May202010

How Unique is your web Browser ?

Published by hirantha at 8:05 PM under Security | Internet Explorer | Firefox | Chrome | Opera

Electronic Frontier Foundation (EFF) has published a paper on browsers being tracked by it's unique fingerprint. It turns out our browsers are more unique than we would like to think they are so it is possible for websites to track users around using the unique fingerprint. While it may not be possible to know the exact user's identity, tracking from one web location to another is definitely a possibility. User agent string, system fonts, screen resolutions and much more of the computer attributes all contributes to the unique fingerprint of computer + browser combination. Disabling Javascript and active contents help with this a little bit but you need to decide whether privacy is worth losing the ability to view the active content.

To test how unique your computer + browser combination, goto https://panopticlick.eff.org/ and click on the "Test Me" button.

 

Full paper can be found at https://panopticlick.eff.org/browser-uniqueness.pdf



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , , , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Jul162009

Firefox 3.5 new exploit

Published by hirantha at 10:26 AM under Firefox | Mozilla | Security

The Mozilla security blog confirms an exploit against an unpatched vulnerability Firefox 3.5 exists and has been made public.

Do note that Heisse tried to confirm the vulnerability and only managed a crash on Vista and can't seem to make it work on Windows 7 RC1
http://www.h-online.com/security/First-Zero-Day-Exploit-for-Firefox-3-5--/news/113761

The mozilla blog above has a workaround by temporary disabling the javascript.options.jit.content setting in about:config

Alternatively one could install and use NoSCript to disable all javascript by default.



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Jun182009

Web Of Trust – Browser add-on

Published by hirantha at 2:59 PM under Firefox | Internet Explorer | Security

WOT stands for Web Of Trust, it is a community knowledge based system where information on websites are shared. After installing the add-on, the links from search engines are tagged with extra symbols showing whether the site's "reputation" level. Very simple to understand, red means potentially bad site and green means good site.

WOT is available for both Firefox and IE . If you choose to use it, remember to contribute back to the project back by helping to rate sites as you visit them.



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses

Mar272009

Firefox and Seamonkey Vulnerabilities

Published by hirantha at 10:49 PM under Security | Mozilla | Firefox

Technorati Tags: ,,

In addition to the "pwn2own" vulnerability used at CanSecWest last week in order to compromise a system with the Firefox web browser, a new vulnerability has been published which involves XSL Transforms.  This vulnerability impacts both the latest Firefox 3.0.7 and Seamonkey 1.1.15 browsers.

Mozilla is working on updates for both packages and they expect the updated versions to be released by April 1

A proof-of-concept exploit for the XSL Transform vulnerability has been released.  If the attack succeeds, arbitrary code can be run in the context of the browser.  If the attack fails, a DoS condition is likely for the browser.

For more information about the XSL Transform issue, see:

BugTraq
Secunia Advisory
VUPEN Advisory
Bugzilla Entry
Mozilla Security Blog



  [Twitter] [Digg] [Facebook] [Google] [StumbleUpon]

Tags: , ,

 

E-mail | Permalink | Trackback | Post RSSRSS comment feed 0 Responses