Security and Privacy » browser

The problem with the Prefetch function in Firefox and Chrome

derek — Mon, 31 Jan 2011 11:01:23 +0000

Did you know that Firefox and Chrome both have a feature that fetches pages and links that it thinks you might be going to click on? This can slow down your computer and browsing dramatically. The majority of problems come up when using a search engine, particularly Google with its “preview function”.
The pre-fetch function in these browsers silently loads every link in the background and caches ( stores) the pages in your internet temporary files folder used by Firefox or Chrome. So far Internet Explorer has resisted the temptation to do this.
It also has another major problem when using security software that blocks dangerous or known malicious IP numbers or web addresses. You either get constant alerts about malicious pages attempting to infiltrate your computer or pop up warnings saying xxxx address or IP number has been blocked. Some security softwares will block you from the original page that you are attempting to visit because of the preloaded link to a potentially malicious site, that can lead to major problems with search engines. In 99% of the time, you have absolutely no intention of ever visisting that site, it is just Firefox or Chrome being helpful and preloading the pages for you

Here’s how to disable the Firefox prefetch setting.

1. Type about:config in the address bar and press ENTER. Agree to the warning that changing settings can cause problems

2. Locate and double-click the entry for
network.prefetch-next

3. Set it to false to disable this feature. Double-clicking on the setting will change it.

How to disable prefetch in Firefox

This is how to disable the prefetch function in Chrome:
1. Click the wrench in the upper-right corner.

2. Select Options

3. Select the Under the hood tab.

4. Uncheck “Use DNS pre-fetching to improve page load performance” . and then close the options page

Disable prefetch in Chrome

Beware of New year e-cards

derek — Sat, 01 Jan 2011 17:18:00 +0000

Please avoid all untrusted Happy New Year e-card links. The Shadowserver Foundation is warning of a new malicious and advanced botnet that has just been discovered and ressembles the Storm Worm designs.

New Fast Flux Botnet for the Holidays: Could it be Storm Worm 3.0/Waledac 2.0?
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20101230
Those of us here at Shadowserver hope you’re having a wonderful holiday season and are ready to bring in the new year. We were trying to relax and enjoy relatively quiet times until we noticed a new spam campaign that recently started. At first it looked like your regular old holiday e-card scams that have been around for years.

However, upon closer inspection it looks like we could be dealing with the next generation of Storm Worm or Waledac. If you consider Waledac to be Storm Worm 2.0, this looks like it could be version 3.0 or at least Waledac 2.0. There are no real version numbers of course, but we don’t have anything else to call it yet. What’s it involve you ask?

CHARACTERISTICS OF NEW BOTNET

Well here’s the list of what we’ve seen so far:

* Large scale Spam campaigns sending out e-mails with links
* New malicious domains that are fast flux! (TTL of 0 and name servers that frequently update IPs)
* Links are to several hacked websites hosting HTML pages that refresh to new malicious domains
* Links are also directly to new malicious domains
* Malicious domains hosting links to fake flash player and refreshes to exploit pages
* Malware installs that begin beaching to several hosts over HTTP (what we dubbed HTTP2p with Waledac)
* Malware that’s been updated to look a bit more like legitimate than past variants
* A very buggy network that is not often available (upstream devices not available)
* Changing/Updated binaries

AVOID THESE E-CARD MESSAGES:

Let’s start with the Spam Campaign. We’ve seen a multitude of subject lines and bodies. Below you’ll find a list of subjects we’ve seen and an example e-mail message. These are coming from all over the Internet with spoofed sender addresses.

Greeting for you!
Greeting you with heartiest New Year wishes
Greetings to You
Happy New Year greetings e-card is waiting for you
Happy New Year greetings for you
Happy New Year greetings from your friend
Have a happy and colorful New Year!
l want to share Greeting with you
New Year 2011 greetings for you
You have a greeting card
You have a New Year Greeting!
You have received a greetings card
You’ve got a Happy New Year Greeting Card!

List of public DNS services

derek — Sat, 11 Sep 2010 07:20:55 +0000

Until fairly recently, nobody bothered with changing their DNS server. Everybody used the ones provided by their ISP. Today, there are several providers worldwide that provide free public DNS service with additional features like blocking known malware sites, blocking known phishing sites, parental controls and some even say that their services are quicker and more reliable.

Here are a few of the better known and more reliable ones . It's up to you to choose the one that has the features or protection that you want.

You will find instructions on how to change DNS addresses on their webpages.

OpenDNS
208.67.222.222
208.67.220.220

Google Public DNS
8.8.8.8
8.8.4.4

Norton DNS (Symantec Corporation)
198.153.192.1
198.153.194.1

ScrubIT (ScrubDNS Inc.)
67.138.54.100
207.225.209.66

DNS Advantage (Neustar Inc)
156.154.70.1
156.154.71.1

Comodo Secure DNS (Comodo Security Solutions Inc.)
156.154.70.22
156.154.71.22

IE out of band patch

derek — Wed, 20 Jan 2010 19:10:30 +0000

This is an advance notification of one out-of-band security bulletin that Microsoft is intending to release on January 21, 2010. The bulletin will be for Internet Explorer to address limited, targeted attacks against customers of Internet Explorer 6, as well as fixes for vulnerabilities rated Critical that are not currently under active attack.

The full version of the Microsoft Security Bulletin Advance Notification for this release can be found at http://www.microsoft.com/technet/security/bulletin/ms10-jan.mspx.

Adobe Issues Critical Updates To Flash, AIR – Security Watch

derek — Thu, 10 Dec 2009 09:11:25 +0000

Adobe released new versions of Flash and AIR today to address vulnerabilities in both products. Applying these updates as soon as practicable is a good idea, as Flash vulnerabilities are popular exploit vehicles in the wild.

Click here to install Flash 10.0.42.34.

Click here to install AIR 1.5.3.

The expanded security advisory explains that critical vulnerabilities could provoke crashes or remote code execution. Adobe Flash Player 10.0.32.18 and earlier versions and Adobe AIR 1.5.2 and earlier versions on all platforms are vulnerable.

7 new vulnerabilities are described cursorily. A patch to an eighth and older vulnerability is also updated. Adobe issues thanks to 6 different researchers for the help they provided with the vulnerabilities.

The advisory also adds that Flash Player version 10.1, which Adobe expects to release in the first half of 2010, will be the last to support PowerPC-based G3 Macs. They are discontinuing support, including security updates, past that version because they are implementing performance enhancements not supported in those processors.

Mozilla fixes 16 flaws with Firefox 3.5.4:

derek — Thu, 29 Oct 2009 06:47:55 +0000

http://www.mozilla.org/security/known-vulnerabilities/firefox35.html#firefox3.5.4

Mozilla fixes 16 flaws with Firefox 3.5.4:

http://www.computerworld.com/s/article/9140008/Mozilla_fixes_16_flaws_with_Firefox_3.5.4

Mozilla today patched 16 vulnerabilities in Firefox, 11 of them critical, as it updated the open-source browser to version 3.5.4.

The 11 critical Firefox 3.5 vulnerabilities were located in a variety ofn components, including Web worker calls, the GIF color map parser, the string-to-number converter, a trio of third-party media libraries, and both the JavaScript and browser engines.