Gmail Users at the Mercy of Firefox ExploitEven though Firefox is advertised as the most secure Internet browser available in the market, it is not free from flaws. GNUCitizen.org has detected a method for malevolent JavaScripts to be concealed in a Web page that will be removed by Firefox's Java Reader automatically. There is a simple patch that is implanted into the NoScript Firefox extension, however, this implies that absolutely no scripts would be executed, leading to an extremely dull net surfing session. Bedford.org has pursued the idea and has installed proof-of-concept pictures of how this could be utilized to hack a Gmail account. After hacking into the account, they could exploit the contacts and open all the messages. They found that this very breach could be utilized to infiltrate numerous social networking sites. Bedford.org's Morgan Lowtech (alias tx) detected a 302 redirect flaw in Google, which produced a domain-wide cross-site scripting attack letting cyber-terrorists to hack into and alter Google accounts containing messages and contact lists along with Internet presence, as reported by PC World on November 17, 2007. Though Mozilla has not offered an answer to this trouble, program firewalls and proxy servers can be utilized to impede Windows Universal Resource Identifiers (URIs) that holds the JAR protocol vulnerabilities. Meanwhile, Web administrators can take the help of reverse proxy to stop malware from being uploaded. It's a massive problem that has been on Bugzilla (Mozilla's bug tracking program) for over ten days, making the situation worse, alleged Bedford, according to news reported by COMPUTERWORLD on November 18, 2007. Bedford's reference of ten days was alluding to a remark made by Mozilla's director of ecosystem development, Mike Shaver, in summer 2006, that Mozilla patched bugs within that specific timeframe. Meanwhile, the best protection is to either execute NoScript, or exit the Gmail account frequently, but that appears to be a remote possibility for majority of Gmail users. In September, yet another strike was detected that carried URI bugs with the help of mailto, nntp, news, and snews without authorization. The bug, which had affected both Microsoft Internet Explorer and Firefox, was ineffectively fixed two times in July. Related article: Gmail’s Security Hole Could Allow Mass Spam » SPAMfighter News - 12/1/2007 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!