Redhots heah!....come getcha redhots!
Mozilla Foundation released an update to Firefox that fixes the following issues
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
This being said, it is always adviseable to turn of any functionality you don't
need AND recognize that just because a web developer types "trust me!" you
shouldn't blindly click without being prepared for surprises. I like using the
cookies, etc. without navigating through menus.
There has been plenty of dicussion about "luring" users into taking actions on
behalf of an attacker by creating objects for you to drag 'n' drop, then hiding
them behind, or hidden in, things like flash or images. Peruse the Bugtraq
archives and look for things like "firescrolling". While the browser developers
continue to play cat <-> mouse with the vuln devels, you should recognize that
with more "features" come more possible badguy avenues. I personally use a
text-only browser (links is my choice, but there are others such as lynx, elinks
& w3m) for most casual browsing, and fire up the ol' gooey when necessary, but
everyone's needs are different, I understand.
This tug-o-war between features and vulnerabilities reminds me of a conversation
I had with a colleague about anonymity. We agreed that to be a consumer of all
the technological wonders available (ATMs, voice mail, online pharmaceuticals,
etc.) you need to give something in return - the right to use any and all information that you provide for those services. Remember, friends, whenver information is out of your direct control, it is percisely that. Don't expect the technologists and developers to provide hack-proof solutions. Remember Microsoft's 10th : Technology is not a panacea. *These laws are MS's crowning security achievement, IMHO* If, instead, you prefer all of your personal details be safe and unreachable from the digital inquisitorial squads, you are quite welcome to change your identity, sell all of your technologically-acquired assets, and plant yourself somewhere in Garfield County, Montana (or the NE Kingdom of Vermont, for that matter). No offense, Rick!
Someone wrote in:
What you are seeing is RootkitRevealer noting NTFS metafiles.
Metafiles are listed in the MFT (Master File Table) but are not
intended for usersace access, thus are "hidden" from the Windows API.
RootkitRevealer identifies discrepancies between low-level access
results and API access results, thus can't make any determinations on
the integrity of metadata files.
for a good overview of NTFS particulars.
Port 41523 info
James Williams from CA wrote:
I have some additional information related to Handlers Diary February 24th 2005.
1) in the php-worm section, please note that eTrust-Iris does detect the malware. detection name is Perl/ShellBot!Worm, and latest signature version is 11.7.8963. earlier sig versions also detected it.
2) eTrust-Vet signature version 23.68.46 detects new versions of the malware. earlier sig versions also detected it.
3) in the "two ports moving as one" section, 41523/tcp is indeed used by ARCserve, but it is not used by eTrust AV 7.x.
Thanks for the update
Feb 26th 2005
|Thread locked Subscribe||
Feb 26th 2005
1 decade ago