Ali Alvi's WebLog : Security

Important IE Security Updates have been released.

alialvi — Wed, 09 Feb 2005 19:42:00 GMT

We released two critical updates to Internet Explorer yesterday as well as one critical security update to the Shell code.

Read the Security Bulletin or check out the Bruce's Post on the IE Blog for more details.

I encourage everyone to download and install all these updates if you haven't done so already.

Ali

Security Vulnerability in FireFox

alialvi — Tue, 11 Jan 2005 02:03:00 GMT

I just came across this Phishing Vulnerability in Firefox wherein you can spoof the source URL in the download dialog box. Just another one of the many reasons to believe that without security, no amount of progress can be made. We need to make browsers secure before they can do any fancy UI dance !

"Secunia rated the flaw "less critical" and has confirmed the vulnerability in Mozilla 1.7.3 for Linux, Mozilla 1.7.5 for Windows, and Mozilla Firefox 1.0. It added that "other versions may also be affected."

it was only a matter of time before mozilla was going to attract hackers.

Microsoft AntiSpyWare

alialvi — Sat, 08 Jan 2005 05:18:00 GMT

Check out Microsoft AntiSpyware (meaningful naming :) )

http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&DisplayLang=en

its still a beta version so there are some issues with it. Be careful when deleting any files, sometimes malware names conflict with some legit windows filenames. One such case is the file

Location: C:\winnt\system32\tapicfg.exe.

This is a legit Server 2003 file, should not be deleted. These issues are already bugged and being fixed. In case of something going wrong, there's a recovery option that might come in useful. ===> I have seen that the recovery option is not fully functional yet .. but its being worked on !