Tech Insider

Wednesday, March 23, 2005

Firefox Patched for Netscape-Era Flaw

The Mozilla Foundation has preemptively patched its Firefox Web browser to guard against attacks that could conceivably exploit a hole in Netscape-era legacy code.

The code was used by Netscape engineers as a method to animate GIFs, but lacks protection against specially crafted images that can be used to execute arbitrary code. The exploit was first disclosed by Internet Security Systems.

"To deliver our users the experience they deserve, we must stay ahead of the curve in patching potential vulnerabilities," said Chris Hofmann, director of engineering for the Mozilla Foundation.

"For example, the bug patched in this update has no known real world exploits, and we were able to provide a quick response."

The previous point release of Firefox, version 1.01, inoculated users against potential security threats and included a workaround for a well publicized spoofing vulnerability stemming from the browser's implementation of the Internationalized Domain Names (IDN) standard.

This week, security Researchers at Symantec published a biannual Internet Threat Report that tabulated a total of 21 vulnerabilities, seven of which were deemed "critical," in Mozilla-based browsers in the second half of 2004. Microsoft's Internet Explorer browser suffered nine critical bugs during that time.

Download Firefox 1.0.2

Source: BetaNews

Yahoo! Mail To Upgrade To 1GB

Beginning in late April, Yahoo will upgrade free users to the new storage limit of 1GB, up from its current 250MB. The company said it will take about two weeks for all Yahoo Mail users to see the boost.

Yahoo's storage upgrade comes one week after Google started offering Gmail accounts to random visitors of its home page. This has led to heightened speculation in news articles and blogs that Google plans to open Gmail's doors to the public on April 1, a year after it launched in its current test form.

Brad Garlinghouse, Yahoo's vice president of communications products, said in an interview that Yahoo Mail's storage upgrade was not in response to Google's latest moves. Instead, he said Yahoo is "paying attention to what users are doing and how they're using their in-boxes."

Since Gmail premiered last year, free e-mail has changed. Popular Web mail services such as Yahoo and Microsoft's Hotmail had offered strict storage limitations to their in-boxes, and required people to pay extra for additional space.

Shortly after Gmail was released, Yahoo announced plans to boost its storage to 100MB from 4MB, and then upgraded it again to 250MB in November. Subsequently, Microsoft said it would implement its own storage boost to 250MB.

Besides the 1GB of storage, Yahoo Mail will offer antivirus scanning. The service currently uses Symantec's Norton Antivirus to detect viruses, but prohibits people from opening the attachment instead of ridding the file of its infection.

Source: CNET News

Monday, March 21, 2005

Trojan Attacks Continue To Grow

Security threats that try to steal confidential information or compromise IT systems continued to increase during the last six months of 2004, according to the latest Internet Security Threat Report from security vendor Symantec Corp. Businesses suffered an average of 13.6 attacks per day in the second half of last year, up from 10.6 daily attacks in the first six months of the year, the report says. And there were 1,403 new vulnerabilities discovered during that period, a 13% increase from the previous six months.

Symantec says malicious code designed to expose confidential information made up more than half all code samples picked up by the vendor. And Trojan horses by themselves made up a third of all the malicious code.

Phishing, the report says, continues to be a major problem, and the threat is growing. Symantec last July blocked around 9 million phishing incidents per week. By December, the amount grew to around 33 million per week. Symantec says its Brightmail AntiSpam software blocked most of those attempts.

Symantec says Slammer, or the Microsoft SQL Server Resolution Service Stack Overflow Attack, was still the most common kind of security attack seen. And financial-services companies faced more serious attacks than other companies, experiencing around 16 severe events for every 10,000 security events.

Source: Information Week

Google's Library Up and Running

It seems that Google Print results are beginning to appear on searches. For those who don't know, Google has been scanning from libraries from some of the world's greatest universities in order to compile a freely accessible online library. An easy way to turn up these results is to simply type "book", and then whatever you want to search for. For instance, book origin of species will turn up the full text of Charles Darwin's controversial treatise. 20,000 leagues, Oliver Twist and Pride and Prejudice and m o r e are all there in full. It'll be interestin to see how publishers deal with this if demand for these books declines. In the meantime, would anyone like to point out any good books?" Hopefully, Google can also start to index some books that are being released in the Creative Commons/alternative open licenses.

ISS Finds McAfee Bugs

Internet Security Systems (ISS), an Atlanta based Security research firm, has issued a warning to users deploying McAfee antivirus software, concerning a serious flaw that poses a threat to a user's confidential information.

According to reports the flaw was detected in several versions of McAfee's products. The company website claims that the vulnerability involves a flaw in the processing of LHA files by an antivirus library which provides an opportunity to possible stack overflow attacks. The vulnerability can be triggered by a remote attacker without the need of user interaction, by sending an e-mail containing crafted LHA file to the target McAfee antivirus library on user's computer.

McAfee antivirus library prior to version 4400 are susceptible to such attacks.

ISS had recently unearthed a vulnerabilities in security packages such as Symantec, F-Secure and Trend Micro. While that of Symantec involved the processing of UPX compress files, the other two had issues with the handling of archive (.arj) files.

Source: TechTree

Sunday, March 20, 2005

Yahoo Not To Support Firefox

Yahoo took a step back Friday and told ZDNet Australia a pledge by a representative in its Australian division for full support of Firefox was "factually inaccurate." According to a representative from the American arm of the company, there are "so many different products" on its network that it is likely there are some products which would not work with the open-source browser.

Yahoo was the first of the major services to officially announce a plugin for the browser, releasing the Yahoo! Toolbar for Firefox last month. However, users of the toolbar had to switch to Internet Explorer to use some of the services that the toolbar provides. Yahoo however did say a Firefox-compatible version of its Avatar Customization Service for its messaging client is on the way, although they have no launch date at this time.

Source: BetaNews

Google's Open Source Page

Google launched, a site for external developers interested in Google-related development. "It's where we'll publish free source code and lists of our API services," Google said as it unveiled the site, adding: "We really care about free and open source software (F/OSS) at Google, and this site is one aspect of that affection."

Source: Linux World

Yahoo! Buys Flickr

Yahoo has purchased online photo-sharing service Flickr, less than a week after the Internet giant launched a beta test of a new blogging tool.

Vancouver, British Columbia-based Flickr lets users upload digital photos from computers and camera phones, put together photo albums, and post photos to blogs, among other things.

Joanna Stevens, a spokeswoman for Sunnyvale, Calif.-based Yahoo, confirmed the deal Sunday but did not disclose the terms.

"We look forward to working with them for their innovation and product development across the Yahoo Network in the coming months," she said.

Stevens said Flickr will remain a standalone site for now. The company's employees, however, will relocate to Sunnyvale later this year.

Earlier this week, Yahoo announced Yahoo 360. The service combines a new blogging tool, along with several longtime Yahoo products, including instant messaging, photo storage and sharing, and Internet radio. It also offers tools for sharing recommendations about places to eat, favorite movies, music and so on.

Both the 360 move and the acquisition of Flickr and parent company Ludicorp Research & Development come as social networking and blogging draw increased interest from rivals. Microsoft in December added a blog product for its MSN Web service, called MSN Spaces. Google, meanwhile, owns Web log service Blogger and social networking site Orkut.

Source: CNET News