Incredible Information (Part Two)

Again, taken from the Ebay community bullentin board 

In Internet Explorer, Active Scripting can also be set to 'Prompt' instead of 'Disable'. In this respect, IE is more flexible than the other browsers which only offer an OFF or ON setting . . . but if there are multiple JavaScripts on a page -- and there usually are -- that endless series of prompts quickly gets extremely annoying and time-consuming. Also, in IE, that Active Scripting setting controls the execution of VisualBasic scripts. These, too, can be malicious. Most other browsers generally don't even read VisualBasic (VB) coding, so there's no control for VB scripts in most of the alternative browsers. Most VB scripts are also written to run unseen and never noticed by users.

When you empty your 'temp files', it's wise to also delete your cookies. Those cookies, depending on who they're from and how they're coded . . . when they're on your hard drive . . . can be of value to malicious hackers. By stealing our cookies, when we're logged in to a site, they can pose as us . . . and be signed in as us. This type of 'cookie theft' is known as a 'Session Hijack'. With this type of hijack, the malicious hacker doesn't even need our password. The cookie(s) will give him access, instead. This type of hijack requires a certain level of programming skill, but there are a lot of malicious hackers online who possess that level of skill . . . and more.

And . . . in addition to what you've read thus far, there's another 'hacking technique' that's rapidly gaining in popularity: The usage of malicious iFrames in HTML coding of web pages. Many honest and upstanding websites have been found to be harboring malicious iFrames in their otherwise benign HTML coding. The types of websites are countless . . . even small 'Mom-and-Pop' websites can serve this type of malicious coding. Again, tho', most of the malicious iFrames contain malicious JavaScript . . .OR . . . malicious Flash files. Yes . . . even the Flash or Shockwave Player can serve as a conduit for malware and numerous videos that are sent to our computers for 'our viewing pleasure' have been found to be a method of transport for malware.

Internet Explorer has settings for controlling iFrames . . . so does the Opera browser, to a somewhat lesser degree . . . the Firefox browser doesn't have precise settings for controlling iFrames.

But . . . there's even more:
Security flaws have been found in:

• almost every Media Player ever built . . .
  
  . . . the players include, but are not limited to: QuickTime, WinAmp, RealTime, and countless other players
  
• the Adobe Flash or Shockwave Player(s) . . .
• the Adobe Reader and Adobe Acrobat
• some versions of Adobe PhotoShop have had vulnerabilties
• other Adobe Products have been found to have assorted security vulnerabilities
• the Sun Java software -- including the Sun Java Runtime Environment (the Sun JRE).

. . . this software creates its own set of problems: When we update to the latest version, Sun doesn't get rid of all the older files from previous versions -- supposedly for 'backward compatibility'. These older, 'left-behind files' are known to have glaring vulnerabilities, and thru said vulnerabilities, hackers can gain almost instant access to our computers.
. . . for our own safety, most Security analysts recommend that we UNINSTALL ALL older versions of the Sun JRE, and install and use only the very latest version.

• most of the other commonly-used browsers have had their own share of security flaws . . .
• Anti-Virus software and firewall software have also suffered from their own peculiar security flaws . . . it should be noted, however, that this class of software makers are almost always very prompt in correcting the known issues. This is to their credit.

Thru the above-mentioned flaws in assorted software packages, malicious hackers can 'help themselves' to just about anything on our computers. Usually, we would not be aware that this was happening.

The bottom line, here: Make sure that you have the very latest version of every piece of software you might have installed on your computer. Microsoft is pretty good about issuing their updates for their products on the second Tuesday of each month. Not all of the other software makers have a regular schedule, and some don't bother to notify us, when updated versions of their product are available. Therefore, we have to go the website of the manufacturer of each product we might have installed --- that wasn't built by Microsoft --- and get any updates, ourselves. All non-Microsoft products we might be using should be checked for updates, at least once per month. Every couple of weeks is even better.

A few weeks back, a rather surprising announcement appeared on many Internet Security sites. The topic of the announcement was that more exploits, currently, are coming from assorted web pages. Previously, most exploits and a high percentage of malware were arriving via e-mail. This is not to say that traditional e-mail 'phishing' and malware-distribution has vanished . . . it has not. It's just that exploits are coming from more directions, now. The operators of the websites offering the exploits are largely unaware that their sites are dishing out malware. There are assorted techniques for hiding malware, and the better malicious hackers and malware-writers utilize these, heavily.

There's an excellent article (and a long one) from US-Cert . . . the US Computer Emergency Response Team . . . about 'tightening up' the Security in our browsers. It's very informative . . . the article is here, if you're interested:
http://www.us-cert.gov/reading_room/securing_browser/
. . . you can learn a great deal, from the above article . . .

-