Categories
Attacks Browsers

Firefox Phishing Exploit

Firefox has a built-in phishing filter that checks whether a site is blacklisted, and warns the user of the potential fraud and information theft a phishing site could do. It uses Google’s database or a downloaded list of sites according to the user’s preference.

What follows is a quote from The irc.mozilla.org QDB, which caught my attention. Not only because I understood it, but also because I’ve already done it. It talks about a certain exploit to Firefox’s phishing protection/filter system.

Someone nicknamed Hixie[1] stated:

woah

i think i just found a semi-serious issue with the phishing protection in firefox

i went to a site that triggered the warning

and my immediate reaction (without really thinking) was “oh i wonder why that is blocked, let’s have a look” and i immediately opened it _in IE_.

possibly the worst thing i could have done.

I just realized the gravity of the situation when I remembered doing the same mistake he just said a lot of times before. But, it came to me that there is just no workaround to curiosity.

Oh, wel— … Hmmm …

… But then again, there’s Linux.

Footnote:

  1. ^ I guess this is Ian Hickson, but I’m not so sure.
Categories
Attacks Tech

The Basics of Wireless Security

Wireless connectivity is probably best described to give convenience to its users. Having a wireless access point on your home gives you the comfort to position yourself almost anywhere provided your devices are within the range of each other—on your living room, on your bedroom, and even on the kitchen. There are still many concerns about having this type of connection, however, and most of them is about security.

Since laptops, smartphones and PDAs, provide for the needs of busy mobile consumers,[1] and most of them gadgets are now being equipped with Wi-Fi, it has no doubt become the next big target of crackers—much like what happened to Microsoft Windows being targeted on exploits and vulnerabilities, and to bluetooth-enabled mobile phones being targeted with worms and malware when they became popular.

Common things done by crackers to wireless-enabled devices and networks include piggybacking, wardriving, man-in-the-middle attacks, and spying, among others. Explanations are as follows:

  • Piggybacking refers to the act of obtaining access to resources on a wireless device, which include Internet access. Open networks on public places and services, such as hotels and cafés, usually permit this,[2] but some networks even on the said places[3] as well as on homes generally do not.
  • Wardriving is the act of looking for wireless networks usually with the aid of a vehicle,[4] and a powerful antenna on a wireless-capable device, much like what people with radio scanners do to receive police and military transmissions. After connection with the device has been established, the wardriver could possibly do anything to the network or its users. Some has been ethical, however, and act as a tiger team telling the administrator or owner that the network could easily be breached.
  • Man-in-the-middle attacks are somehow sophisticated that includes a cracker acting as the network access point the victims are trying to connect to. He then connects to the real AP himself transmitting and receiving data both ways to seem invisible. But, in fact, he now controls and sees every bit of information the victims are sending and receiving that seem to them to be secure.
  • Spying has been the most critical and publicized problem existing today—even surpassing the popularity of virus and worm attacks today, IMO. Anti-spyware tools just popped up one after the other from nowhere, haven’t they? And we thought it would have ended with just Web browsing with credit card information, but it obviously haven’t.

Wired LANs probably seem more secure since the only ones receiving data are the ones connected by wire—of which the owners control—while WLANs have access points and terminals that emit signals that could be received by anyone near the devices. However, this concept is somehow wrong. Wired networks with terminals having an active insecure Wi-Fi device could be entered by these crackers to gain access onto the network as well—much like providing the cracker a jack to plug into.

Having set up a wireless network at home myself, and after trying to configure each and every option presented to me by my router’s Web interface, I’ve searched through forums, blogs and info sites to find ways of maintaining my network security. Here are some basic instructions:

  • Wi-Fi Protected Access (WPA or WPA2) is the secure authentication and encryption method for wireless networks and should always be enabled. Most consumer wireless devices are capable of using at least WPA and WEP (an earlier security method that has known limitations). But, try to utilize WPA2 first, if it is available. It is an implementation of the IEEE 802.11i standard, and WPA is just its subset.
  • MAC address filtering is a feature from routers and access points that permits or blocks certain devices based on the hardware-embedded MAC addresses on their network adapters. Some NICs allow changing the MAC address to match an accepted one, also known as spoofing, so this should not be the only security measure utilized.
  • Change the router’s default settings such as Web interface password, SSID, and IP address. These settings are known by crackers and would immediately tell them if the user has an insecure network. These changes would at least make it harder for the cracker to find the network configuration and administration interface.
  • Most routers come with a hardware firewall that blocks potentially malicious and corrupted signals. This should never be turned off.
  • DMZ forwards all ports to a terminal so that all connections may pass. This is usually used for applications where the user does not know which ports are being used. The Port Forwarding feature, which is as common as DMZ, is more secure since it only forwards the applications’ required ports. Ask support from the application developers to know which ports should be forwarded, and avoid using DMZ.

There are many more types of security concerns and prevention, but these are the most common ones. Please note that until Windows Vista, Microsoft OSs have not supported an implementation of WPA2. But, a WPA2 update for genuine users of Windows XP SP2 is available for free download. After installing the update, an option to turn off broadcasting of the preferred wireless network list will be available and this would add to security.

I wasn’t able to test Linux wireless security as I have Ubuntu only on my desktop, which is on a wired connection. You may (and please) reply if you have information about wireless security in these and other operating systems. Thank you.

One very important rule to security in any digital environment is strong passwords. Choose them wisely; they should not be any dictionary word or phrase, at least one character must not be a lowercase letter, and you should not use one password on every digital account you use.

Footnotes:

  1. ^ Who are now practically everywhere—students, business people, posers, and everyone else who just have the money.
  2. ^ And are probably not considered as such act.
  3. ^ Where access is restricted to clients and customers only.
  4. ^ The term is usually used on the act using motor vehicles, while warbiking and warwalking are used to refer to wardriving on motorcycles or bicycles, and wardriving on foot, respectively.
Categories
Browsers Opinion Reviews WWW

The Second Browser War Round 2

Upgrade to Firefox 2 Now! Though Windows Internet Explorer 7 came out earlier than Mozilla Firefox 2 for about a couple of weeks, I could not help but to announce that my favorite Web browser just released its second major update. But do not forget Opera 9 as it offers a faster and lighter browser for someone who would just want to surf the Web.

The browser wars have just stepped up to the next level. For now, here are some comparisons with my own opinions and rankings:

Web Standards Compliance

  1. Firefox 2 and Opera 9

    Though Opera 9 has been the only browser on the Windows platform to pass the WaSP Acid2 test, Firefox 2 is the only browser to ever support JavaScript 1.7. Both have considerable support for Web standards on XHTML and CSS under most circumstances (as Acid2 tests for uncommonly used standards support).

  2. Internet Explorer 7

    They say that they have improved support for standards on Internet Explorer 7 but when I test sites that break on Internet Explorer 6, they still break on version 7. Besides, support for the proper XHTML media type, application/xhtml+xml, would cause Internet Explorer 7 (as well as earlier versions) to look for an external application that supports it.

back to article top | table of contents

Customizability

  1. Firefox 2

    With so many user-contributed addons, from Web development tools, custom toolbars and multimedia entertainment addons to usability, accessibility and Web services integration tools, the possibilities are endless.

  2. Internet Explorer 7

    The only thing that I think would work on Internet Explorer 7 is the ability to add custom toolbars which are usually from search engine and portal companies such as Google and Yahoo!

  3. Opera 9

    I really do not know how we could customize Opera though its suite of applications such as a good download manager, mail/newsgroups and BitTorrent clients all in a lightweight package contribute to its popularity.

back to article top | table of contents

Security

  1. Firefox 2 and Opera 9

    I haven’t researched much about the security differences of both these browsers, but I know since the majority of users are using Internet Explorer (with the automatic update to 7 on the start of November) they are more likely to be targetted that way. Both have good popup blockers and Firefox 2 has a phishing checker.

  2. Internet Explorer 7

    Still is the most widely used (or will be with automatic updates) browser and the most vulnerable to attacks. Though the integration with Windows has been cut off, support for ActiveX controls remains as an opt-in feature. It’s much better than Internet Explorer 6 though. It has a popup blocker and it has (currently) a better phishing checker than Firefox 2 has, according to some site. (I can’t seem to find the link right now, to be posted as an edit later.)

back to article top | table of contents

Page Load

  1. Firefox 2 and Opera 9

    Based on my experience, both of these browsers load pages faster than Internet Explorer 7 though I still haven’t compared them to one another.

  2. Internet Explorer 7

    Even with Internet Explorer 6, whenever I switch from Firefox to Internet Explorer (for Web page layout rendering), the latter would load a page slower. I think the phishing checker of Internet Explorer 7 made it worse as it always waits for it to finish (and it’s not that fast) before starting to load a page.

back to article top | table of contents

System Performance

  1. Opera 9

    Loads up on your system much faster than Firefox 2 though I still haven’t compared it to Internet Explorer 7 for they are both perceivably fast to load on my system.

  2. Internet Explorer 7

    Loads up faster than Firefox 2 though the Scobleizer says that it consumes more memory than Firefox 2 without even finishing to load the same pages Firefox 2 has. The Lifehacker also published another comparison.

  3. Firefox 2

    Loads for the longest time compared to the other two but the said reason for this is the different language used to render its chrome to provide support for its themes/skins. It also receives criticisms for high memory usage.

back to article top | table of contents

Interface

  1. Firefox 2

    Cleanest and simplest interface [but with elegant looking buttons] to get you started surfing right away. Just lacks the default new tab button to familiarize new users with tabbed browsing though it can be added with toolbar customization. It’s skinnable as well.

  2. Opera 9

    Feels very much like a standard Web browser interface [as with Firefox 2 and Internet Explorer 6] though some search boxes are more suitable for Web shoppers rather than the average Web surfer or Web developer. It also offers color schemes to suit every user’s taste.

  3. Internet Explorer 7

    Very compact, works without a menu bar, but just plain confusing with a very far stop and refresh button especially when you are used to Internet Explorer 6—users could be more familiar with Firefox 2 and/or Opera 9 this way.

back to article top | table of contents

Other Features

  1. Firefox 2 and Opera 9

    I could not seem to summarize them all, just take a look at the Mozilla Firefox 2 features page and the Opera 9 features page.

  2. Internet Explorer 7

    It features many things that makes it better compared to Internet Explorer 6 than to Firefox 2 and Opera 9 since both the latter browsers offer these features new to Internet Explorer 7. The complete list can be found on the Internet Explorer 7 features page.

back to article top | table of contents

Categories
Attacks WWW

Phishing Warning

I’ve just received two attempted attacks of phishing from two of my bloggermates in my Yahoo! Messenger contact list. I guess their accounts are being hacked the time I’ve received those messages, so I want to warn those of you who want to protect your accounts.

For those who do not know, phishing literally means fishing [for passwords], as the letter f is usually replaced by ph in 13375p34k. Another definition could be password harvesting or fishing

There are many methods of phishing attacks, usually through email that, most probably, directly goes to your spam directory [if you have any]. But ones through YM or any other IM accounts that really look like your friends are referring to you to go to are somehow really mind-controlling.

The method I’ve encountered used a spoof of the Yahoo! Photos Web site inside a Yahoo! Geocities Web page requiring you to sign in with your username and password in the attempt to trick you that your friends’ photos are posted post-login. Please take note that Yahoo! Geocities Web pages are user-controlled, meaning other people just made up that Web page.

The two URIs that was given to me was:

Apparently, those two sites that were IMed to me were already reported and were taken down. Some may still be out there, [or are currently being made] so please watch out still.

Note: Do NOT enter your login details there.

If you take a look at both the main frames’ source pages (the frames with the sign in page displayed), you will see that the form input will go to a mailform (http://www2.fiberbit.net/form/mailto.cgi) with the same email address input of smoke.beer@gmail.com. (Now, spam that bastard!) It just means that your login information will go to his GMail inbox.

The primary solutions for this is within you. You should basically:

  • Never trust login forms inside a frame of user-controlled Web page.
  • Try to login directly from the site, with secure (HTTPS) connection if possible. (e.g., Yahoo! Login, Google Accounts)
  • Never trust friends’ URI referrals unless you really know the site or have checked for security flaws/issues.

I know I haven’t fully discussed what could be done to prevent such intrusions to your accounts, you might even want to change your passwords regularly. Just remember to be aware of such possibilities when visiting untrusted Web sites. Or else, you may be giving them permission to hack you.

More about Phishing: