Over 1 million tech questions and answers.

Security Flaw in Firefox

Q: Security Flaw in Firefox

http://news.yahoo.com/s/pcworld/120756

RELEVANCY SCORE 200
Preferred Solution: Security Flaw in Firefox

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Security Flaw in Firefox

ok. i havn't added any trusted sites to my list but am i still at risk? and how can this be patched?

Read other 19 answers
RELEVANCY SCORE 73.2

http://blogs.pcmag.com/securitywatch/2009/07/new_critical_zero-day_vulnerab.php
 

A:FireFox 3.5 Zero day security flaw

Nobody's perfect...
IE7 user
 

Read other 2 answers
RELEVANCY SCORE 71.6

New Security Flaw Found In IE, Best Fire Up FireFox

Jan 03

If you?re using Internet Explorer to read this it might be an idea to shut it down now and open up trusty old FireFox instead. Microsoft has today issued an alert to notify users of a critical security flaw in IE.7.0 that could allow hackers to take control of your computer and steal passwords. The company is apparently preparing an emergency patch to fix it but in the meantime simply requests that users remain ?vigilant? against the threat.Microsoft advisors actually ask that you don?t switch because they are trying to get it resolved as soon as possible. Of course it couldn?t be seen to recommend else?s software, but this doesn?t show much consideration for people?s security concerns. Trend Micro security advisor Rick Ferguson is free from such restraint: ?In this case, hackers found the hole before Microsoft did, this is never a good thing. What we?ve seen from the exploit so far is it stealing game passwords, but it?s inevitable that it will be adapted by criminals; it?s just a question of modifying the payload the trojan installs. If users can find an alternative browser, then that?s good mitigation against the threat.? Alternative browsers FireFox, Opera, Chrome and Safari are not vulnerable to the flaw, so if you know what?s good for you best jump on one of these to be safe (most are better than IE anyway). - Paul Lester [BBC] security Internet Explorer Microsoft
New Security Flaw Found In I... Read more

A:New Security Flaw Found In IE, Best Fire Up FireFox

Thanks Norm,

Have not had a security notification from M$ yet on any "out of band" hotfix yet - If I see one will post it here for information

Read other 9 answers
RELEVANCY SCORE 71.6

New Security Flaw Found In IE, Best Fire Up FireFox

Jan 03

If you?re using Internet Explorer to read this it might be an idea to shut it down now and open up trusty old FireFox instead. Microsoft has today issued an alert to notify users of a critical security flaw in IE.7.0 that could allow hackers to take control of your computer and steal passwords. The company is apparently preparing an emergency patch to fix it but in the meantime simply requests that users remain ?vigilant? against the threat.Microsoft advisors actually ask that you don?t switch because they are trying to get it resolved as soon as possible. Of course it couldn?t be seen to recommend else?s software, but this doesn?t show much consideration for people?s security concerns. Trend Micro security advisor Rick Ferguson is free from such restraint: ?In this case, hackers found the hole before Microsoft did, this is never a good thing. What we?ve seen from the exploit so far is it stealing game passwords, but it?s inevitable that it will be adapted by criminals; it?s just a question of modifying the payload the trojan installs. If users can find an alternative browser, then that?s good mitigation against the threat.? Alternative browsers FireFox, Opera, Chrome and Safari are not vulnerable to the flaw, so if you know what?s good for you best jump on one of these to be safe (most are better than IE anyway). - Paul Lester [BBC] security Internet Explorer Microsoft



New Security Flaw Foun... Read more

A:New Security Flaw Found In IE, Best Fire Up FireFox

I wonder how IE8 fits into this.

Read other 6 answers
RELEVANCY SCORE 71.6

The problem has to do with the way the Firefox and Mozilla browsers handle International Domain Names, or IDNs. IDNs are domain names that use local language characters. The fix disables support for such Web addresses.

Mozilla expects to fix the vulnerability in beta 2 of Firefox 1.5, the next release of the open-source Web browser. Beta 2 is due Oct. 5 and the final release of 1.5 is expected by year's end

Instructions to manually disable IDN: Type "about:config" in the address bar, hit Enter; type "network.enableIDN" in the filter toolbar, hit Enter; right-click the "network.enableIDN" item and select Toggle to change value to false.

If you make the manual change as above, there is no need to download from http://www.mozilla.org. See Cnet.news for the story: Mozilla offers temporary fix for Firefox flaw.

-- Tom
 

Read other answers
RELEVANCY SCORE 54.8

A critical flaw that can be easily dealt with. >f
---------------------------------------------------------------------------------------------

Firefox has a password flaw
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users, Newsfactor.com reports.

The Mozilla Foundation, which maintains Firefox's code, has acknowledged the problem. It has an extensive discussion going on here about what it calls "bug #360 493."

According to Newsfactor, the same problem could affect Internet Explorer as well.

Newsfactor also reports that "neither Mozilla nor Microsoft has released a patch for the problem, but users can avoid (the) attacks simply by disabling their browsers' autosave features for usernames and passwords. In Firefox, the feature is found in the 'Options' window under the 'Tools' menu.

"Mozilla has indicated that it plans a fix in Firefox version 2.0.0.1 or 2.0.0.2."

http://blogs.usatoday.com/ondeadline/2006/11/firefox_has_a_p.html
 

A:Firefox password flaw

Read other 10 answers
RELEVANCY SCORE 54.4

Lately ...
Many things I try to do, I get a popup notice that this contains a security flaw .. Do I want to continue ???

Is this because I've installed XP SP3 ??
 

A:Security Flaw

Read other 8 answers
RELEVANCY SCORE 54.4

An attacker could commandeer a computer running the browser simply by crafting a Web page that contains some malicious JavaScript code, Mischa Spiegelmock and Andrew Wbeelsoi said in a presentation at the ToorCon hacker conference here. The flaw affects Firefox on Windows, Apple Computer's Mac OS X and Linux, they said.The flaw is specific to Firefox's implementation of JavaScript, a 10-year old scripting language widely used on the Web. In particular, various programming tricks can cause a stack overflow error, Spiegelmock said. The implementation is a "complete mess," he said. "It is impossible to patch."It looks like they had enough information in their slide for an attacker to reproduce it. I think it is unfortunate because it puts users at risk, but that seems to be their goal.Hackers claim zero-day flaw in Firefox @ CNET NewsEDIT: Mentioning the NoScript extension right about now is probably a good idea.

A:Hackers Claim Zero-day Flaw In Firefox

RETIRED: Mozilla Firefox Multiple Unspecified Javascript VulnerabilitiesUpdate (October 3, 2006): This BID is being retired as reports indicate that these issues are a hoax. The researchers responsible for disclosing these vulnerabilities have claimed that their original reports were not correct...http://www.securityfocus.com/bid/20294/discuss

Read other 2 answers
RELEVANCY SCORE 54.4

Matthew Broersma, Techworld.com
Mon May 9,11:00 AM ET

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

Critical Flaw Found in Firefox
 

A:Critical Flaw Found in Firefox

Also reported here http://news.bbc.co.uk/2/hi/technology/4532127.stm

Regards - Oldie
 

Read other 3 answers
RELEVANCY SCORE 54.4

Firefox has unpatched "extremely critical" security holes and exploit code is already circulating on the Net, security researchers have warned.

The two unpatched flaws in the Mozilla browser could allow an attacker to take control of your system.

A patch is expected shortly, but in the meantime users can protect themselves by switching off JavaScript. In addition, the Mozilla Foundation has now made the flaws effectively impossible to exploit by changes to the server-side download mechanism on the update.mozilla.org and addons.mozilla.org sites, according to security experts.

The flaws were confidentially reported to the Foundation on May 2, but by Saturday details had been leaked and were reported by several security organizations, including the French Security Incident Response Team (FrSIRT). Danish security firm Secunia marked the exploit as "extremely critical", its most serious rating, the first time it has given a Firefox flaw this rating.

In recent months Firefox has gained significant market share from Microsoft's Internet Explorer, partly because it is considered less vulnerable to attacks. However, industry observers have long warned that the browser is more secure partly because of its relatively small user base. As Firefox's profile grows, attackers will increasingly target the browser.
Two Vulnerabilities Found

The exploit, discovered by Paul of Greyhats Security Group and Michael "mikx" Krax, makes use of two separate... Read more

Read other answers
RELEVANCY SCORE 54

Adobe patches flaw in graphics tools
CNET News.com

A security flaw in Adobe Systems' popular graphics design software could allow an unauthorized user to change certain program files, the software maker said Thursday. The problem affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 and occurs when the applications are run in shared, multiuser installations, according to an Adobe security advisory.

"If exploited, this vulnerability could allow a hostile user to replace these program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user," Adobe said. The company rates the issue "important" and has updates http://www.adobe.com/support/techdocs/332644.html available to correct the security problem. It recommends that customers using CS2 products on shared systems, running either Microsoft Windows or Mac OS, apply these updates.
 

Read other answers
RELEVANCY SCORE 54

This might be worth keeping an eye open
http://news.bbc.co.uk/2/hi/technology/7784908.stm
 

A:Serious security flaw found in IE

The same article has already been noted in another section: "Web & Email"

But thanks anyway.
 

Read other 3 answers
RELEVANCY SCORE 54

In an advisory released Wednesday July 10, Thor Larholm, a security researcher and partner at risk-assessment company PivX Solutions, warned that HTML objects embedded in Web pages and e-mails could carry code that allows an attacker to check out victims' cookie files, read their documents, and execute programs on their computer.

The bug, known as a cross-domain scripting flaw, was discovered on June 25, and information about it has been posted on several security lists since then. Larholm also informed Microsoft of the bug the day it was discovered.

To repair the current problem, Larholm recommended that users disable ActiveX in the security settings for Internet Explorer, or run IE and Outlook in "Restricted" mode, at least until Microsoft releases a patch.

Microsoft said a patch will be available soon.

http://news.com.com/2100-1001-942980.html?tag=fd_top

DS
 

Read other answers
RELEVANCY SCORE 54

Read more about it here http://www.eweek.com/category2/0,1874,1252525,00.asp
 

A:sticky:WMF Security Flaw

This is already a sticky thread on the forum:

http://forums.techguy.org/security/431419-m-wmf-patch.html
 

Read other 1 answers
RELEVANCY SCORE 54

On my old XP laptop I was able to come back from "sleep/stand by" and had to re-enter my log in information. I set up my new laptop, an HP X16-1044nr 64 bit Vista to do the same. What I found was that if I left an internet website page open and it went into stand-by, hitting any key; the system doesn’t produce the security log in window. Thus leaving my system vulnerable for anyone to use should I forget and leave a page open. I now make sure I close every window but that’s disturbing. Thanks in advance.
 

Read other answers
RELEVANCY SCORE 54

Read More Info About It Here

http://www.eweek.com/category2/0,1874,1252525,00.asp
 

Read other answers
RELEVANCY SCORE 54

Serious security flaw found in IE [bbc]

As many as 10,000 websites have been compromised since last week to take advantage of the security flaw, said antivirus software maker Trend Micro. Click to expand...

I don't want to go on a rant here but the IE team at Microsoft has caused so many problems for so many people, from users to web developers.

Anybody who is currently a user of IE really should take a look at alternate browsers (Firefox, Opera, Safari).
 

A:Serious security flaw found in IE

Read other 16 answers
RELEVANCY SCORE 54

Microsoft Admits Flaw in Windows Software
By TED BRIDIS
AP Technology Writer
WASHINGTON

Microsoft Corp. acknowledged a critical vulnerability Wednesday in nearly all versions of its flagship Windows operating system software, the first such design flaw to affect its latest Windows Server 2003 software.

Microsoft said the vulnerability could allow hackers to seize control of a victim's Windows computer over the Internet, stealing data, deleting files or eavesdropping on e-mails. The company urged customers to immediately apply a free software repairing patch available from Microsoft's Web site.

The disclosure was unusually embarrassing for Microsoft because it demonstrated the first such serious flaw in the company's powerful new computer server software, billed as its safest ever.

The software is aimed at large corporate customers and was the first product sold under a high-profile "Trustworthy Computing" initiative organized last year by Microsoft founder Bill Gates.

At the product's launch in late April, Microsoft Chief Executive Steve Ballmer declared the new version of Windows to be a "breakthrough in terms of what it means, in terms of its built-in security and reliability."

The flaw, discovered by researchers in western Poland, also affected Windows versions popular among home users.

"This is one of the worst Windows vulnerabilities ever," said Marc Maiffret, an executive at eEye Digital Security Inc. of Aliso ... Read more

A:Widows Security Flaw

Go to Windows Update and get the fix.
 

Read other 2 answers
RELEVANCY SCORE 53.6

Quote:

Mozilla is working on a new privacy feature for its Firefox browser that will enable users to opt out of online tracking by enabling a do-not-track setting in the HTTP header. The approach is better than nothing, and arguably better than rival do-not-track proposals, but still has a fatal flaw--it relies on the tracking Web sites to play nice.

The United States Federal Trade Commission (FTC) has recognized that tracking is a privacy concern for Web-surfing citizens, and it has proposed implementation of some sort of do-not-track framework similar to the do-not-call lists that are supposed to keep annoying telemarketers from calling you.


Firefox Do-Not-Track Feature Has a Fatal Flaw - PCWorld Business Center

A:Firefox Do-Not-Track Feature Has a Fatal Flaw

Quote:
<snip> but still has a fatal flaw--it relies on the tracking Web sites to play nice.


Which they won't do, unless faced with heavy fines and such. However, if that was the case-- they'd just move their server(s) to somewhere without Internet laws.

Edit: Firefox should just disable all third party cookie support like Safari does.

Read other 1 answers
RELEVANCY SCORE 53.6

Hackers warn of critical flaw in Firefox

02 October 2006 - Two hackers at the ToorCon hacker conference in San Diego said that they’ve found a critical flaw in Firefox that looks, to them at least, impossible to patch.

The hackers, who have been named as Mischa Spiegelmock and Andrew Wbeelsoi, said that someone could execute an attack simply by creating a webpage with malicious JavaScript code. In most attacks, hackers have to get a computer user to download something to the computer, but in this case, they won’t know what hit them.

Windows users are used to facing security threats, but smug Apple and Linux users aren’t immune to this bug, as it affects all versions of Firefox.

Spiegelmock said that malicious code could create a stack overflow error, and called the implementation “a complete mess”.

Mozilla’s security chief Window Snyder took the presentation completely seriously after watch a video of it; she said Mozilla would “do some investigating”, but isn’t happy of the release of the exploit to the wide world of hackers.

The reason that the flaw is so difficult to patch? It’s in the part of the browser that deals with JavaScript.

After hearing that the two hackers know of another 30 unpatched flaws in Firefox, Jesse Ruderman, a Mozilla security staffer, encouraged them to disclose the bugs to Mozilla, who gives away $500 per vulnerability.

Wbeelsoi simply said, “It’s a double-edged sword, but what we’re doing is really for the greater good of the I... Read more

A:Hackers warn of critical flaw in Firefox

Read other 7 answers
RELEVANCY SCORE 53.2

Hi Guys
With the amount of Vundo going around i thought i might start a poll - there are a few things i would like to see in relation to Windows Service Packs
David
 

A:Vundo Poll! Is there a Security Flaw?????

Read other 7 answers
RELEVANCY SCORE 53.2

MS flaw highlights e-security laziness
By electricnews.net
Posted: 01/08/2003 at 13:35 GMT

In an unprecedented move, the US Department of Homeland Security has issued a second warning over a Windows flaw that leaves computers vulnerable to attack.

The newly formed US federal government department said in its warning that a critical flaw in certain versions of the Windows operating system, if left unpatched, could leave computers open to dangerous cyber-attacks, some of which have the potential to allow the attacker to take control of a vulnerable system.

The warning comes two weeks after Microsoft issued its own bulletin notifying computer users of the problem and about a week after the Department of Homeland Security issued its first warning urging people and companies to fix their systems.

Essentially, the bug can allow malicious attackers to seize control of users' machines to steal files, read e-mails and launch wide-scale attacks that could damage the Internet as a whole. Microsoft has issued patches on its Web site to let administrators repair systems, but analysts have said that there is still a large proportion of computers plugged in to the Net that remain susceptible to attack.

This is said to be partly because Microsoft issues patches so frequently that they are increasingly being ignored. Last year the software giant issued about 70 patches, and about 30 have been made available this year.

The United States government is said to be especially worr... Read more

A:MS flaw highlights e-security laziness

Perhaps micro$oft should concentrate on a better system this time rather than pumping one out every other year , but then again we'll keep on buyin them won't we ?
 

Read other 3 answers
RELEVANCY SCORE 53.2

On 12/22/2004, an update for Winamp was published to fix a critical security flaw. Go to http://www.winamp.com and download Winamp 5.08c to fix the problems.

This fix is required for ALL versions of Winamp prior to 5.08c. To determine your version, open Winamp, click Help > About Winamp and check the version number at the bottom of the resulting screen.
 

Read other answers
RELEVANCY SCORE 53.2

FROM: http://www.usatoday.com/tech/products/2006-12-26-vista-flaw_x.htm?csp=27
NEW YORK — Windows Vista, the new computer operating system that Microsoft is touting as its most secure ever, contains a programming flaw that might let hackers gain full control of vulnerable computers.
Microsoft and independent security researchers, however, tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the new Vista system released to larger businesses in late November.

The software company said it was investigating the threat but found so far that a hacker must already have access to the vulnerable computer in order to execute an attack.

That could occur if someone is actually sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a non-event in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects older Windows systems, too, and Hypponen said v... Read more

A:First Security Flaw in Vista found

It was only a matter of time.
 

Read other 3 answers
RELEVANCY SCORE 53.2

Just recieved THIS notification and thought you Netscape users might want to know.

Kilowatt
 

A:Netscape security flaw exposed

kilowatt1,

Thanks for the news. Glad I am ok with Netscape 4.x
 

Read other 1 answers
RELEVANCY SCORE 53.2

Hi, I have just bought on Ebay a Lenovo Thinkpad X201, and run the Intel tool to check if it was vulnerable to the recent discovered security flaw on Intel ME (Critical Firmware Update - Intel-SA-00086) as described on the link bellow: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html The result was that my X201 is vulnerable! So, this is a huge security problem and I need a way to resolve it. I have already run all Windows 10 updates + Lenovo Companion app and it says no more updates are available. I have also search on Lenovo drivers and even on Lenovo dedicated page to this security issue on the link bellow but my model (X201) is not listed: https://support.lenovo.com/pt/en/product_security/len-17297 My question is if anyone knows a solution for this security issue on X201? Any help or advice is really appreciated. Note: On Intel check tool, it says my Intel ME driver current version is 6.1.10.1052 Thanks!

A:X201 - How to fix Intel ME Security Flaw

I think the reason its not on the Lenovo list is your processor is not affected.  Based on the intel link you provided it affects 6th, 7th and 8th generation intel chips.  I do not believe the X201 has those chips. 





TP 25 Retro, W510 850 EVO, A30pRetired 385D, A20p, A21p

Read other 1 answers
RELEVANCY SCORE 53.2

Pertains to RealPlayer 8, RealOne Player, RealOne Player v2 for Windows, RealPlayer 10 Beta (English only) or RealPlayer Enterprise. Flaw discovered April 06, 2004.

Details and work around here: http://service.real.com/help/faq/security/040406_r3t/en/
 

Read other answers
RELEVANCY SCORE 53.2

Hi,

I have reason to believe that the current version of Opera 22.0.1471.50 has a remote code execution flaw. The attacker was able to get in and rename my documents folder to 'public documents'. Also on a day before that, the attacker was able to change the ACL's on a file.
 

A:Opera 22.0.1471.50 security flaw

Read other 6 answers
RELEVANCY SCORE 53.2

.

http://lcamtuf.blogspot.com/2010/06/yeah-about-that-address-bar-thing.html

http://threatpost.com/en_us/blogs/new-firefox-flaw-enables-url-spoofing-code-injection-062210

A prominent security researcher has identified a problem with the way that Mozilla Firefox handles links that are opened in a new browser window or tab, enabling attackers to inject arbitrary code into the new window or tab while still keeping a deceptive URL in the browser's address bar.Click to expand...

.
 

A:New Firefox Flaw Enables URL Spoofing, Code Injection

Read other 6 answers
RELEVANCY SCORE 52.8

This guy writes about security issues.

Windows Secure Boot: Insecure by design and mostly likely cant be fixed | Network World

Read other answers
RELEVANCY SCORE 52.8

...in Internet Ex-PLODE-r
 
http://blog.chron.com/techblog/2014/04/first-security-flaw-microsoft-wont-fix-in-windows-xp-has-been-found/?cmpid=rrhoustontx

As Microsoft’s creaky and obsolete operating system neared the end of its support life, the company warned that security flaws found after the April 8 deadline would not be patched. Now, a vulnerability has been discovered in all versions of Internet Explorer – including those that work on WinXP.
 
Though there’s no fix at the moment for any version of Windows, there soon will be – except for XP.
 
The flaw affects IE 6 through 11. Versions 6-8 work on Windows XP, but like XP, those versions of Microsoft’s browser no longer get security updates. That means, if you are using IE on XP, you’re vulnerable, with no hope in sight.
 
The obvious workaround is, of course, to use a browser other than Internet Explorer. That’s fine for consumers, but too many businesses still use XP and browser-based apps designed specifically for IE. Those companies that have been slow to dump XP are particularly at risk.
 

A:First XP security flaw Microsoft won’t fix (for free) has been found...

Related topic: New hole in Internet Explorer already under attack to hijack PCs

Read other 1 answers
RELEVANCY SCORE 52.8

Experts Spot Security Flaw In Windows Vista Software
Skip directly to the full story.

By ANICK JESDANUN The Associated Press

Published: Dec 27, 2006

NEW YORK - Windows Vista, the new computer operating system that Microsoft Corp. is touting as its most secure, contains a programming flaw that might let hackers gain full control of vulnerable computers.

Microsoft and independent security researchers tried to play down the risk from the flaw, which was posted on a Russian site recently and is apparently the first affecting the Vista system released to larger businesses in late November.

The software company said it is investigating the threat but has found that a hacker must already have access to the vulnerable computer to execute an attack.

That could happen if someone is sitting in front of the PC or otherwise gets the computer's owner to install rogue software, said Mikko Hypponen, chief research officer for Finnish security research company F-Secure Corp.

"The bottom line is you couldn't use a vulnerability like this to write a worm or hack a Vista system remotely," Hypponen said Tuesday. "It only has historical significance in that it's the first reported vulnerability that also affects Vista. It's a nonevent in other ways."

Attackers with low-level access privileges on a vulnerable machine could theoretically use the flaw to bump up their status, ultimately gaining systemwide control, Hypponen said.

The flaw affects ol... Read more

A:Experts Spot Security Flaw In Vista

Yep, been reported here several times.
 

Read other 2 answers
RELEVANCY SCORE 52.8

I have local zip files, and using the built-in compressed folders utility (not WinZip, etc), I open them and drag something out, and get this warning message, "This Page Has An Unspecified Security Flaw", which says Internet Explorer at the top which is unusual because I do not ever use IE, and it is neither running nor my default browser. I googled, and the only promising solution was to go to Internet Options in IE or the control panel, go to Security, Local Intranet, and uncheck the Automatic checkbox but leave the 3 "Include" checkboxes checked. But there IS NO automatic checkbox for me, there are only the Include checkboxes. Adding my local computer to the list of intranet sites, or to the trusted sites, under every computer name or "localhost" or ip imaginable also did not work. Please help I HATE warning messages

Note: I have IE 6, because I never use IE. Also note that I believe this started when I went to Internet Options, Programs, Reset Web Settings in an unrelated in-vain effort to stop firefox from breaking my html icons

Please help me remove the zip warning message
 

A:This Page Has An Unspecified Security Flaw when extracting from zip

SOLVED: this occurred, apparently, only for zips I had downloaded from the internet.

SOLUTION: gpedit.msc, user configuration, attachment manager, enable Do Not Preserve Zone Extensions. May also need to reset security zone settings in Internet Options to medium or low
 

Read other 1 answers
RELEVANCY SCORE 52.8

Hi all

On the Hotel "Wired" Network where I logged in I got a whole load of "Device Install" messages

But What are THESE !!!!!!!!! They look like computers attached to the Network
I've got Firewall enabled with MSE turned on but looks like I'm picking up other users Media streamers.
What's going on here --and should I worry about this.

Shame if security is compromised as I'm rather liking W8.

Running W8 32 bit version.


Cheers
jimbo

A:Seems a Huge Flaw with security in W8 -- could be a show stopper

I'm not so much sure that that's a problem on your end, as it is on their end!
I'd say it's just looking for a media-extender driver or something that Microsoft hasn't fully furnished for Windows 8 yet. I wouldn't be concerned that you can see others' computers, but I'd be concerned if they can see yours.

Read other 9 answers
RELEVANCY SCORE 52.8

A security flaw in the PayPal web site is being actively exploited by fraudsters to steal credit card numbers and other personal information belonging to PayPal users. The issue was reported to Netcraft today via our anti-phishing toolbar.The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS). http://news.netcraft.com/archives/2006/06/...tity_theft.html

A:Paypal Security Flaw Allows Identity Theft

Well that's no good. I just used Paypal the other day to donate $20 dollar to this site and now you tell me this. So do you recommend closing my paypal account or can they only access my information when I'm actually using it?

Read other 3 answers
RELEVANCY SCORE 52.8

Yo. I know this sounds silly, but there was this moron in chat last night with one of those malicious boot programs. He suddenly decided to pick on me, sending me IM bombs and stuff. That's no big deal, but supposedly he sent me a virus with this program. I didn't accept the file, but he said I didn't have to because I was "already infected". I think he's just bluffing, but to make sure, I'd like to know if anybody has information on this so called "virus" ..

He said Norton wasn't going to save me, no biggy since I don't USE Norton. >=D but honestly, my anti-virus is fully updated and did not find any malicious files. I even booted in safe mode and went through my system folders searching for suspicious files, but I didn't find any. Still, better safe than sorry, eh? Man I feel like an idiot, but I'm just curious to know if this is even possible. Maybe a security flaw in yahoo messenger? Any information would be most helpful. =D And just FYI I have Win 2k pro.
 

A:Yahoo messenger virus through a security flaw?

Hi..just to double check..run an online virus scan..
http://housecall.trendmicro.com/
http://www.ravantivirus.com/scan/
 

Read other 2 answers
RELEVANCY SCORE 52.8

Latest SP2 Flaw Bypasses IE Security Zone
By Larry Seltzer
August 21, 2004

Security researchers have discovered another vulnerability in Windows XP Service Pack 2, but it doesn't appear to be an immediate threat.
The researcher who uncovered the drag-and-drop flaw in Windows XP SP2 earlier in the week has reported that a new vulnerability exposes a hole in the lockdown of Internet Explorer's My Computer security zone.

The lockdown of the My Computer zone is one of the major security enhancements in SP2. Web pages in Internet Explorer run in one of several security "zones," each of which has different security rules. Prior to SP2, the My Computer zone—designed for Web pages stored on the computer itself—had extremely permissive rules. In order to take advantage of them, malware attacks frequently exploited vulnerabilities to get their Web-based pages to execute. Microsoft tightened the rules in SP2 to make it a less inviting target.

In the new attack, the use of an unconventional value in the "Content-Location:" field of an MHTML (MIME HTML) file causes the browser to execute the file in the Local Intranet zone, even though it is run from the local computer. This allows scripting operations that are not permitted in the local zone. MHTML files are a variant HTML format in which accessory files, such as images, can be stored as part of the file itself.

While this example does demonstrate a weakness in the local computer lockdown by ... Read more

Read other answers
RELEVANCY SCORE 52.8

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.
However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:
www.epicurious.com (home page)
sports.yahoo.com (home page)
The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.
The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running Win 8 Pro 64-bit. Windows Experience score of 5.9.... Read more

A:Major Flaw in Windows 8 Slow Browsing on Chrome, Firefox?

I have not noticed any slowness in Chrome or FF in Windows 8. Are you using chrome in Desktop mode or in Metro mode?

Read other 6 answers
RELEVANCY SCORE 52.8

CYBER SECURITY BOFFINS have uncovered a flaw in the way Firefox handles third-party browser extensions that could expose millions of users to sneaky malware.
Researchers from the Northeastern University in Boston discovered a flaw that allows hackers to stealthily execute malicious code hiding behind seemingly innocent extensions, such as NoScript and Firebug. They can then steal personal data or even seize control of a machine's resources.
The flaw stems from a weakness in Firefox’s extension structure, which doesn’t isolate various browser add-ons. This allows them to connect to the capabilities of other popular third-party extensions.   
Edit:
But Firefox users can breathe a little easier because it’s not clear whether the flaw has actually been used in any extensions, as the researchers demonstrated it only as a proof-of-concept. They have supplied the attack framework to Mozilla so that the company can firm up the way it handles security in reviewing extension approvals.

Article

A:Firefox extension flaw exposes millions to cyber attacks

Good find JohnC thanks for sharing!

Read other 4 answers
RELEVANCY SCORE 52

Critical vulnerability in NetUSB driver exposes millions of routers to hacking | PCWorld

Read other answers
RELEVANCY SCORE 52

Security flaw touches Windows Media Player, IEBy Dawn KawamotoStaff Writer, CNET News.comPublished: October 18, 2005, 7:23 AM PDTLast modified: October 18, 2005, 10:44 AM PDTupdate A "critical" flaw that affects both Microsoft's Windows Media Player and Internet Explorer has been uncovered, a security company reported late Monday. The security flaw, which is found in the default installations of Media Player and the IE browser, could let attackers launch a remote execution of code, according to an advisory posted by eEye Digital Security. Systems affected by the flaw include Windows XP with Service Pack 1 and Service Pack 2, Windows NT, Windows 2003 and Windows 2003 SP1, and all versions of Windows 2000.news.com

Read other answers
RELEVANCY SCORE 52

Adobe has issued an emergency patch for a previously undiscovered vulnerability in Flash Player, which the company says is being exploited in the wild.The company said Tuesday that the latest update of the popular browser plugin, version 18.0.0.194 for both Windows and Macs, fixes a security hole that could allow a hacker to take over an affected system."Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks," the company said in a brief advisory.
 

Article

A:Adobe issues emergency fix for Flash zero-day security flaw

Adobe Flash Player Distribution DownloadAdobe Web Players All Downloads

Read other 7 answers
RELEVANCY SCORE 52

Adobe has acknowledged a "critical" security flaw in its Reader, Acrobat and Flash Player software.Adobe says the vulnerability potentially enables hackers to take control of affected computer systems.Users running Windows, Macintosh or Linux might all be open to attack.http://news.bbc.co.uk/2/hi/technology/10257411.stm

A:Adobe acknowledges critical security flaw in software

Thanks for the report Budapest. I will be watching for a new update to get. Adobe is like Windows; BIG. That's why so many bad guys jump on them because they can infect more computers that way. IMHO Windows is doing a better job but I don't git the same feeling from Adobe.

Read other 4 answers
RELEVANCY SCORE 52

Criminals are stepping up their attacks leveraging an unpatched flaw in Microsoft's Internet Explorer browser, using it to install fake antivirus products and malicious back doors on victim's computers.

Microsoft first warned of the bug on March 9, saying that it had been used in "targeted attacks." But now, according to researchers, the exploits are much more widespread. By late last week, security vendor AVG was getting reports of 30,000 attacks per day, according to Roger Thompson, AVG's chief research officer.



Source -
Security companies warn of uptick in attacks using new IE flaw | Security Central - InfoWorld

Read other answers
RELEVANCY SCORE 52

Chrome suffers first security flaw.

On Wednesday, researchers announced a flaw in how the Google Chrome browser behaves with undefined handlers. An exploit provided as a demonstration crashes the new browser.

And on Tuesday, mere hours after Chrome was released, researcher Aviv Raff concocted a proof-of-concept demo to show how the Google browser could be made vulnerable to a carpet-bombing flaw and thus open a window for ill-intentioned hackers.

-- Tom
 

A:Google's Chrome browser suffers first security flaw

Read other 7 answers
RELEVANCY SCORE 52

A couple of weeks ago I installed Windows 8 (fresh install from scratch, not an update) on my computer. I do a lot of web browsing and over the last couple of weeks I've been using Windows 8, I could swear the web browsing wasn't as fast at it used to be on Windows 7.
I then noticed I was having major issues bringing up my router's control panel (ASUS RT-N56U) so thinking it was my router I upgraded the firmware. Turned out, the Avast Anti-Virus I was running has issues with Windows 8. I removed AVAST and turned on Windows Defender (which in Windows 8 is also an anti-virus program now referred to MSE - Miscrosoft Security Essentials). MSE has gotten fairly good reviews so I decided to use it, for maximum compatibility with Windows 8.

However, although the router control panel would now come up okay, browsing still seemed to not be quite as fast as it used to be. I sat down at the old 5-year old Dell Desktop next to me that is running Windows 7, both computers were connected to the router via Gigabit Ethernet. I tested network speeds with Speedtest.net to make sure they were both getting the same Internet speeds (which they were.) I found a couple 'heavy' web pages to test:

www.epicurious.com (home page)
sports.yahoo.com (home page)

The browsing was MUCH faster on the Windows 7 machine!! So I decided to do more of a controlled test.

The Samsung Notebook is a Series 6 Core i5 with 6GB RAM and 64GB SSD running Win 8 Pro 64-bit. Windows Experience sco... Read more

A:Windows 8 Flaw? Slow Web Browsing Chrome, Firefox, IE, Internet Problem?

Read other 6 answers