Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Firefox v. 26 now blocks Java software on all websites by default

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

December 11, 2013

Click here to order the best dedicated server and at a great price.

By now, you shouldn't be too surprised to learn that the latest release of version 26 of the Firefox web browser now blocks Java software on all websites by default, unless the user has specifically authorized the Java plugin to run from the getgo.

After all, Java security issues have been around from Day One when the language was created by Sun Microsystems about 22 years ago.

The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin beginning with Firefox 24, but decided to delay the change after dismayed users raised a big fuss about it.

Beginning with the version of Firefox that shipped yesterday, whenever the browser encounters a Java applet or a Java Web Start launcher, it first displays a dialog box asking for full authorization before allowing the plugin to launch at all.

Users can also opt to click "Allow and Remember," which adds the current webpage to an internal whitelist so that Java code on it will run automatically in the future, without further human intervention.

Mozilla's move comes after a series of security exploits made the Java plugin one of the most popular vectors for web-based malware attacks over the past few years. In fact, so many zero-day exploits targeting the plugin have been discovered that the Firefox developers have opted to give all versions of Java the cold shoulder, including the most recent one.

Mozilla plans to activate click-to-run for all plugins by default, although the Adobe Flash Player plugin has been given a pass so far, owing to the prevalence of Flash content on the web, but Adobe's software is also screened closely, as its products have also been vulnerable a lot to security attacks in the past few years.

In addition to the changes to the default Java plugin behavior, Firefox 26 includes a number of security patches, bug fixes and minor new features.

The official release notes are available on Firefox's website. As usual, current Firefox installations can be upgraded to version 26 using the internal update mechanism, and installers for the latest release are available from the Firefox homepage.

In other internet security news

Enthusiastic users of the CyanogenMod alternative Android firmware gained additional security yesterday, thanks to the integration of Open Whisper Systems' TextSecure protocol. This is still very new for now, but it bodes well for the near-term future of the technology.

Founded by internet security researchers Moxie Marlinspike and Stuart Anderson, Open Whisper Systems develops security software that can encrypt voice-over-IP (VoIP) phone calls and SMS/MMS messages, so the technology is far-reaching in today's business world.

Android device owners can install the company's TextSecure SMS security software by downloading it from the Google Play store. However, the company announced yesterday that the CyanogenMod project is also shipping the technology integrated into its firmwares by default, beginning with current nightly builds of version 10.2.

With TextSecure as part of the default CyanogenMod SMS software, users can choose any SMS application they want and enjoy secure messaging to other TextSecure-enabled devices automatically, whether they are running the software on Android or iOS.

"If an outgoing SMS message is addressed to another CyanogenMod or TextSecure user, it will be transparently encrypted and sent over the data channel as a push message to the receiving device," Marlinspike explained in a blog post.

"That device will then decrypt the message and deliver it to the system as a normal incoming SMS," he added.

However, in the event that the device doesn't support TextSecure, the messaging layer will fall back to an ordinary, unencrypted SMS channel.

To be sure, the in-firmware version of the technology supports all of the features of the standalone TextSecure app, including its key exchange protocol and support for multiple cryptographic algorithms.

According to the CyanogenMod team, the code is being integrated with the version 10.2 nightly builds as a trial balloon, but if it all goes well, it will be integrated into all future builds of CyanogenMod 11 as well.

Marlinspike praised the firmware team's willingness to include the technology yesterday, saying that doing so took a substantial commitment of time and resources.

"Their genuine resolve to protect their users from large-scale dragnet surveillance is truly remarkable in a world where most companies are instead angling to collect as much information about their users as possible," Marlinspike wrote.

Versions of the CyanogenMod firmware with TextSecure built in are available for a variety of devices via the project's download site.

In other internet security news

A massive hacker attack from many parts of the world has resulted in the theft of usernames and passwords for about 2.1 million accounts at Facebook, Gmail, Twitter, Yahoo and a few others, according to a report released this week by cybersecurity firm Trustwave.

The huge data breach was a result of keylogging software maliciously installed on an untold number of computers around the globe, Trustwave said.

The worm virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers, and located in the Netherlands.

On November 24, Trustwave researchers tracked that server, and they discovered compromised credentials for more than 93,000 websites, including:

  • 318,000 Facebook accounts
  • 70,000 Gmail, Google+ and YouTube accounts
  • 60,000 Yahoo accounts
  • 22,000 Twitter accounts
  • 9,000 Odnoklassniki accounts (a Russian social network)
  • 8,000 ADP accounts
  • 8,000 LinkedIn accounts
  • Trustwave immediately notified these companies of the security breach. They posted their findings publicly on Tuesday.

    "We don't have evidence they logged into these accounts, but they probably did," said John Miller, a security research manager at Trustwave.

    Facebook, LinkedIn and Twitter say they have notified and reset passwords for compromised users. Google declined to comment. Yahoo and ADP did not provide immediate responses as of 4.00 PM EST today.

    Miller added that his team doesn't yet know how the virus got onto so many personal computers. The hackers set up the keylogging software to route information through a proxy server, so it's impossible to track down which computers are infected.

    Among the compromised data are 41,000 credentials used to connect to File Transfer Protocol (FTP, the standard protocol used when sending files to the internet) and 6,000 remote log-ins.

    The hacking campaign started secretly collecting passwords on October 21, and it might be ongoing. Although Trustwave discovered the Netherlands proxy server, Miller said there are several other similar servers they haven't yet tracked down as of today.

    There could be a lot more Miller warned. If you need to know whether your computer is infected, just searching for programs and files won't be enough, because the virus running in the background is hidden, Miller said.

    Your best bet is to update your antivirus software and download the latest patches for Internet browsers, Adobe and Java.

    Of all the compromised services, Miller said he is mostly concerned with ADP. Those log-ins are typically used by payroll personnel who manage workers' paychecks. Any information they can see can be viewed by hackers.

    "They might be able to cut checks, modify people's payments, delete users or employes, etc," Miller speculated. The attack is very critical and should be considered serious.

    In other internet security news

    The Chinese government is pressuring Microsoft to extend support for its Windows XP operating system in order to escalate Beijing’s anti-piracy efforts and head off a potentially huge security threat to the country.

    Yan Xiaohong, deputy director of China’s National Copyright Administration, met Microsoft and other software companies in a bid to put some pressure on.

    He apparently claimed that ending support for Windows XP would create serious security risks for many computers in the country, with opportunistic cyber criminals looking to exploit security vulnerabilities in the OS once security updates end on April 8, 2014.

    It’s no secret that China is still heavily reliant on the outdated OS. According to StatCounter, it had a market share of just over 50 per cent in China last month, so there would appear to be some justification to Yan’s concerns.

    Having played that security card, he also appeared to suggest that Microsoft had made things difficult for Chinese users by halting sales of a low-priced version of Windows 7-– the second most popular operating system in the country with around a 40 percent market share.

    The argument here is that funnelling Chinese users towards a higher-priced Windows 8 will only result in greater instances of software piracy, something the central government appears finally to be acting upon.

    In July, Beijing spent US $160 million to replace pirated software in central and provincial government offices with the genuine product-- the second phase in a national plan to completely eradicate software piracy in the public sector.

    But to be fair to Microsoft, if some of this outlay was on XP licenses, the Chinese government really has only itself to blame. For the past 2 1/2 years, Microsoft has been warning Windows XP users that it will end its support of the OS in April 2014.

    For the record, China remains one of the world's worst offenders when it comes to software piracy. It had a piracy rate of 77 percent, or an industry worth around US $9 billion in 2011 alone, according to the Business Software Alliance.

    In other internet security news

    Overall, about 39 percent of all personal computers submitted for testing to a browser security test from Qualys were inflicted by critical security vulnerabilities that are mostly related to browser plug-ins.

    The findings are based on 1.4 million Browser Check computer scans, and they paint a picture of eCommerce buyers left wide open to potential attacks by cybercriminals just before the busiest online shopping period of the year.

    Overall, browser security vulnerabilities are routinely used to push malware at victims from compromised (often otherwise legitimate) websites through drive-by download attacks.

    For instance, Google's Chrome browser has close to 40 percent of its instances afflicted with a critical security vulnerability. And similar numbers also apply to Firefox and especially Internet Explorer, which have 35 percent and 41 percent of their instances vulnerable to attacks.

    Safari (at 29 percent) and Opera (at 34 percent) came in as the best of a bad bunch, according to the numbers from Qualys.

    The overall net population might be somewhat more secure simply because Qualys is looking at a sample of users who have taken the trouble to check their browser security in the first place.

    Qualys CTO Wolfgang Kandek says that browser plug-ins were a bigger part of the issue than core security software, and that the trend appears to be growing.

    "The browsers themselves are only part of the issue. More and more, we see most of them quite up-to-date, with Chrome leading the pack with 90 percent, Firefox at 85 percent and Internet Explorer trailing with 75 percent," Kandek explained.

    "The larger part of the puzzle is contributed by the plug-ins that we use to extend the capabilities of our browsers, led by Adobe Shockwave and followed by Oracle Java and Apple Quicktime," Kandek added.

    The overall message is very simple-- PC users should patch their computers, and particularly their browser plugins if they don't want to run a higher risk of getting victimized by banking trojans, spyware or similar annoyances.

    There are various tools available. Kandek has published further commentary on his findings, alongside a chart depicting the distribution of security vulnerabilities between browsers on the Qualys website.

    In other internet security news

    Symantec said this morning that it has discovered a new worm that exploits various security vulnerabilities in PHP to infect Intel x86-powered Linux devices.

    Symantec added that the malware threatens to compromise home broadband routers as well as other, similar equipment.

    But home internet equipment with x86 chips are few and far between. Most network-connected embedded devices are powered by ARM or MIPS processors, so the threat seems almost non-existent, at least to a certain degree.

    However, the security company claims that ARM and MIPS flavors of the Linux worm may be available anyway, which could compromise broadband routers, TV set-top boxes and similar gadgets.

    The software appears to exhibit some nasty attempts to use username and password pairs commonly used to log into home internet gear while still compromising a device.

    Specifically, the software nasty Linux.Darlloz takes advantage of web servers running PHP that can't follow query strings safely, allowing a hacker to execute arbitrary commands.

    Once a system is infected, the virus scans the network for other systems running a similar web server and PHP. It then tries to compromise those devices by exploiting PHP to download and run an ELF x86 binary, if necessary, logging in with trivial username-password pairs such as admin-admin, as found in poorly secured broadband routers and similar equipment.

    Once running on the newly infiltrated gadget, the worm kills off access to any telnet services running on it. The malware does not appear to perform any malicious activity other than silently spreading itself and wiping a load of system files.

    But again, this software is built for x86 processors, which aren't really used widely in embedded devices anymore, but ARM, PPC and MIPS versions may be available to download that could be more effective at targeting vulnerable equipment present in millions of homes today.

    "Overall, many users may not be aware that they are using vulnerable devices in their homes or offices, at least not now anyway" Symantec's Kaoru Hayashi wrote in a report about the malicious code.

    "Another nasty issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software," he added.

    To protect devices from potential attacks, Symantec recommends users and administrators place basic security protections in place, such as changing device passwords from default settings, updating the software and its firmware on their devices, and monitoring network connections and architecture to make sure that everything is safe.

    If you need reliability when it comes to SMTP servers, get the best, get Port 587.

    Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

    Share on Twitter.

    Source: The Mozilla Foundation.

    Click here to order the best dedicated server and at a great price.

    Save Internet's URL to the list of your favorite web sites in your Web browser by clicking here.

    You can link to the Internet Security web site as much as you like.

    Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
    Copyright © Internet    Terms of use    Privacy agreement    Legal disclaimer

    Click here to order our special clearance dedicated servers.

    Get your Linux or Windows dedicated server today.

    Click here to order our special clearance dedicated servers.