A couple days ago Mozilla release its Firefox 4 Browser. Some key features to the new release make it faster, enhanced security, and more customizable for users. Click here to see WHAT’s NEW.

Keep in mind, if you choose to download it some of your old plug-ins may not be compatible. I am not sure if there are any previous plug-ins that are not being supported via updated releases. You might want to look into that if you have a favourite plug-in, or at least have a copy of the old Firefox still available.

Microsoft has not yet patched the .lnk vulnerability I wrote about last week. In the meantime, though, AV vendor Sophos has released a free tool that they claim will fix the problem.

This has been a serious issue. A number of malware writers have already released exploits targeting this flaw. Everyone should exercise even more caution than usual and avoid opening documents or clicking on links in email messages. Simply opening an infected MS Office document can lead to infection. Once computer is infected, it will infect any USB drives that are mounted and hide the infected files, using rootkit technology. This is a HUGE risk for businesses that allow users to transfer files back and forth between office and home computers.

Another word of caution involves a new rogue anti-virus – this time masquerading as a Firefox / Flash update. Check it out here. We are (and should be) always encouraging Clients to keep their brower plugins up to date – especially Flash, so you can see why this ruse would be effective.

Anyone who is tricked into purchasing one of the fake anti-virus programs can usually have the credit card charges reversed. Surprisingly, most do not. As long as people don’t bother to fight back, the fake anti-virus game will continue to generate profits, and as long as it is profitable, the bad guys will continue to find new and better ways to trick users into installing the rogues.

Dennis H in West Virginia, US

July 29, 2010

An excellent solution to add some speed while surfing the internet, has many useful features and once you get used to use is really useful.

Don’t just surf the web — command it!

Ubiquity is a time-saving Firefox extension that simplifies common web activities by letting you give commands to Firefox. Ubiquity includes about 80 commands for speeding up common web activities (searching, translating, mapping, emailing, etc.), but also provides an API so you can write your own commands using Javascript.

You can also share the commands you write, and subscribe to commands shared by other users.

To make it easy for users to run these commands, Ubiquity provides a unique pseudo-natural-language input method: You type what you want to do, and Ubiquity guesses what you mean and suggests the best-matching commands. For instance, you can select some foreign-language text on a web page, hit a hotkey to bring up the Ubiquity interface, and type “translate” (or just type “tr” and let Ubiquity figure out that you mean the translate command); then hit enter to have the selected text replaced, right in the page, with a translation to your language.

You can see a little demo or get it Here

Diego T in Cochabamba, BO

October 23, 2009

Here’s the reason that you should use a strong password for your webmail account. You may think those who may have personal reasons to want to get into your email account don’t have the sophistication to hack it, but they don’t need any hacking skills at all – they just need $100. Think about it – sooner or later someone is going to want to hurt you or see what is in your mailbox. $100 is and your password are the only things standing in their way.

Months after we have stopped talking about Conficker, it is still costing some folks a lot of money. Perimeter defenses notwithstanding, one employee with an infected computer at HOME, and a USB flash drive used to transfer files, was all it took to cause this London (UK, not Ontario) council a lot of money. An internal vulnerability scan, endpoint security, or locking down USB ports could have averted this.

Most of us are Firefox users – because there are so many great add-ons and features. Here is one more, and it doesn’t even require an add-on. Future versions of Firefox will automatically check for vulnerable versions of Flash. Flash vulnerabilities are one of the most common ways of infecting unsuspecting web-surfers.

Dennis H in West Virginia, US

September 8, 2009

Spyware comes in many forms, and spyware writers are always looking for new ways to take advantage of the unwary. This one masquerades as a plugin for Firefox. This is not malware of the botnet or password-stealing variety, but is does capture search data – and that is definitely spying.

There are still quite a few websites running on IIS 6 and IIS 5, especially small company sites. There is a newly discovered flaw that has not yet been patched by MS, but for which there is exploit code available on the internet. The vulnerability is in the FTP code, so FTP anonymous access should be turned off if it is not needed (or FTP disabled completely). IIS 5 is definitely vulnerable, and later versions may also be vulnerable, although less so. Locking down the directly structure is another way to mitigate this risk, since the exploit requires the ability to create a directly.

There is not much we more can do at the moment, except be aware of it and keep an eye on any sites that we know are running on these versions of IIS. More details can be found here and here.

Dennis H in West Virginia, US

September 2, 2009

The recent zero day security hole in Internet Explorer is a serious concern as it can allow a malicious website to get access to your computer.

Microsoft is currently working on a patch but until this is released they recommend several workarounds, I have pasted from their security advisory at the bottom, however these workarounds are not easy for a novice user, particularly because to choose one of them requires that you be able to evaluate which is the best for your own environment.

An easier option would be to install an alternative web browser, here at Nerds On Site we prefer Firefox which is recommended by such security researchers as Steve Gibson of Security Now podcast.

Here is the excerpt from Microsofts security advisory showing the available workarounds:

Based on our investigation, setting the Internet zone security setting to High will protect users from known attacks. However, for the most effective protection, customers should evaluate a combination of using the High security setting in conjunction with one of the following workarounds.

•	Disable XML Island functionality
•	Restrict Internet Explorer from using OLEDB32.dll with an Integrity Level ACL
•	Disable Row Position functionality of OLEDB32.dll
•	Unregister OLEDB32.dll
•	Use ACL to disable OLEDB32.dll

For additional workaround details, please see the following post: http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx#workarounds.

Each of these workarounds is equally effective in protecting customers; however, each workaround has different impacts based on the environment in which they are applied. We encourage customers to evaluate which of the workarounds would be least impactful to their environment, based on the impact statements included with each workaround.