Posts Tagged ‘Security’

The third annual Pwn2Own security competition that was held at the CanSecWest conference in Vancouver, Canada has come to an end on 20th March 2009, i.e. Friday and revealed the weaknesses and loopholes of all the popular web browsers. This competition was intended to offer the white hat hackers a chance to crack the codes of popular web browsers including Mozilla Firefox, Internet Explorer and Apple Safari and the codes of popular smartphone operating systems.

The results are quite amazing, something that wasn’t expected. The Google Chrome and all the smartphones remained un-cracked but the Apple Safari, Internet Explorer and Mozilla Firefox were easily hacked multiple times. Apple Safari was hacked by Charlie Miller in just a couple of seconds. This was followed by a 25 year old computer science student named Nils who demonstrated the vulnerabilities of Safari, Internet Explorer 8 and Firefox.

The contestants also tried their tricks on Google Chrome browser and BlackBerry, Android, iPhone, Symbian and Windows Mobile smartphones but failed to break into the codes of these applications. According to the TippingPoint Technologies, the sponsor of the event, the Apple iPhone 3G could be hacked using one of the Safari exploits that was already used but according to the contest rules the same bug cannot be used twice.

The results clearly reveal that the smartphone OSes are far more secure than web browsers, except Google Chrome. This definitely brings the Chrome on the top of other web browsers and is expected to outshine its rivalries in near future in terms of market share, popularity and reliability.

Apple has boasting over its Safari 4 for the past few days. The new iteration of the web client claims that it’s the fastest of all the web browsers available currently. According to Apple, Safari 4 is powered via Nitro engine that renders JavaScript 4.2 times faster than the engine used in Safari 3. Another prominent feature of the 4th version of Safari is that it’s the first web browser to support HTML 5 database and advanced CSS features.

But still it doesn’t mean that the Safari 4 will bring an end to all the browsing issues. Certain lab tests show that the Safari is still open to hacking and lacks a full proof code. Charlie Miller, who embarrassed the Apple MacBook Air and was the winner of last year’s Pwn2Own hacking contest, stated that Safari 4 is easy to crack and can be hacked multiple times. Apple has always been disgraced for its unsecured codes and this time also it seems that the company will fail to offer a much secured web browser.

Apart from this the experts believe that the Safari 4 will not offer anything faster in real time. No, that doesn’t mean that there’s some problem with the Nitro. Nitro engine is very much enhanced and works fine under controlled conditions but when it comes to real world web browsing the main bottlenecks are the bandwidth available for downloading content and workflow of the application. It simply implies that a poorly designed web site cannot be loaded speedily, although the Java Script engine can render the pages and execute the content at a blazing speed. So, this is not actually a problem of Safari 4 but as far as the code security is concerned the developers can still do something extra.

Kido is the latest threat that is infecting Windows systems all over the world. It is also known as Conficker and Downadup and has infected (in fact destroyed) more than nine million Windows systems up until now. Kido is a powerful worm that directly affects the system’s kernel, registry and Windows files and replicates at a fast pace. The reason why this worm is dangerous is that it gives the spammers full control over the infected PC and lets them trace sensitive information such as credit card number, passwords, online banking transaction etc.

Fortunately the Microsoft Corporation has got a solution to both prevent this worm from entering into the PC and remove it from any infected system. The company has launched new security patches that proactively respond to this threat. Once installed in an uninfected PC the security patch will not allow the Kido to do its malicious tasks. The company has also launched a malicious software removal tool that should be used in case the Kido has already infected a Windows system. So if you are unfortunate enough to receive Kido then it won’t allow you to download the security patch. You have to remove it first via removal tool and then install the security patch. The solution is of course to purchase a computer running either Linux or the latest Mac OS, like the Apple MacBook Pro MB71B/A. However, if you have been using the Safari on Windows version on your Windows PC, and are already infected, then the only solution is to follow the aforementioned steps.

The company says, “If your computer or environment is impacted by this malware, you may want to run the malicious software removal tool to help disinfect it. The first step would be to install the update on all your computers and replace passwords of network shares with stronger ones. Then use the malicious software removal tool to remove the worm from infected computers. Infected computers may not be able to access Windows Update and therefore the administrator may need first to download the tool using a clean computer, and then distribute it to the other machines.”

Recently a new Worm has emerged as one of the biggest threats for the Windows PCs. It’s been known as Conficker, Kido or Downadup and has infected nine million computers to date. This worm can allow the spammers and phishers to gain total control of the infected PC and trace all the internet activities. It can be used by the cyber criminals as a potential tool to gain access to the user’s confidential information such as credit card number, account number and banking transactions.

The worst thing is that the whole process is 100 percent transparent to the user. This worm has got a very speedy performance with regards to replication. It spreads in the networks rapidly and in no time obstructs the bandwidth completely. As a result the whole network traffic gets jammed and the spammers can reroute it for any disguise activities. Kido only infects Windows systems. The Windows operating system is so vulnerable that it allows this worm to infect the kernel, system’s main files and registry.

The Worm is very intelligent and follows different patterns while replicating. So it cannot be stopped completely by any single anti-virus system. The only way to stop it to get the new security patch and virus removal tool that is launched by Microsoft. Of course it only affects those running Windows, as people with the Apple MacBook running the Mac OS X operating system remain unaffected. The worm remains a major threat and is currently estimated to have infected up to 15 million computers worldwide.

Once again the alarms are sounding with regards to Apple Safari’s security. Recently it has been found that the Safari’s RSS feeds are not safe to use, both on the Mac and PC. This application is vulnerable to hacker attacks and it can allow any malicious web site to bring you some really serious repercussions when using Safari to capture RSS feeds.

Once trapped by the malicious site the hackers can read files on your hard disk drive. This can lead to the access to sensitive information such as e-mails, passwords, cookies or any other private data. Even the whole user account can be taken in control by the intruders and the whole process is completely transparent to the user. The interesting fact is that this security loophole has been identified by Apple itself but it hasn’t been fixed till now. So it’s highly recommended not to use Safari for RSS.

The problem is believed to be emerged due to some issues with the Apple’s Webkit. This is because the OmniWeb users are also in the danger zone. OmniWeb is the browser used in Mac machines, like the Apple MacBook, and uses the WebKit rendering engine. RSS Feeds were introduced in Safari in 2004 but this is the first time that it has also joined the family of vulnerable applications.

E-commerce is an inseparable part of the World Wide Web. Many Internet users do online trading and purchasing every day. However, to complete the online transactions they need to furnish some important details regarding their name, address, contact, institution, credit card number and so on. These details are very sensitive by nature and nobody wants it to get them stolen as it can lead to huge losses.

Thus, it’s very important to assure that the web sites you are using are secure and no unauthorised party can view the details. If you are using Apple Safari then you can easily identify whether a particular web site is secure or not. If it’s secure then you will see a small icon resembling a ‘Lock’ at the right side on the title bar. You will also notice that the site’s URL begins with ‘https’, instead of http. Whenever Safari encounters a non-secured web site then it asks the user whether to use a secure connection or an insecure connection while logging in. As always it is important to never complete online transactions with a website, such as online banking, or ordering electronics like the Samsung LE-40A856 with your credit card, unless the website is secure. It is therefore always recommended that you use secure logging to encrypt your information.

On the secure websites Safari verifies its ownership via digital certificate and starts encrypting all the information the user enters. Safari can work perfectly with those portals that use 40-bit or 128-bit encryption. If you wish to view the contents of the web site’s security certificate then simply click on the lock icon. Once the information is encrypted it cannot be viewed by any unauthorised entity online.

Digital certificates are often used by the web browsers to transfer information in a safer way over the Internet. Apple Safari also makes use of digital certificates, if issued. A digital certificate represents your digital entity and the information associated with that entity. The associated information may include your name, address, contact number, business details or anything else.

A digital certificate is made up of three components. The first one is the public key that is used to decrypt the information. The second component is the identity of the organisation that signs the digital certificate and validates its authenticity. Such organisational identity is technically known as Certificate Authority or CA. The last component of the digital certificate is the actual information that the CA associates with your digital entity.

Usually a digital certificate is restricted for particular use such as digital signatures, encryption, use with web servers etc. The process of restricting the certificates for a specific purpose is called ‘key use restriction’. This is done so that a particular type of certificate cannot be used for any other task. If someone attempts to use a restricted certificate for any unassigned task then the attempt will simply fail. However, it is possible to use a single certificate for different purposes but it is not recommended as this liquidates the security. Obviously these type of security measures are especially helpful for ecommerce sites selling things like furniture, TVs, game consoles, washings machines etc., since valuable credit card information will be exchanged to purchase items from the site. Time constraints are also imposed on the digital certificates. A certificate remains active only for a limited time period and beyond that it gets expired and needs to be replaced with a new one.

One of the most attractive charms of Apple Safari for Mac OS X 10.5 is its private browsing feature, which is expected to keep internet surfing private. According to Apple, the Private Browsing feature leaves no traces regarding the web browsing done by a particular user. Normally Safari stores all the information about websites a particular user has visited. It also keeps information that has been entered in the search bars, forms and user id, but if the Private Browsing is on (which can be found under the Edit menu) then such information is not stored and another user cannot trace the web activities of the previous users.

Apple also says that if the Private Browsing is off then the Reset Safari option can clear all the cache but this is not completely true. Clearing the cache or browsing the Web in private mode clears all the site tracks but only for a normal user who knows how to work on the Safari’s GUI (Graphical User Interface) but one can still go beyond that and recover all the site track bypassing the Private Browsing and Reset Safari functions. If you share your computer, then erasing your browsing record can be almost as important as the role the Symantec Norton Internet Security software plays on your computer. You can go to the terminal and type the following command in order to track all the web activities:

dscacheutil -cachedump -entries Host

This will list all the entries with time and access date. To completely get rid of it you have to manually enter the following command:

dscacheutil -flushcache

Apple has recently released the new update for its Safari web browser. The version of this new update is 3.2.1 and it is the successor of the Safari 3.2 update. According to the company, the new update offers no new features to the Safari fans but still it’s important to have it installed as it offers some minor yet important bug fixes and patches. The 3.2 version of Safari also included the latest security patches and offered added security for Microsoft Windows XP/Vista and Mac users, but is still vulnerable to malicious codes. It was also suffering from unexpected application termination issues, which in any case leaves users full of agony, especially when they in middle of something really very important.

The update version 3.2.1 overcomes such any such issues and is fully protected against malicious codes. So you can always browse through the Internet like a breeze without worrying about the online corruption. Apart from this the new update also makes the Safari more stable in terms of performance. The old Safari, in some cases had lead to the system crash. The latest update also takes care of this problem and assures that your hard disk drive never faces any sort of negative impacts due to Safari. To install this update you need to have Apple Safari 3 installed on a computer running on Mac OS X version 10.4 or later

One unique thing that Apple Safari for Windows has to offer is the Private Browsing feature. This is one of the browser’s special features that make it an outstanding resource to trust while surfing on the web. For many web surfers the internet is the main source for carrying on their business and they need an easy solution to bolster secured online transactions.

If your web browsing is your business then you can bank upon Safari. Once its private browsing option is enabled it totally makes all your web activities private. Your web surfing is completely hidden in that mode. While working in private browsing mode the Safari doesn’t store the Google searches, history, cookies, download history and the online forms. So there are no traces left behind. The private browsing option can also be used to empty the cache and clear all the previously stored records of web browsing, downloads, forms, search bars etc.

This way you can always prevent the online identity theft. Many laptops, such as the IBM ThinkPad R52, contain numerous security precautions, like a fingerprint scanner, to prevent unauthorised access. However, these measures do nothing to secure you will whilst onlin. That’s why using Safari’s private browsing feature is a great saviour, especially when using public PCs. It really clears all the private information which shouldn’t be known to anyone else. For example; credit card number or any other personal details such as contact number, address etc. So always remember to enable the private browsing option. It can be found under the Edit option pinned on the menu bar of Safari.