Browser security has become a raging debate these days, with the myriad of plugins and extensions you can install on your computer to customize your internet experience. However plugins like Java, Silverlight, Flash etc. are powerful stuff that if found vulnerable can give hackers multiple attack points targeting a huge audience.

So what Mozilla is trying to do is trying to make plugin management as easy as managing extensions in Firefox is. Though the plugin check page is limited by what it can do at the moment, it will be fully utilized starting Firefox 3.6 to update plugins just like extensions do so now.

For now the scripts on the page will check for installed plugins and compare the version of the installed plugin with the latest version that is available. At the moment some of the plugins supported are (among others) Apple Quicktime, Shockwave Flash, Adobe Acrobat, Java, Silverlight, RealPlayer and Windows Media Player plugins.

The Plugin Check page will show you a Green “Up To Date” button if you are running the latest version of the plugin, a yellow “Update” button if a new version button is available, and a red “Update Now” button if you are running a version that has a critical security exploit fixed in the latest version.

It is hearty to see Mozilla taking these steps to ensure a safe browsing experience for all of us. Looks like Firefox 3.6 will be an awesome release! Looking forward to it

Mozilla Plugin Check

Reading through my RSS feeds today, I stumbled upon an interesting post over at Neowin entitled “Vista’s Security Rendered Completely Useless by New Exploit” which reports on a new technique that can “bypass all memory protection safeguards that Microsoft built into Windows Vista.”

Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. have discovered a technique that can be used to bypass all memory protection schemes that have been built into Windows Vista by Microsoft.  These new methods are basically used to get around Vista’s Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP) and other protections by loading malicious content through a web browser.

In a nutshell, this hack is something that many of us weren’t expecting.

While this may seem like any standard security hole, other researchers say that the work is a major breakthrough and there is very little that Microsoft can do to fix the problems. These attacks work differently than other security exploits, as they aren’t based on any new Windows vulnerabilities, but instead take advantage of the way Microsoft chose to guard Vista’s fundamental architecture. According to Dino Dai Zovi, a popular security researcher told, "the genius of this is that it’s completely reusable. They have attacks that let them load chosen content to a chosen location with chosen permissions. That’s completely game over."

Microsoft has yet to post a statement officially, but they are apparently aware of the security issue and are waiting for the exploit to be made public. We can only wait and watch as to what comes up now…

If successful this could be a mess as good as the DNS exploit in the wild these days. This can potentially change the whole view of how the industry thinks about hacks in my opinion. Microsoft will have a quite a lot of work on hands in the coming days, I’m sure. We’ll know more about this in the near future and there even lies possibility of being faced with the prospect of your "secure" server being stripped completely naked of all its protection.

You think its game over for the already struggling Vista?

My personal favorite Antivirus solution on Windows just got better. The Russian based Kaspersky Labs has just released the latest version of their Antivirus and Internet Security suite.

I’ve been a long time user of Kaspersky Internet Security and its the only antivirus solution that I recommend to all my friends. Kaspersky comes in two flavors one the stripped down version that has only the Antivirus and some other security features while the Internet Security package comes in with complete set of security features you’d ever need, which means you don’t need any other software to protect you online.

The most noticeable change in the new version has to be the UI. I just love the new UI. It is very intuitive and user friendly, and compared to the new design I feel that the old one was too cluttered and confusing, while it really wasn’t. Just how much a good design adds to a software!

Here are some screenshots of Kaspersky in action..

Follow this link to download Kaspersky. If you are already a Kaspersky I suggest you uninstall the previous version first since the new version brings about quite a bit of changes. Just make sure you save your licence key before you wipe off your old install.

And incase you aren’t already using Kaspersky, I suggest you give it a try. Trust me its one of the best security solutions you’ll find. If you like it, you can always purchase the licence key for only $39.95USD for Kaspersky Antivirus and $59.95 for Kaspersky Internet Security.

As an added bonus here’s a key that will you give you 6 months free trial courtesy Cyberhackz

T6B6K-8YK22-VBQH7-ZUZJG

For more details follow these links : Features | Download

Just as an addition. Make sure you read this web comic that explains what Kaspersky does..

We are all Computer geek’s aren’t we? Our computers contain sensitive data like Passwords, private documents and pictures that if stolen can mean a total disaster. Thieves can use all our private data to make our lives miserable. Data Security has gained a lot of importance these days and is critical to any organization to protect its data.

So why treat your computer any differently than you do your other valuable property that you keep in a safe? Why not take advantage of the newest of the softwares to protect your computer?

The latest OS’es like Mac OSX Leopard and Windows Vista have data security in some form but it is pretty much limited by what it can do.

If you are interested in protecting your data beyond what your OS already gives you then a software called Folder Castle for you. Folder Castle is a security tool that protects your files and folders with a password, preventing unauthorized users from accessing them. Folder Castle hides and encrypts your confidential and sensitive files and folders on your computer.

Folder Castle comes in a small package of 1.5MB but it is a little wonder. It packs so much in such a small package. Let me tell you how Folder Castle works :

Folder Castle hides files and folders instantly without moving them to any secret folder like other programs do. The above method is recommended for quickly hiding not so important data from prying eyes. You can also hide your files and folders on any internal hard drives. Hidden files are completely inaccessible to others i.e.  they cannot be read, copied, moved, deleted or even seen. Hidden files cannot be seen in Windows Explorer or in any other file manager on your PC. Folder Castle also protects the hidden files from the scathing eyes of Viruses, Trojans etc. 

You think this ain’t enough? 

To raise the security Folder Castle has Stealth mode. It prevents every attempt of hackers’ to access your protected data. In Stealth mode nobody will even know that the program is installed, and protected data is stored on the computer. Stealth mode removes all signs of Folder Castle installation and activity. Now how cool is that?

Isn’t that enough?

You can even give your protected data that extra bit of security by encrypting it. Encrypted data can only be accessed using a password. The data is encrypted by cryptographic algorithm Advanced Encryption Standard (AES) with 256-bit key length. AES is adopted as an encryption standard by the U.S. government. AES algorithm with 256-bit key length is sufficient to protect classified information up to TOP SECRET level.

I suggest you use encrypted storage for sensitive data like information about bank accounts, credit cards numbers, passwords, confidential documents, e-mail messages, photos.

Here are some screenshots of Folder Castle in action :

If are concerned about your data, then Folder Castle is the app that you must have. Folder Castle works well with Windows 2000/XP/2003/Vista.

The makers of Folder Castle have given the readers of dailyApps a special offer to buy Folder Castle. Buy a copy of Folder Castle for yourself and rest in peace about the security of your data.

Follow this link to get a discount of 40% on Folder Castle (Offer Valid for till March 12th only). You can also download a 15day trial from here.

Disclosure: This Post is a Paid Review, but everything that is written is my honest opinion only. There is no bias whatsoever.

Edit : Corrected an error, the offer is valid till March 12

If the security risks faced by credit card users weren’t already enough, now the security information that is stored in a magnetic strip behind the card can be hacked and be used for malicious purposes. Hacking the data on the magnetic strip so far has been unsuccessful but RFID security guru Adam Laurie has come up with a test program named CHaP.py, specifically designed to read the chip and PIN credit cards that comply with the EMV standard.

Here’s what Wikipedia has to say about the EMV Standard :

The EMV is a standard for interoperation of IC cards (“Chip cards”) and IC capable POS terminals and ATM’s, for authenticating credit and debit card payments. The name EMV comes from the initial letters of Europay, MasterCard and VISA, the three companies which originally cooperated to develop the standard. It defines the interaction at the physical, electrical, data and application levels between IC cards and IC card processing devices for financial transactions

The first demo of this program is in its early stages. Currently it only works with PC/SC card readers at  the moment, but it also includes support for the physical chip and RFID interfaces. Keeping all this geek talk aside, what all this means is that both Mastercard and Amex cards can be hacked using this program..

All the information available on the credit card’s magnetic strip can be stripped away (the owner’s name, the primary credit card account number included) and afterwards be used by a crafty hacker to create a clone of the original credit card. Imagine the great financial risk this could pose!

Adam intends to integrate CHaP.py into the RFIDIOt open source library for exploring RFID devices. The good news for us, is that this hack was discovered by the good guy and not the bad guy. So for the moment, all things are ok. But if the bad guys get hold onto this, then none of our bank accounts would be safe, and something really bad could happen.

Via eWeek

If you are a Windows Vista user, there is nothing more bugging than the UAC in Windows Vista. UAC which was supposed to bring improved security in Windows, does it pretty well but at the cost of user friendliness.

There are lots of apps and softwares that I run on my Machine, and Vista bugs me everytime I open them. For quite some time I’ve been looking to disable UAC for select applications, rather than disabling it all together, as that could possibly create a security havoc. After some time looking around for a solution, I finally found a solution that was recommended by Microsoft, and even Worked pretty well for me.

If you are looking to disable UAC for certain applications in Windows Vista, then follow this guide, and once you are done, the UAC may not really be all that bugging as it used to be.

• First download and install Application Compatibility Toolkit.
• Find the shortcut icon for Compatibility Administrator. Right click it and click Run as administrator.
• In the left hand pane, right-click on the database under Custom Databases and select Create New, and select Application Fix.
• Enter the name and other details of the application you want to alter behavior on and then browse to it to select it. Click Next.
• Click Next until you are in the Compatibility Fixes screen.
• On the Compatibility Fixes screen, find the item RunAsInvoker, and check it.
• Click Next and then Finish.
• Select File and Save As. Save the file as a app.SDB type file in a directory you will easily find it.
• Navigate to Start Menu, Right click Command Prompt and click Run as administrator.
• Run the following command at the prompt :

  sdbinst <path>\app.sdb

  Where <path> is the location where you have saved the app.sdb file. For example, if you saved the .SDB file as app.sdb in the c:\Windows folder, the command should be like this:

  sdbinst  c:\windows\app.sdb

• You should now get a confirmatory message.
• Voila! You’re done, Vista will no longer prompt you with the UAC everytime you open your favorite app.

This one hack, has made Vista a lot more user friendly and a lot less nagging than it was before. I would recommend this method over, disabling the UAC altogether, because that would make your computer less secure.

Via Microsoft Knowledgebase

A Malicious exploit has been discovered in Firefox that would allow a Hacker to use a Malicious JAR file to get access to your Google Account and all your confidential information.

Firefox is falling into some serious trouble over the past few months, with more and more security exploits being discovered and being exploited. The latest threat involves the usage of a malicious JAR file. The flaw is still in the wild and the problem persists with the websites of Major Internet companies that includes Google. Beford.org has found a way to use the JAR exploit to get details of Google Accounts using a Malicious JAR file specially crafted to take advantage of the exploit.

Well I’m going to refrain myself from writing about the Exploit. I have tested this exploit on my own spare Google Account, and I can confirm that this works. Its better be to safe because I’m not sure when exactly is Google and Mozilla planning to patch up the security holes. I suggest you download the NoScript addon for Firefox. Right now NoScript seems to be the only solution. If you are wondering what NoScript is, then here is what its developer has to say about it :

It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the “trust boundaries” against cross-site scripting attacks (XSS). Such a preemptive approach prevents exploitation of security vulnerabilities (known and even unknown!) with no loss of functionality…

The other way to stay safe would be to visit sites that you trust and not download anything that looks suspicious. Given the vastness of the Internet, however careful you are, this can be still a threat. Keep yourself signed out of all Accounts until this is patched. But do remember to stay safe.

This exploit was known to Mozilla for quite sometime and hasn’t still patched it. Given that this vulnerability affects both Google and Firefox lets see who gets this patched first.

Via GNUCitizen and Bedford