firefox-bomb1 A recent Microsoft software update (.NET Framework 3.5 Service Pack 1 (SP1)) puts Mozilla Firefox browsers at risk. An added browser plug-in (that cannot be deleted, nor deactivated) lets the plug-in secretly and silently install programs onto your computer. This plug-in, known as the .NET Framework Assistant, might have been created with the intention of updating Firefox and improving your browsing experience, has been exploited, and hackers learned how to use it against you.

The way Microsoft engineers described this threat was a “browse-and-get-owned” situation. What this means is that if you visit a rigged website, even if you don’t install or download anything yourself, your computer can be hacked and get all kinds of spyware and malware installed on it without you even knowing.

After this has been found out and reported, Microsoft responded by putting out another software update that allows you to disable and uninstall the .NET Framework Assistant, however, it has not apologized to Mozilla Firefox for secretly sneaking this plug-in into their browser. To make sure that you are protected, and are not at risk of getting hacked, make sure that your browser does not have the .NET Framework Assistant activated.

(Via ComputerWorld)

Read More →

fake-pay-pal-screen-shotA resourceful hacker was able to create a fake PayPal account to gather sensitive financial information that bypassed Microsoft Internet Explorer, Apple Safari, and Google Chrome security. The hack was designed to pop up a PayPal page with an artificial SSL certificate prompting users to submit sensitive information to the hacker without warning.

Noticeably missing from the list is Mozilla Firefox, which does not seem to be affected by the hack. Dan Gooden of The Register stated that “Even though the certificate is demonstrably forged, it can be used with a previously available hacking tool called SSL Sniff to cause all three browsers to display a spoofed page with no warnings, even when its address begins with ‘http.'”

To make matters worse, Microsoft apparently knew about this problem back in June when a hacker attending the Black Hat Security Convention exploited the weakness. A spokesman from Microsoft stated “Microsoft is investigating a vulnerability in SSL in Windows presented during Black Hat, Once we’re done investigating, we will take appropriate actions to protect customers.” Until the issue is resolved experts recommend that anyone using PayPal go to the site directly rather than risk getting duped into putting your information of a fake web page.

(Via Seattle Pi)

Read More →