to view things, be very wary. Common viewer software, like that from Real Networks, Apple or Macromedia, should be obtained from those companies' official sites.
Staying current: You should probably install Microsoft's new SP2 update, which does improve Windows security -- although it has caused serious problems for a minority of Windows users. And you should install all the "critical updates" Microsoft issues for Windows.
Bottom line: If you use Windows, you're asking for trouble. But you can mitigate the risk by taking precautions.
Write to Walter S. Mossberg at mossberg@wsj.com
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Tuesday, September 14, 2004
Critical Windows Flaw
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
There’s a significant security flaw in Windows that could allow a worm to be hidden inside a JPEG image. The bug is in GDI so any application written in Visual Studio or using the .net framework is vulnerable. Microsoft rates this as a critical vulnerability because a hacker could use it to infect your computer without any action on your part. The company has released a fix for Windows via Windows Update, but you’ll have to update Office and other applications individually. In addition there’s a scanner available that will pinpoint other vulnerable applications.
Update your Windows and Windows software ASAP!
Windows XP SP 2 is not vulnerable, however other products may be.
The hole story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
There’s a significant security flaw in Windows that could allow a worm to be hidden inside a JPEG image. The bug is in GDI so any application written in Visual Studio or using the .net framework is vulnerable. Microsoft rates this as a critical vulnerability because a hacker could use it to infect your computer without any action on your part. The company has released a fix for Windows via Windows Update, but you’ll have to update Office and other applications individually. In addition there’s a scanner available that will pinpoint other vulnerable applications.
Update your Windows and Windows software ASAP!
Windows XP SP 2 is not vulnerable, however other products may be.
The hole story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Yahoo Buys Musicmatch Company hopes the $160 million purchase will make it a major player in the music market.
Laura Rohde, IDG News Service
Tuesday, September 14, 2004
Yahoo will acquire the digital music software and services provider Musicmatch in a cash deal valued at $160 million, the companies announced this week.
Musicmatch, based in San Diego, features a streaming music subscription service, On Demand, and last September launched its own music download service, Musicmatch Downloads.
The company, founded in 1997, also offers the Windows software that ships with Apple Computer's IPod music player, as well as Musicmatch Jukebox software, for users to play, burn onto CD, download, and organize a digital music collection.
Making More Music
Yahoo, based in Sunnyvale, California, says it is committed to fashioning itself as a "major player in digital music" and that the Musicmatch acquisition will allow the company to extend its music service from 12.9 million listeners to an estimated 23 million listeners, based in large part on the numbers for Musicmatch's online radio network.
Musicmatch also claims to have over 225,000 subscribers to its music services.
Yahoo also says that it plans to offer several product innovations and new initiatives by the end of this year as it continues to expand its digital music business, though it did not offer any details.
Representatives from Yahoo and Musicmatch could not immediately be reached for comment.
Along with Apple, Musicmatch competes against several similar services offered by Napster and RealNetworks' Rhapsody.
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
Monday, September 13, 2004
Talking worm attacks Windows users - A Turkish worm that contains an embedded audio message has been bending the ears of Windows users
"Facts do not cease to exist because they are ignored."-- Aldous Huxley
A virus writer has released a worm that speaks to its victims.
The Amus worm uses the Windows Speech Engine, embedded on Windows XP, to play the following message:
"How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule [bye bye]."
The worm, which runs after the Windows XP boot-up music has played, deletes DLL and INI files to cause Windows to fail. It spreads automatically via an email entitled "Listen and Smile" and alters home page settings on Internet Explorer.
"It might be confusing to users because it says 'I am seeing you'," says Mikko Hypponen, director of antivirus research for F-Secure. "It's the only [worm] I have found speech on, but it is not too advanced because it is written is Visual Basic."
The worm has been rated as low risk by antivirus vendors.
The rest of the story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
A virus writer has released a worm that speaks to its victims.
The Amus worm uses the Windows Speech Engine, embedded on Windows XP, to play the following message:
"How are you. I am back. My name is mister hamsi. I am seeing you. Haaaaaaaa. You must come to turkiye. I am cleaning your computer. 5. 4. 3. 2. 1. 0. Gule. Gule [bye bye]."
The worm, which runs after the Windows XP boot-up music has played, deletes DLL and INI files to cause Windows to fail. It spreads automatically via an email entitled "Listen and Smile" and alters home page settings on Internet Explorer.
"It might be confusing to users because it says 'I am seeing you'," says Mikko Hypponen, director of antivirus research for F-Secure. "It's the only [worm] I have found speech on, but it is not too advanced because it is written is Visual Basic."
The worm has been rated as low risk by antivirus vendors.
The rest of the story
MY ADVICE endeavors at keen.com. The number is 1-800-275-5336 (800-ask-keen) + ext. 0329063 for tech stuff, 0329117 for running a small business, and 0329144 on investing. Want to CHAT, I use Yahoo's IM as the_web_ster. View me in the Friends & Family part of webcamnow.com, just click on "view cams", then in the Java window click on WebcamNow Communities drop down arrow & select Friends & Family. Under the live webcams look for & click on me "the_webster".
