Review: KeePass makes strong passwords and keeps them safe

Review: KeePass makes strong passwords and keeps them safe If you adopt just one security tool this year, make it KeePass. This free and open-source password manager is available for Windows, with unofficial ports for iOS, Android, Linux, and Mac OS X. A secure, lengthy, completely random password goes a long way towards improving your security–and having a separate password for each and every website and service you use is the single most important thing you can do to keep secure. For too many of us, the alternative to a password manager is using the same password everywhere. This means that if the user database of any one website you sign up for is compromised, hackers can (and often do) just try your username and password on many other websites and gain access. So, seriously: Use a unique, difficult password for each and every website you sign up for, no matter how little you plan to visit it. KeePass lets you keep all of these username/password pairs in a securely encrypted database, protected behind a single master password, which is the only password you're ever going to have to remember. And unlike commercial competitor LastPass, KeePass doesn't automatically put your password database in the cloud (although you can put it into Dropbox yourself). KeePass lets you quick-search for passwords and organize them into a complex tree of folders. KeePass features its own random password generator, so you don't have to come up with random passwords on your own. It includes a quick-search box where you can type just a fragment of a website's name to quickly find it on your list. The list itself is built to contain thousands of records, and you can subdivide it into folders and subfolders to keep things organized. KeePass isn't limited to just usernames and passwords, either: Each entry has several other fields, including a free-form Notes field which you can use for securely storing any sort of text. One way the baddies circumvent password protection is with a keylogger: an application (or a physical hardware dongle connected to your computer) that sits in the background, quietly logging every single keystroke you type, to later transmit this information to an attacker. With a keylogger installed on your system, an attacker could potentially learn every single word you type throughout the day, including all of your usernames and passwords. This is another thing KeePass protects against: Thanks to its AutoType feature, you never have to manually type individual website passwords. KeePass pastes them into the browser window using a combination of virtual keystrokes and clipboard obfuscation, making it all the more difficult for a keylogger to figure out what the password is. AutoType is sometimes finicky, but when it works, it's very useful. KeePass also lets you enter your master database password in a prompt protected by UAC, which protects it from any software keylogger that isn't running with Administrator rights on your machine. Get KeePass, and start using it right now. You'll thank yourself next time a major website breach vents thousands of usernames and passwords into cyberspace.
By Friendly Computers Copyright: 2010-01-28 Give us a call today: 281-554-5500 or visit Friendly Computers to schedule an appointment. http://www.pcworld.com/article/2026547/review-keepass-makes-strong-passwords-and-keeps-them-safe.html

Bug makes Java's latest anti-exploit defenses moot, claims researcher

Java's new security settings, designed to block "drive-by" browser attacks, can be bypassed by hackers, a researcher announced Sunday. The news came in the aftermath of several embarrassing "zero-day" vulnerabilities, and a recent commitment by the head of Java security that his team would fix bugs in the software. The Java security provisions that can be circumvented were introduced last December with Java 7 Update 10, and let users decide which Java applets are allowed to run within their browsers. The most stringent of the four settings is supposed to block any applet not signed with a valid digital certificate. Other settings freely allow most unsigned applets, execute unsigned applets only if Java itself is up to date, or display a warning before unsigned applets are allowed to run. But according to Adam Gowdiak, CEO of Security Explorations, none of the settings can stymie an attacker. "What we found ... is that unsigned Java code can be successfully executed on a target Windows system regardless of the four Java Control Panel settings," Gowdiak wrote in a message posted Sunday to the Bugtraq mailing list. In an email reply to questions Sunday, Gowdiak said there was a single vulnerability that makes the bypass possible. "It could be used to successfully launch unsigned Java code on a target system regardless of the security level set by the user in Java Control Panel. [The] 'High' or 'Very High' security [setting] does not matter here, the code will still run," he said. After discovering the vulnerability and creating a proof-of-concept exploit that worked on Java 7 Update 11 -- the version released two weeks ago -- running on Windows 7, Gowdiak reported the bug to Oracle. His discovery makes moot -- in theory at least -- Oracle's latest security change. When it shipped an emergency update on Jan. 13 to quash two critical Java browser plug-in vulnerabilities, including one that was actively being exploited by cyber criminals, Oracle also automatically reset Java to the "High" security level. At that setting, Java notifies users before they can run unsigned applets. Although there's no evidence of hackers exploiting the newest vulnerability, Gowdiak hinted that it wouldn't be difficult for them to do so. "It should be considered in terms of a big miss by Oracle," Gowdiak said. "We were truly surprised to find out how trivial it is to bypass these new security settings." Hackers have stepped up their attacks against Java and its browser plug-in, with some security firms estimating that they account for more than half of all attempted exploits. Most often, Java exploits are used to conduct "drive-by" attacks, or ones that install malware on PCs and Macs after their owners simply browse to compromised or malicious websites. Gowdiak published his claim just days after Oracle released a recording of a conference call between Milton Smith, the senior principal product manager who oversees Java security, and Java user group leaders, to discuss the recent vulnerabilities and steps Oracle was taking. During the call, Smith touted the security enhancements to Java 7, including the introduction of the settings in Update 10, and the change of the default from "Medium" to "High" in Update 11. "[They] effectively make it so that unsigned applets won't run without a warning," Smith said of the security settings. "Some of the things we were seeing were silent exploits, where people would click on a link in an email and unwittingly compromise a machine. But now those features really prevent that. Even if Java did have an exploit, it would be very hard to do it silently." According to Gowdiak, that's exactly what the newest vulnerability could let attackers do. "Recently made security improvements to Java 7 don't prevent silent exploits at all," Gowdiak wrote on Bugtraq. When asked how users who must run Java in their browser should protect themselves against possible exploits, Gowdiak repeated his earlier suggestion that people turn to a browser with "click-to-play," a feature that forces users to explicitly authorize a plug-in's execution. Both Chrome and Firefox include click-to-play. "That may help prevent automatic and silent exploitation of known and not-yet-addressed Java plug-in vulnerabilities," Gowdiak said.
By Friendly Computers Copyright: 2010-01-28 Give us a call today: 281-554-5500 or visit Friendly Computers to schedule an appointment.

Mega: Hands-on with the encrypted cloud storage service

Get ready for Mega from the flamboyant Kim Dotcom. The Internet entrepreneur and accused digital outlaw recently launched Mega (short for Mega Encrypted Global Access), a new file storage and sharing service that features 50GB of free storage. Mega is just one component of what Dotcom and his team hope will be a suite of online encrypted services from Mega Ltd. including email, voice calling, instant messaging, and video streaming. For now, Mega is a Web-based end-to-end encryption file storage service that encrypts your files in the browser before uploading them to Mega's servers. You can also use Mega to share files with others, and add other Mega users to your contact list for easy drag-and-drop sharing. I've been playing around with Mega recently, and the service is pretty slick. However, it also appears that a few lingering bugs hamper overall functionality of the service. Let's take a look. Mega browser megaMega's Browser instructions (click to enlarge). Mega says it "pushes the browser to its limits" thanks to the technology it uses for encryption and file transfers. All the current versions of the major browsers (IE, Safari, Firefox, Chrome, and Opera) are supposed to be compatible. The problem is all except one work very poorly. Use of Internet Explorer 10, for example, has a bug that forces you to close and reopen your Mega tab every hundred megabytes or so worth of uploads, according to Mega. For best results use Google Chrome; Mega says its only deficiency is lower-grade text rendering. Chrome also has the added advantage of allowing you to upload folders with one drag-and-drop action. Getting started megaMega's start screen (click to enlarge). To get started, click "Register" at the top right-hand side of the page. Then enter your name, email address, and a password. Make sure you use a particularly strong password with sufficient length and random characters, since your password also serves as the master encryption key for your account. You will then have to click on a confirmation link you receive via email before you can start using the service. megaMega creates an encryption key for file management. Once you confirm and sign in, Mega will create a 2048-bit RSA public/private key pair for the service's encryption features. megaManage files at the dashboard (click to enlarge). After that's done, you will arrive at your file manager dashboard where you can upload and download files, share public links to files, and share files with other Mega users. At the far right is a drop-down menu aptly titled "Menu" that contains links to Mega's blog, pricing for Pro accounts, help, terms of service, and other informational links. On the left side is the Cloud Drive showing all your uploaded files, and navigation links to the trash bin, your inbox, and contacts. To add a contact, just click on the contacts section and click "Add contact" at the top of the page. Once the person signs up for Mega they will be automatically added to your contacts list. One of the handier features in Mega is that you can share files with other Mega users by dragging and dropping a file to their name in your contacts section. Mega plans to add Instant Messaging to the service so you will be able to do more than just send and receive files with your contacts. If someone shares a file with you, it will pop up as a notification in your Mega inbox. You can then decide what to do with the file. Adding files from your desktop is a pretty straightforward process. You can either drag and drop files right onto your file manager, or you can click the upload buttons at the top of your cloud drive. File uploads are monitored in the lower half of the screen. In my tests, file uploads were a little slow, possibly because of the encryption process, and it took a few minutes before the file was listed on my cloud drive even after the upload was complete. Complete folder uploads are also available and are added the same way files are, but only Chrome users can add folders from their desktop. megaFile management functions (click to enlarge). Right-clicking a file shows you several menu items, including the capability to download a file; get a link; rename a file; move, copy, remove, and reload. You can also drag and drop your files into new folders. Similar to Windows Explorer, you can expand folders and subfolders in the left-hand column and then drop files directly into subdirectories. megaFile-sharing options (click to enlarge). You can share a file with anyone, regardless whether they have a Mega account. To share a file, you either right-click on the file and select "Get link," or you can click the link icon to the far right of the file name. Either method will open a window that shows you an extremely long link to your file that includes a secret key (a string of numbers and letters). Mega URLs are composed like so: https://mega.co.nz/#!FileAddress!SecretKey. For someone to access this file, they will need both the file's URL and the key. Mega warns that if the secret key is exposed, anyone can access and download your file. If you are concerned about keeping your files private, Mega suggests you should not share the key through insecure channels such as plain email. To hide the file key, just uncheck the "File key" checkbox and then copy the file's URL to the clipboard. You can then send the link to the file via email, and then send the key in an encrypted email or IM session. Because files and folders are encrypted on Mega's servers, the site cannot supply thumbnail previews of images or video, offers no online streaming component for video and audio files. Folders Sharing a folder is a little different from sharing a single file, and you can share folders only with other Mega users. If you share a folder with someone who is not a Mega user, they must sign up for an account in order to access it. megaFolder-sharing options (click to enlarge). To get started, right-click the folder and select "Sharing." You will then get a pop-up window where you can see a list of users with whom you have already shared the folder, and can add new users. To add someone, enter their email address and choose the level of access you want them to have, which ranges from read-only, read & write, or full access. Once a folder is shared, the folder icon in your main file manager dashboard will have a hand underneath it to indicate it is a shared folder. Folders that others have shared with you will appear in a list under your friend's name in the contacts section. Let's say Tom@gmail.com shares a file with you. The shared folder will appear under Tom's email address in your contacts section where you can, depending on your level of access, add or delete files. This could be a great feature for group collaboration on a set of files, or to share a photo folder with family and friends, but sharing is where Mega starts running into problems. Bugs, bugs, and more bugs I came across many bugs during my Mega tests even while using Chrome. The most obvious problem is an SSL encryption error that denies access to the site or specific pages in the site. A few times I couldn't even open the site's help page because of the SSL issue. You can usually fix the problem by refreshing the page once or several times, but in some cases you may have to close the page and start over. File sharing is also problematic. Sending files and folders to others is no problem, but once someone receives the file, they may have problems accessing them. I shared a file with one of my dummy accounts for testing as well as to a colleague's account. In both cases the file was "Temporarily unavailable" for download, even up to an hour after the file landed in the other Mega account. Kim Dotcom at the Mega introductionHarley Ogier /PCWorld New ZealandKim Dotcom at the Mega introduction. Mega also says that you can stop and restart interrupted uploads and downloads as long as you don't close your current browser tab. In my tests, this didn't appear to the case. Interrupted uploads and downloads are supposed to restart automatically. But when I pulled the wired connection out of my PC and switched to Wi-Fi, that didn't happen. The uploads just stalled and I eventually had to cancel them and restart. Perhaps the worst bug of all, however, is one that prevents you from signing in to Mega. This caused me to lose access to a dummy account. Even though I entered the password correctly, Mega kept telling me there was a log-in error. I thought I might have forgotten my password, until a colleague said the same thing happened to him. That's a big problem, since Mega does not have an account recovery process. Part of Mega's setup is that all encryption takes place in the browser and the company doesn't have access to your encryption keys, preventing them from knowing the content of your files. So if you lose access to your account by forgetting your password, which is also your master key, you're out of luck. Finally, a warning If you decide to use Mega, whatever you do, do not, I repeat, do not rely on Mega as the sole location for any of your files. You absolutely must have backups on your local hard drive, on another cloud service, on a thumb drive, on Gmail, anywhere. The reasons for this should be obvious for anyone who keeps up with tech news, but in case you're new here, let me spell it out for you. Kim Dotcom and his Mega co-founders are also the brains behind MegaUpload, which was shut down by U.S. authorities last January. Dotcom and his cohorts were charged with criminal copyright offenses, among other charges, and are currently facing extradition from New Zealand to the United States. MegaUpload, and its complementary services such as Megavideo, were widely seen as havens for pirated content. It's not clear if Mega will share the same fate as MegaUpload, but it's pretty much a given that law enforcement will be watching Mega very closely. If, one day, Mega is shut down in a similar manner to MegaUpload, all your files could be gone for good. Mega may be a useful service, but there is no way you can trust it as the sole repository of your files on a long-term basis. Mega introductionHarley Ogier /PCWorld New ZealandDecorations at Mega's launch. Bottom line Overall, Mega could be a very good service one day; however, several bugs need to be fixed and, considering Kim Dotcom's infamous reputation, you would be crazy not to have copies of your Mega files stored elsewhere. For now, I would not recommend paying for Pro accounts until some of the service's problems are solved. Once they are, however, you can purchase three different Pro accounts. Pro I provides 500GB of storage for $10 per month. Pro II includes 2TB of storage for $20 per month, and Pro III offers 4TB storage for $30 per month. Dotcom and his friends have big plans for Mega. Feature enhancements slated for the coming months include mobile apps for multiple platforms; calendar, word processing, and spreadsheet Web applications; instant messaging; and desktop file mounts for Windows, Mac OS X, and Linux. Let's just hope the team fixes Mega's bugs before adding new stuff
By Friendly Computers Copyright: 2010-01-28 Give us a call today: 281-554-5500 or visit Friendly Computers to schedule an appointment.

SSDs vs. hard drives vs. hybrids: Which storage tech is right for you?

In times past, choosing the best PC storage option required merely selecting the highest-capacity hard drive one could afford. If only life were still so simple! The fairly recent rise of solid-state drives and hybrid drives (which mix standard hard drives with solid-state memory) have significantly altered the storage landscape, creating a cornucopia of confusing options for the everyday consumer. Yes, selecting the best drive type for a particular need can be befuddling, but fear not: We’re here to help. Below, we explain the basic advantages and drawbacks for each of the most popular PC storage options available today. Tuck away this knowledge to make a fully informed decision the next time you're shopping for additional drive space. Hard-disk drives Hard-disk drives have been the default storage component in desktop and laptop PCs for decades. As a result, the term "hard drive" is now the common descriptor for all storage hardware—the digital equivalent of "Q-Tip" or "Band-Aid." Although modern hard-disk drives are far more advanced and higher-performing than their counterparts from yesteryear, on many levels their basic underlying technology remains unchanged. All hard-disk drives consist of quickly rotating magnetic platters paired with read/write heads that travel over the platters’ surfaces to retrieve or record data. HDD interiors almost resemble a high-tech record player. The technology is mature, reliable, and relatively inexpensive compared with other storage options; most hard-disk drives can be had for only a few cents per gigabyte. Hard-disk drives are available in relatively high capacities too, with today’s largest drives storing up to 4TB of data. Usually hard drives connect to a system via the ubiquitous SATA (Serial ATA) interface, and they don’t require any special software to work properly with current operating systems. In other words, traditional hard drives are spacious, simple, and comparatively dirt-cheap. Hard-disk drives don’t perform nearly as well as solid-state drives or even hybrid products do in most situations, however. Today’s fastest hard drives can read and write data at more than 200MB per second with sub-8ms access times, but those numbers are significantly worse than the speeds of even some of the most affordable solid-state drives (which I'll cover in a bit). The faster the platter rotation speed, the faster the hard drive. For example, a 7200-rpm drive outperforms a 5400-rpm drive. Hard-disk drives are best suited to users who need vast amounts of storage and aren’t as concerned about achieving peak system performance. If you're an everyday PC user who sticks mostly to email, Web browsing, and basic document editing, a standard hard drive should suit you fine. Just don't tinker around with someone else's SSD-powered PC, because once you've gotten a taste of a solid-state drive's blazing read/write speeds, it's hard to go back to even the speediest of traditional hard drives. Solid-state drives Several manufacturers offer SSDs. The HDD market is much more condensed. On many levels, solid-state drives are similar to hard drives. They usually connect to a system by way of the SATA interface (though PCI Express-based drives are also available for ultrahigh-performance applications), and they store files just as any other drive does. SSDs, however, eschew the magnetic platters and read/write heads of hard-disk drives in favor of nonvolatile NAND flash memory, so no mechanical parts or magnetic bits are involved. By ditching the relative slothfulness of moving parts, solid-state drives deliver much better performance. They're the fastest storage option available. And not only can SSDs read and write data much faster than hard drives with most workloads, but they can also access the data much more quickly as well. Whereas the fastest hard drives can read and write data at about 200MB per second and access data in a few milliseconds, the fastest solid-state drives can achieve 550-MBps (or higher) transfers that essentially saturate the SATA interface, and their typical access times are a fraction of a single millisecond. In a nutshell, SSDs make for a much snappier, much more responsive system, with lightning-fast boot times, application launch times, and file-transfer speeds. Another huge SSD advantage is durability. Because they have no moving parts, solid-state drives aren’t susceptible to damage or degraded performance from vibrations or movement. Drop a system or laptop containing a traditional hard-disk drive, and you have a very real chance of corrupting your data. But a solid-state drive won’t—can't—skip a beat. Solid-state drives aren't without disadvantages, though. For one, SSDs are much more expensive than hard drives in terms of cost per gigabyte. Good, consumer-class solid-state drives run about $0.70 to $1.00 per gigabyte, whereas hard drives cost only a few cents per gigabyte. Solid-state drives don’t offer anything near the capacity of hard drives, either: The most popular SSDs have capacities of about 120GB to 256GB, with 512GB to 1TB models reserved only for those with gargantuan budgets. OCZ's Vector SSD is one of the fastest around. SSD performance also varies depending on how full the drive is, or if it has been purged of data. Idle garbage collection or a feature called TRIM can help restore the performance of a “dirty” SSD, but that requires driver and OS support. (Windows 7 and 8 support TRIM.) Because the capacity is relatively small and performance is affected by how full the drive may be, many SSD users find themselves regularly moving less-performance-intensive data (such as documents or media collections) off their solid-state drives and onto traditional hard drives. Another concern: When SSDs fail, they tend to do so without warning. Hard drives, however, will usually start to show signs of failure by throwing a S.M.A.R.T. error or suffering from a few bad blocks. In our experience, SSDs simply die without waving many—if any—red flags. Solid-state drives are best suited to savvy PC users who seek high performance. If you don’t mind managing multiple volumes and you have the budget, pairing a fast SSD with a high-capacity hard drive will result in the best of both worlds. The SSD can hold the OS and your most frequently used applications, while the hard drive can handle the bulk-storage duties. Managing multiple storage volumes can be a bit of a pain for casual PC users; if you know your way around a PC, however, combining a fast SSD and large hard-drive storage is a great, high-performance approach with minimal compromise. If you're considering making the jump to a solid-state drive, check out PCWorld's ultimate guide to SSDs, which reviews seven of the top SSDs on the market today. Hybrid hard drives SeagateHybrid drives such as the Momentus XT offer the best of both worlds, but fulfill that promise only to a certain extent. Hybrid hard drives blend HDD capacity with SSD speeds by placing traditional rotating platters and a small amount of high-speed flash memory on a single drive. Hybrid storage products monitor the data being read from the hard drive, and cache the most frequently accessed bits to the high-speed NAND flash memory. The data stored on the NAND will change over time, but once the most frequently accessed bits of data are stored on the flash memory, they will be served from the flash, resulting in SSD-like performance for your most-used files. Some of the advantages of hybrid storage products include cost, capacity, and manageability. Because only a relatively small solid-state volume is required to achieve significant performance gains, a large investment in a high-capacity SSD isn’t necessary. Hybrid drives tend to cost slightly more than traditional hard drives, but far less than solid-state drives. And because the cache volume is essentially hidden from the OS, users aren’t required to cherry-pick the data to store on the SSD to prevent it from filling up. The hybrid storage volume can be as big as the hard drive being used, and can serve as a standard hard drive. Boot times also see some improvement. OCZThe OCZ RevoDrive Hybrid. Where hybrid products falter is with new data. When writing new data or accessing infrequently used bits, hybrid products perform just like a standard hard drive, and new hybrid drives have a "break-in period" while the software learns which data to cache. Due to the fact that hybrid products rely on caching software, they can also be somewhat more difficult to configure. For users who don’t want the responsibility of managing multiple volumes or who don’t constantly work with new data, a hybrid drive can be a great option to improve system performance—all without having to give up any capacity or having to deal with the headaches of using separate solid-state and hard-disk drives. DIY hybrid storage configurations That being said, some people create DIY hybrid storage configurations by linking a standard hard drive and an SSD with specialized caching software. (This is not the same as simply plopping both an SSD and an HDD into your PC.) Solid-state cache drives often ship with proprietary caching software included, though you can also take advantage of Intel's Smart Response Technology if you want to use an SSD that isn't specifically marketed as a cache drive. Functionally, the setup performs the same as a typical hybrid drive, though stand-alone SSD caches often come in larger capacities than the paltry flash storage you'll find on most self-contained hybrid drives—meaning more of your data will receive an SSD-powered speed boost. On the other hand, you'll have to buy both a hard-disk drive and a solid-state drive, which can get pricey. You'll also need to configure the setup manually, whereas self-contained hybrid drives are much more of a plug-and-play option.
By Friendly Computers Copyright: 2010-01-28 Give us a call today: 281-554-5500 or visit Friendly Computers to schedule an appointment. http://www.pcworld.com/article/2025402/ssds-vs-hard-drives-vs-hybrids-which-storage-tech-is-right-for-you-.html

Oracle releases Java fix, but security concerns remain

Oracle released Java 7 update 11 (Java 7u11) on Sunday following a warning from the U.S. Computer Emergency Readiness Team (US-CERT) advising users to disable the software due to a serious and previously unknown security vulnerability. Even with the available fix, CERT, part of the Department of Homeland Security, is still advising users to disable Java on their systems unless running the software is “absolutely necessary.” [RELATED: Time to Give Java the Boot?] The so-called Zero Day flaw was actively being used to secretly install malware on systems of unsuspecting victims and the exploit affected Windows, Mac, and Linux users, according to CERT's security bulletin. The vulnerability affects versions of Java 7, and does not apply to Java 6. What Java 7u11 does The biggest change for users with the newest version of Java is that now all unsigned Java applets and Web start applications are click-to-run. This means you must explicitly authorize Java to run in your browser nearly every time you come across Java on the Web. Java is a cross-platform programming language often used online for Web content and applications such as games and interactive charts. Oracle's vulnerability fix affects only users running Java in their browsers, and does not apply to servers, desktop applications, or embedded Java apps. Oracle is also calling on users to update their systems as soon as possible. “Due to the severity of these vulnerabilities,” Oracle's security alert reads. “Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible.” Oracle's latest Java snafu is prompting calls by some to completely rewrite Java from the ground up due to its popularity as a way to attack PCs. The latest Java vulnerability comes close to five months after Oracle released updates to Java for three major security holes in late August, two of which were actively being used by malicious hackers. You can download the latest Java update from Oracle's Website. If you'd like to follow CERT's advice and disable Java, Oracle has a step-by-step instruction guide for Windows users. If you need Java and can't turn it off, check out Computerworld's tutorial on how to be as safe as possible with Java. How to disable Java If you'd like to disable Java just in a specific browser, here's how to do it: Chrome: type Chrome://plugins into the address bar and hit enter. Look for the Java plugin and click the “Disable” link. java chrome disableThe chrome://plugins page in Windows 7 (click to enlarge). Firefox: click on the orange Firefox button on the left and select “Add-ons.” Then in the page that opens select “Plugins” from the left-hand side. Look for the Java platform plugin and click the disable button. java firefox disableThe Firefox plugins page in Windows 7 (click to enlarge). Internet Explorer: you cannot disable Java for Internet Explorer the same way you can for Chrome and Firefox. Instead, follow Oracle's step-by-step instruction guide to disable Java system-wide.
By Friendly Computers Copyright: 2010-01-28 Give us a call today: 281-554-5500 or visit Friendly Computers to schedule an appointment.

Microsoft issues fix for older versions of IE

Microsoft has released a quick fix for a vulnerability in older versions of its Internet Explorer browser that is actively being used by attackers to take over computers. The vulnerability affects IE versions 6, 7 and 8. The latest versions of the browser, 9 and 10, are not affected. The company occasionally issues quick fixes as a temporary protective measure while a permanent security update is developed if a vulnerability is considered particularly dangerous. Microsoft issued an advisory on Saturday warning of the problem, which involves how IE accesses "an object in memory that has been deleted or has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code. The vulnerability can be exploited by manipulating a website in order to attack vulnerable browsers, one of the most dangerous types of attacks known as a drive-by download. Victims merely need to visit the tampered site in order for their computer to become infected. To be successful, the hacker would have to lure the person to the harmful website, which is usually done by sending a malicious link via email. Security vendor Symantec described such a scenario as a "watering hole" attack, where victims are profiled and then lured to the malicious site. Last week, one of the websites discovered to have been rigged to delivered an attack was that of the Council on Foreign Relations, a reknowned foreign policy think tank. The attack delivers a piece of malware nicknamed Bifrose, a malware family first detected around 2004. Bifrose is a "backdoor" that allows an attacker to steal files from a computer. Symantec wrote that the attacks using the IE vulnerability appear to be limited and concentrated in North America, indicating a targeted attack campaign. Since the attacks already under way before the vulnerability was discovered, Symantec said it "suggests a high level of sophistication requiring access to resources and skills which would normally be outside most hackers capabilities."
By Friendly Computers Copyright: 2010-01-28 Give us a call today: 281-554-5500 or visit Friendly Computers to schedule an appointment. http://www.pcworld.com/article/2023602/microsoft-issues-fix-for-older-versions-of-ie.html