Less than a month after release, Firefox 3.5 receives an incremental update bringing the most current stable version to 3.5.1. As might be expected, the 3.5.1 update addresses several security and stability issues, as well as an issue that was making Firefox take a long time to load on some Windows systems, Mozilla says.
"We strongly recommend that all Firefox 3.5 users upgrade to this release," Mozilla said in a statement. "If you already have Firefox 3.5, you will receive an automated update notification within 24 to 48 hours. This update can also be applied manually by selecting 'Check for Updates...' from the Help menu."
On a related note, Mozilla said it is no longer supporting supporting Firefox 2.0.0.x, which "contains known security vulnerabilities." So in other words, pretty much every Firefox user should go grab the latest update.
Last month, a hacker calling himself Hacker Croll infiltrated an administrator's email account who works for Twitter, gaining access to the employee's Google Apps account, where Twitter shares spreadsheets and documents outlining business ideas and various financial details, said Biz Stone, a Twitter co-founder.
After doing so, the hacker sent all sorts of confidential documents to a pair of news blogs: TechCrunch and Korben. While the breach and subsequent sharing of information might have been embarrassing for Twitter, analysts say the attack highlights the bigger problem of people using the same password for ever site they visit.
According to security firm Sophos, 40 percent of Internet users use the same password for every website. And with so many personal details floating around social networking sites, it makes it that much easier for hackers to breach someone's account.
"A lot of the Twitter users are much living their lives in public," said Chris King, director of product marketing at Palo Alto Networks, which creates firewalls. "If you broadcast all your details about what your dog's name is and what hour hometown is, it's not that hard to figure out a password."
This won't come as a surprise to power users, but to avoid being hacked, use strong passwords that combine letters and numbers, change your passwords often, and don't use the same password for every site you visit.
Enter about:config in the browser's location bar
Type jit in the Filter box
If you'd rather not mess around with about:config settings, you can still disable JIT by running Firefox in Safe Mode, which is accessible from the Mozilla Firefox folder.
This week, Microsoft announced that DirectShow ActiveX code in Internet Explorer 6 and 7 that was reserved for future use has finally been used - by malware providers. The DirectShow Video ActiveX control in the msvidctr.dll file can be used to take over your system if you visit an infected website. According to Symantec, thousands of websites (primarily in China and other parts of Asia) have been affected.
Who's vulnerable? According to Microsoft Knowledge Base article 972890, Windows Server 2003, Windows XP SP2, Windows XP SP3, and Windows XP 64-bit edition are at risk if they haven't upgraded to IE8. IE8 is not vulnerable because the DirectShow ActiveX control being exploited was disabled in IE8. But, if you're still running IE7 (or - horrors! - IE6), what now?
Although Microsoft doesn't have a software patch, it's offering the next best thing: visit KB article 972890 to download and run Microsoft Fix it control 50287 to work around the problem (the same site also offers Microsoft Fix it control 50288 to disable the workaround). The woraround and disable workaround controls are distributed in .msi installer files. Microsoft also recommends the workaround for Windows Vista and Windows Server 2008 users who are still running IE7.
If you want to learn more about what the workaround changes, you can visit the Microsoft Security Advisory (972890) page. This page lists the CLSID values that must be changed. This information can be incorporated into a .reg file, or can be distributed to multiple PCs in a domain using Group Policy. For additional information, see Security Focus article 35558.
Networking in Windows 7 builds upon the drastic remodeling that occurred in Windows Vista. However, although some of the basic networking features in Windows 7 are similar to those in Windows Vista, many networking features have been improved in Microsoft's latest operating system. And, if you are moving up from Windows XP, you will find that Windows 7's network interface is a completely different animal than you've encountered before. Whether you're moving up from Windows Vista or Windows XP, join us after the jump to learn what's new and better in the main building blocks of Windows 7 networking.
Social networking is all fun and games until someone hijacks your social security number, sells it to the seedy underground world of cyber-crime, and ultimately destroys your credit. But does that really happen?
According to a new study, it very well could. Researchers at Carnegie Mellon University showed how social security numbers can be guessed using information found in sites like Facebook, MySpace, and other popular Web portals. And it's not just a freak occurrence, either. Using information culled from such sites, researchers were able to predict, on the first try, the first five digits of a person's social security number 44 percent of the time for 160,000 people born between 1989 and 2003.
"We live in a precarious time, where knowledge of a Social Security number, along with other information about one's name and date of birth, is sometimes sufficient to impersonate another individual," said Alessandro Acquisti, the study's lead author, in an telephone interview with Bloomberg.
Sites like Facebook leave personal information visible by default when creating a profile, and it's the birth data that is particularly telling, as the first three digits are assigned based on where a person lived at the time of obtaining a Social Security card. Using this information, Acquisiti said "the first five digits are easy to predict."
Many of our readers were taken off-guard when we rated Norton Internet Security 2009 a 9/Kickass in last year's antivirus roundup, and we even admit to being surprised at Norton's transformation from a resource-heavy sloth to a lean and competent antimalware package. We hope the trend continues, and we'll have a chance to see if it does now that Symatec has released beta versions of its upcoming 2010 releases to the public.
The new version features a new protection model codenamed Quorum and will put a heavier focus on reputation-based malware detection. While it won't replace existing signature-based detection for known threats, Norton says the reputation model can detect zero-day malware that's never been seen before.
"Our new approach changes the rules by both enhancing traditional security techniques to make them more aggressvie and by making it dramatically more difficult for attackers to evade detection by simply changing their malware," said Rowan Trollope, Symantec senior vice president, Consumer Business Unit.
Other features include an overhaul to parental control and spam filtering, more detailed information provided by Norton Insight, which identifies known good programs for faster scanning, and a new feature called Autopsy, which is designed to help the user understand what just happened when Norton automatically removes an infection.
Panda Security's free Cloud Antivirus, released in beta form just a couple of months back, has apparently been well received with "millions" of downloads. Based on feedback from those who have participated, Panda this week released the second beta for what it refers to as the first free cloud-based antivirus thin client.
Several new features and fixes have been added to the newest beta, some of which include:
Undo option for the Recycle Bin to recover deleted detections for a period of 3 days in case of false positives
Synchronous real-time Cloud scan
A response control mechanism that prevents programs from executing before they can be scanned
Background and on-demand scans no longer run simultaneously, improving overall scan times
For a full list of fixes of changes, as well as download instructions, see here.
No word yet on when the final release of Version 1.0 will go live, however Panda did say it plans to release a third beta sometime around September.
Celebrities have been dropping like flies in recent weeks, with Michael Jackson, Farrah Fawcett, Ed McMahon, and Billy Mays all having parted ways with the living. If you follow feeds on Twitter, you may have thought a lot more passed on, making you wonder if there really is something unsanitary flowing in Hollywood's water. That's because hackers have been gaining access to celebrity accounts and sending out bogus death notices for the likes of Britney Spears, Ellen DeGeneres, Jeff Goldblum, and P. Diddy.
"Britney has passed today," the fake tweet announced on Sunday. "It is a sad day for everyone. More news to come."
After learning of the message, Spears' staff tweeted that the pop singer's account had been compromised and that "She is fine and dandy spending a quiet day at home relaxing."
To gain access to celebrity accounts, hackers took advantage of a vulnerability allowing them to try every pin combination possible until one worked. Twitter claims a "fix has been put in place to prevent ths from happening."
Google on Monday released an update to its Chrome browser, bringing the current version to 126.96.36.199. The update -- which Chrome users should have received automatically -- fixes a critical security issue and two other networking bugs, Google says.
Prior to the update, Chrome was vulnerable to a buffer overflow in certain responses from HTTP servers. When exploited, a hacker could not only crash the browser, but potentially run code with the privileges of the logged on user.
Far less dangerous are the pair of networking bugs squashed with the latest update. No longer will NTLM authentication to Squid proxies fail when trying to connect to HTTPS sites, and Chrome should no longer crash when loading some HTTPS sites.