Firefox Security Warning

[Richard Urban]

Seeing as how so many have switched to Firefox (including myself) I thought
this should maybe be posted here.

It it offends anyone by being considered out of place - I appologize in
advance!
Phishers catch out Firefox
Browser open to URL spoofing
Robert Jaques, vnunet.com 07 Jan 2005

link to article: http://www.vnunet.com/news/1160352

--
Regards,

Richard Urban

aka Crusty (-: Old B@stard

If you knew as much as you thought you know,
You would realize that you don't know what you thought you knew!

 

[Terry]

On 1/7/2005 9:12 AM On a whim, Richard Urban pounded out on the keyboard

Seeing as how so many have switched to Firefox (including myself) I thought
this should maybe be posted here.

It it offends anyone by being considered out of place - I appologize in
advance!
Phishers catch out Firefox
Browser open to URL spoofing
Robert Jaques, vnunet.com 07 Jan 2005

link to article: http://www.vnunet.com/news/1160352

Herein lies the problem for most people;
"Balle urged users not to follow download links from untrusted sources."

Until people stop clicking on OK whenever it pops up without knowing
what exactly they're agreeing to, this will remain a problem on any browser.

--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Dan]

Very true, when will people ever learn. <sigh>

On 1/7/2005 9:12 AM On a whim, Richard Urban pounded out on the keyboard


Herein lies the problem for most people;
"Balle urged users not to follow download links from untrusted sources."

Until people stop clicking on OK whenever it pops up without knowing
what exactly they're agreeing to, this will remain a problem on any browser.

--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Bill]

On 1/7/2005 9:12 AM On a whim, Richard Urban pounded out on the keyboard


Herein lies the problem for most people;
"Balle urged users not to follow download links from untrusted sources."

Until people stop clicking on OK whenever it pops up without knowing what
exactly they're agreeing to, this will remain a problem on any browser.

--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

Exactly correct but the MS bashers just dont get it...and the media frenzy
and anti MS crap contributes to it. In the 2000 or years I have been using
IE and windows never one virus or whatever...

Bill

 

[Dan]

Wow, I am pleased for you.

Exactly correct but the MS bashers just dont get it...and the media frenzy
and anti MS crap contributes to it. In the 2000 or years I have been using
IE and windows never one virus or whatever...

Bill

 

[Albert Sims]

Seeing as how so many have switched to Firefox (including myself) I
thought
this should maybe be posted here.

It it offends anyone by being considered out of place - I appologize in
advance!
Phishers catch out Firefox
Browser open to URL spoofing
Robert Jaques, vnunet.com 07 Jan 2005

link to article: http://www.vnunet.com/news/1160352

Hmm, didn't see my default browser listed there... Opera.

 

[nk_1]

Exactly correct but the MS bashers just dont get it...and the media frenzy
and anti MS crap contributes to it. In the 2000 or years I have been
using IE and windows never one virus or whatever...

Bill

I must say I support Bills sentiments, I initially loved the idea of open
source software, the concept was wonderful, and then when I started relying
on my computer as a work tool/work horse I then realised why people get paid
to write software, and why companies make software for a living have to get
it right.

Therein although it is a generalisation I think some people have a more
subjective view about software, that can be seen in such phrases as "I won't
use Microsoft products out of principle", this is not being objective and is
not going to solve the problems that are encountered.

I love the design of firefox, and I am amazed why IE has not had tabbed
browsing for so long, in fact I suspect the reason for this is a concious
effort by MS not to get into too many different areas otherwise it will
again be in danger of legal accusations of having a monopoly on all aspects
of computing...

Going back to the point Bill made, I think people should be objective about
software and I think people should not take offence if some software is not
as good as others.

 

[Lester Stiefel]

I must say I support Bills sentiments, I initially loved the idea of open
source software, the concept was wonderful, and then when I started relying
on my computer as a work tool/work horse I then realised why people get paid
to write software, and why companies make software for a living have to get
it right.

Therein although it is a generalisation I think some people have a more
subjective view about software, that can be seen in such phrases as "I won't
use Microsoft products out of principle", this is not being objective and is
not going to solve the problems that are encountered.

I love the design of firefox, and I am amazed why IE has not had tabbed
browsing for so long, in fact I suspect the reason for this is a concious
effort by MS not to get into too many different areas otherwise it will
again be in danger of legal accusations of having a monopoly on all aspects
of computing...

Going back to the point Bill made, I think people should be objective about
software and I think people should not take offence if some software is not
as good as others.

Exactly right, Use open source at your own risk. I use open
source software - BUT sparingly. Firefox gives me control
over webpage display that IE doesn't. Same for thunderbird.
But I do make sure to reead and screen messages and
downloads.
I use Newsrover and newsbin for Usenet binaries but do
extensive screening of downloads.
I use dialog for text news - a great news reader. No
attachments are downloaded/saved unless I require it.

 

[Dan]

Opera has ads unless you pay for it.

Hmm, didn't see my default browser listed there... Opera.

 

[Steve Riley [MSFT]]

Perhaps an important question to ask is: why do they need to learn?

Why do web sites need to download software to my computer? Have we become
so addicted to, um, "flashy" interactions that we are unsatisfied with basic
delivery of reasonably-formatted text?

I'm not intending to sound curmudgeonly here (but my 39th birthday is next
month, so I'm permitted to, right?). I don't have all the answers to these
questions, but they nag me. I'm certainly a believer in using the power of
the Internet and software to make peoples' lives better and to accelerate
business, but whatever happened to simple information delivery and consumption?

</nostalgia>

Steve Riley
(e-mail address removed)

 

[Terry]

On 1/7/2005 5:31 PM On a whim, nk_1 pounded out on the keyboard

I must say I support Bills sentiments, I initially loved the idea of open
source software, the concept was wonderful, and then when I started relying
on my computer as a work tool/work horse I then realised why people get paid
to write software, and why companies make software for a living have to get
it right.

Therein although it is a generalisation I think some people have a more
subjective view about software, that can be seen in such phrases as "I won't
use Microsoft products out of principle", this is not being objective and is
not going to solve the problems that are encountered.

I love the design of firefox, and I am amazed why IE has not had tabbed
browsing for so long, in fact I suspect the reason for this is a concious
effort by MS not to get into too many different areas otherwise it will
again be in danger of legal accusations of having a monopoly on all aspects
of computing...

Going back to the point Bill made, I think people should be objective about
software and I think people should not take offence if some software is not
as good as others.

I have to disagree with both of you. MS has known about its security
issues and has failed to address (basically hiding) the issues until the
vulnerabilities show themselves to the general public. This is exactly
the opposite of the way Linux deals with the issues (although I don't
use Linux on a daily basis) but at least when their issues are made
known the open source developers can quickly deal with them. How about
the newest set of security flaws in IE? MS has supposedly known about
them for months! They are rated "extremely critical" and the general
recommendation is to "use another browser" until MS patches it.

You paid for Windows and you don't take offense at the lackadaisical
attitude of MS to give you a decent secure OS? Then that gives me all
the more reason to say that NO ONE should ever complain about open
source software. Linux and Mozilla are great examples of what can be
done without taking out the competition because of $$$.

--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Vagabond Software]

On 1/7/2005 5:31 PM On a whim, nk_1 pounded out on the keyboard


I have to disagree with both of you. MS has known about its security
issues and has failed to address (basically hiding) the issues until the
vulnerabilities show themselves to the general public. This is exactly
the opposite of the way Linux deals with the issues (although I don't
use Linux on a daily basis) but at least when their issues are made
known the open source developers can quickly deal with them. How about
the newest set of security flaws in IE? MS has supposedly known about
them for months! They are rated "extremely critical" and the general
recommendation is to "use another browser" until MS patches it.

You paid for Windows and you don't take offense at the lackadaisical
attitude of MS to give you a decent secure OS? Then that gives me all
the more reason to say that NO ONE should ever complain about open
source software. Linux and Mozilla are great examples of what can be
done without taking out the competition because of $$$.

I must respectfully disagree. I was working on a project running Linux on an edge server card in a rack mount RAS concentrator. Our use of the Linux OS was particularly vulnerable to the NFS vulnerability in the 1.1x kernel. It was six months before we were able to apply a fix to existing installations. The Linux-based project basically became an in-house operation where we ended up developing our own proprietary solutions and fixing our own vulnerabilities.

The corporation, not wanting to get into the OS development business, scrapped the Linux-based project and shifted to an embedded NT edge-server platform because Microsoft does, in fact, release fixes for vulnerabilities even before there are any reported instances of exploitation. I don't know of any vulnerability in a Microsoft product that went ignored or was "hidden" until MS eventually got around to a solution.

Linux has the same problem that all the other responders to this post have pointed out. I had a co-worker that was trying Linux and found his hard drive was out of disk space. Get this! The Red Hat installation he used came with a CD that enabled the NFS and anonymouse FTP servers by DEFAULT! In my former zeal of spreading Linux to the masses, I gave a friend a copy of Debian GNU/Linux for Dummies as a gift. Guess what? NFS and FTP server running in the DEFAULT installation!

So, I like open source software and have even written a few little application myself. However, I made them open source and freely available because I never want to be responsible for addressing problems that may or may not exist in the software! All I'm saying is that much of the Open Source community is the same way. As a business owner, I would rather have a known cost for a known level of service, good or bad, just not indifferent.

carl

 

[Mike Hall]

Steve

There was a time when you could buy a vcr that only recorded on the day..
but that wasn't enough.. you wanted to set record a week in advance in case
you forgot something.. then a month.. but it was awkward to do from the
front panel, so you asked for a remote.. but that was still awkward because
the panel on the front was difficult to read from the couch.. enter the lcd
display.. oh.. and picture in picture so you could watch the recorded movie
and still keep up with the game.. or maybe the other way around.. and don't
forget the surround sound link from the stereo and a remote that does it
all, TV, VCR, Stereo.. getting a little complex eh.. not a problem.. add a
bar code reader.. now you just scan the programme guide.. whoa up, Granny
can't work the remote.. maybe you should have a second one with just basic
controls, because she'll never get the hang of the full color lcd display
and all of the sliding covers..

Awww nuts.. lets get a DVD player,, did ya see the one that allows you to go
forwards and backwards through the movie you are recording, while you watch
three other channels, all interactive.. it is even loaded with the latest MS
software codenamed Wedaf.. 'Windows for Excessive Domestic Appliance
Features.. that should be easy enough to configure.. at least until the kids
find out that by pressing a few keys, they can programme a wash cycle where
once the football game used to be, and lock you out of the program..

When life was simple, we were bored.. so we set in motion the monster that
is progress when we asked for more.. what we forgot along the way was how
difficult it was to understand the instructions for recording on the day..
or even tuning the vcr to the TV..

...And I'm allowed because it is was my birthday yesterday, and I still can't
work the vcr.. the manual is like 'War and Peace' in pictures, printed in
seven languages, six of which I have no clue.. what happened to the little
red button that you could press and know that you would get a recording
while you go out to fix a computer system where an innocent operator is
claiming that they did nothing prior to the deletion of an entire Unix OS
that saw an end to the entire RAID structure while they replaced a tape in
the Magstar drive that has mysteriously jammed because they didn't put it in
the wrong way.. ))

--
Mike Hall
MVP - Windows Shell/user

 

[nk_1]

On 1/7/2005 5:31 PM On a whim, nk_1 pounded out on the keyboard


I have to disagree with both of you. MS has known about its security
issues and has failed to address (basically hiding) the issues until the
vulnerabilities show themselves to the general public. This is exactly
the opposite of the way Linux deals with the issues (although I don't use
Linux on a daily basis) but at least when their issues are made known the
open source developers can quickly deal with them.

Equally when I say about being objective, I am no defender of MS, if they
are not performing as they should,
then I'm all for voicing that as well, I'm sure htey are not perfect, just I
am saying that they make fine software.



How about the newest set of security flaws in IE? MS has supposedly known
about

them for months! They are rated "extremely critical" and the general
recommendation is to "use another browser" until MS patches it.


You paid for Windows and you don't take offense at the lackadaisical
attitude of MS to give you a decent secure OS? Then that gives me all the
more reason to say that NO ONE should ever complain about open source
software. Linux and Mozilla are great examples of what can be done without
taking out the competition because of $$$.> > --
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

Terry when you say things like "nobody should ever complain" it sounds like
you are not allowing people ever to say their opinion.

If I use firefox and find it is not doing a good job, do you not allow me
the right to say "I prefer to use IE" goodluck if you want to use that one.
I think I have the right and everybody has the right to voice there opinion
as long as it is an honest one.

Equally I would say Linux is a perfect example of open source, it is not
better because it is open source, it is just good because it is good,
nothing to do with if it is oopen source or not, it is not like I am
supporting a football team and "rooting for my guys to win".

I hope you get my point.

I happen to think linux is really good, look at the facts, it is so popular
and used so widely and is considered so stable!! How can that be bad???

 

[Dan]

<snipped because it is getting way too long>

Linux has the same problem that all the other responders to this post have
pointed out. I had a co-worker that was trying Linux and found his hard
drive was out of disk space. Get this! The Red Hat installation he used
came with a CD that enabled the NFS and anonymouse FTP servers by DEFAULT!
In my former zeal of spreading Linux to the masses, I gave a friend a copy
of Debian GNU/Linux for Dummies as a gift. Guess what? NFS and FTP server
running in the DEFAULT installation!

So, I like open source software and have even written a few little
application myself. However, I made them open source and freely available
because I never want to be responsible for addressing problems that may or
may not exist in the software! All I'm saying is that much of the Open
Source community is the same way. As a business owner, I would rather have
a known cost for a known level of service, good or bad, just not
indifferent.

carl

The thing that I wonder about is how can one make sure that open source is
safe. I mean that I use and like Mozilla Firefox and use it exclusively
except where IE is required such as accesssing Windows Update. I personally
have not downloaded and installed the plugins or extensions except for one
because of the possibility that they may have malicious code attached to
them. My question is how can the open source community prevent malicious
creators of the plugins or extensions from attaching malicious code?

 

[Leythos]

Perhaps an important question to ask is: why do they need to learn?

Why do web sites need to download software to my computer? Have we become
so addicted to, um, "flashy" interactions that we are unsatisfied with basic
delivery of reasonably-formatted text?

I'm not intending to sound curmudgeonly here (but my 39th birthday is next
month, so I'm permitted to, right?). I don't have all the answers to these
questions, but they nag me. I'm certainly a believer in using the power of
the Internet and software to make peoples' lives better and to accelerate
business, but whatever happened to simple information delivery and consumption?

I suppose you didn't learn how to drive? I suppose you never read a
warning label on any product, or paid attention to any threat to your
security. I suppose you leave your bank-book on a bench outside your
house or your house unlocked when you leave?

It's about the same - they are tons of NASTY people out there, and the
internet brings them to your home if you are not careful. If people were
to just follow standard procedures for secure browsing and safe
computing, much like driving through unknown/hazardous areas, or
anything else that exposes them to harm, there would be a lot less
problems.

 

[Terry]

On 1/7/2005 11:18 PM On a whim, Vagabond Software pounded out on the
keyboard

I must respectfully disagree. I was working on a project running Linux on an edge server card in a rack mount RAS concentrator. Our use of the Linux OS was particularly vulnerable to the NFS vulnerability in the 1.1x kernel. It was six months before we were able to apply a fix to existing installations. The Linux-based project basically became an in-house operation where we ended up developing our own proprietary solutions and fixing our own vulnerabilities.

The corporation, not wanting to get into the OS development business, scrapped the Linux-based project and shifted to an embedded NT edge-server platform because Microsoft does, in fact, release fixes for vulnerabilities even before there are any reported instances of exploitation. I don't know of any vulnerability in a Microsoft product that went ignored or was "hidden" until MS eventually got around to a solution.

Linux has the same problem that all the other responders to this post have pointed out. I had a co-worker that was trying Linux and found his hard drive was out of disk space. Get this! The Red Hat installation he used came with a CD that enabled the NFS and anonymouse FTP servers by DEFAULT! In my former zeal of spreading Linux to the masses, I gave a friend a copy of Debian GNU/Linux for Dummies as a gift. Guess what? NFS and FTP server running in the DEFAULT installation!

So, I like open source software and have even written a few little application myself. However, I made them open source and freely available because I never want to be responsible for addressing problems that may or may not exist in the software! All I'm saying is that much of the Open Source community is the same way. As a business owner, I would rather have a known cost for a known level of service, good or bad, just not indifferent.

carl

I wasn't speaking about Linux alone. It was the open source complaints
in general.

I was talking about Linux on a workstation level since I haven't
implemented on a server level. My experience is with Mandrake and I have
not seen the issues you described.

So many of the security issues I have read about state, "MS has been
aware of this for months". Even the newest ones say the same;
http://news.zdnet.com/2100-1009_22-5517457.html?tag=nl.e589

I'm really not defending one or the other. I just don't appreciate
*paying* for Windows again and again and again and basically just
getting minimal productivity improvements and PITA patches/updates that
can render a system completely useless.


--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Terry]

On 1/7/2005 11:38 PM On a whim, nk_1 pounded out on the keyboard

Equally when I say about being objective, I am no defender of MS, if they
are not performing as they should,
then I'm all for voicing that as well, I'm sure htey are not perfect, just I
am saying that they make fine software.



How about the newest set of security flaws in IE? MS has supposedly known
about



Terry when you say things like "nobody should ever complain" it sounds like
you are not allowing people ever to say their opinion.

If I use firefox and find it is not doing a good job, do you not allow me
the right to say "I prefer to use IE" goodluck if you want to use that one.
I think I have the right and everybody has the right to voice there opinion
as long as it is an honest one.

Equally I would say Linux is a perfect example of open source, it is not
better because it is open source, it is just good because it is good,
nothing to do with if it is oopen source or not, it is not like I am
supporting a football team and "rooting for my guys to win".

I hope you get my point.

I happen to think linux is really good, look at the facts, it is so popular
and used so widely and is considered so stable!! How can that be bad???

You're right about that statement. Of course everyone does have an
opinion. But when you pay for something, I believe you have more of a
right to complain if it's not working properly. If someone gives me a
car, and it doesn't run right and I have to put a lot of time into it, I
really can't complain because it was given to me. But if I pay for a
car, I expect it to work as I was told and if it doesn't I have every
right to complain. That is more the context of what I meant.

Open source is great and I appreciate all the work so many put into so
many different developments. But I have to be patient when there are
issues with it. One, since I may not have spent much money on it if any
(but many "free" items I will pay or donate to if I use it on a regular
basis). But I have been paying for Windows for years and it really
hasn't made me or my clients any more productive, we just have to keep
buying it.


--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[Terry]

On 1/8/2005 5:53 AM On a whim, Dan pounded out on the keyboard

<snipped because it is getting way too long>

Linux has the same problem that all the other responders to this post have
pointed out. I had a co-worker that was trying Linux and found his hard
drive was out of disk space. Get this! The Red Hat installation he used
came with a CD that enabled the NFS and anonymouse FTP servers by DEFAULT!
In my former zeal of spreading Linux to the masses, I gave a friend a copy
of Debian GNU/Linux for Dummies as a gift. Guess what? NFS and FTP server
running in the DEFAULT installation!

So, I like open source software and have even written a few little
application myself. However, I made them open source and freely available
because I never want to be responsible for addressing problems that may or
may not exist in the software! All I'm saying is that much of the Open
Source community is the same way. As a business owner, I would rather have
a known cost for a known level of service, good or bad, just not
indifferent.

carl

The thing that I wonder about is how can one make sure that open source is
safe. I mean that I use and like Mozilla Firefox and use it exclusively
except where IE is required such as accesssing Windows Update. I personally
have not downloaded and installed the plugins or extensions except for one
because of the possibility that they may have malicious code attached to
them. My question is how can the open source community prevent malicious
creators of the plugins or extensions from attaching malicious code?

As FF states when you install a Theme/Extension/Plugin, you are
accepting what you are installing. It comes down to the user. At least
that way you can't blame anyone but yourself. But with ActiveX and all
the other convenient features IE implemented, it would install just
about anything without your knowledge. Of course that is slowly being
fixed but I'm sure we will see many of the "features" that caused IE to
gain user share to be eliminated because of the security risks.


--
Terry

***Reply Note***
Anti-spam measures are included in my email address.
Delete NOSPAM from the email address after clicking Reply.

 

[nk_1]

On 1/7/2005 11:38 PM On a whim, nk_1 pounded out on the keyboard

But when you pay for something, I believe you have more of a

right to complain if it's not working properly. If someone gives me a car,
and it doesn't run right and I have to put a lot of time into it, I really
can't complain because it was given to me.

I totally see your point and agree 100%.

But if I pay for a

car, I expect it to work as I was told and if it doesn't I have every
right to complain. That is more the context of what I meant.

Open source is great and I appreciate all the work so many put into so
many different developments. But I have to be patient when there are
issues with it. One, since I may not have spent much money on it if any
(but many "free" items I will pay or donate to if I use it on a regular
basis). But I have been paying for Windows for years and it really hasn't
made me or my clients any more productive, we just have to keep buying it.

I am particularly interested with regards to the future of open source, take
linux for example, people say to me (a non programmer that I am ) it is the
most stable server platform there is. So when you take open source and
combine it with something commercial you seem to have a fantastic product,
such as linux red had, etc.

I particularly look at programming in user terms and laymens terms without
getting hung up on the "behind the scenes aspect" this is because I sell and
market IT related services