Terry's Computer Tips - Newsletter
November 26, 2006
Volume 2, Number 24 — Sunday, November 26, 2006
Part 1 | Part 2 | Part 3 | Part 4
3. Web Browser Bug -- IE and Firefox
Well, really, I'm not sure I would call it a web browser bug, so much as a possible phishing expedition that is enabled by some web sites. The real fix, though, CAN be controlled by changes in the web browsers.
P2Pnet.net (http://p2pnet.net/story/10510) reports a "Firefox bug" ( which is reported elsewhere to also affect Internet Explorer) is capable of disclosing userIDs and passwords. This bug is also reported on a number of other web sites and blog entries.
Ads by Terry
Sunbelt Kerio Personal Firewall
Two-way firewall protection for PC's
terryscomputertips.com/Kerio
CounterSpy
Always-running AntiSpyware Protection
terryscomputertips.com/Counterspy
It seems that, if a person can put HTML code on a web site, they sometimes can put a fake login form on the web site as part of that code. Where can this happen? On an blog or forum or such site that allows visitors to enter HTML code -- and there are NOT many of those. Most blog software and forum software prevents the entry of HTML code by the person posting. Unfortunately, not all do.
This bug is being exploited on the Internet now. Recently, there were reports of fake login screens at MySpace.com.
How do these work? They take advantage of Firefox and IE's functions to save passwords and user ID's and to automatically insert them into forms on those sites. In this case, while the actual form may be on the known site, a click on the submit button (which might even be invisible) sends the result to the malicious person's site.
Further, the actual form might be invisible... But, it still takes a click on the invisible "button" to make the phishing attempt work.
Mozilla is reported to have confirmed this issue, assigned a bug number, and has announced that it will be patched in version 2.0.0.1 or 2.0.0.2. I haven't heard any word on this from Microsoft, but they are usually much more close-mouthed about bugs and bug-fix plans.
The temporary fix for users is to disable the saving of passwords.
- In Firefox, this is under Tools, Options, Security -- uncheck "Remember passwords for sites".
- In Internet Explorer, the path is Tools, Internet Options. Select the Content tab, and click on the Settings button in the AutoComplete section of that tab. Then, on the AutoComplete Settings dialog box that opens, uncheck "User names and passwords on forms"
XP Repair Pro 2006
Find and fix Windows Registry errors
Download and scan for free
Read my review
XP Privacy Pro
Erase your Windows and Internet History Files
And, it works with Firefox and Opera, too!
Download and scan for free
Read my review
4. Reader Feedback
Subscriber Ivan Tadej wrote to say:
Hello Terry, this is again a response to your last "/Sunday, November 12, 2006/" TCT newsletter-issue ...
You see, regarding the "/*4. Firefox 2.0 Bookmarks*/" entry on the http://www.terryscomputertips.com/archives/news_20061112_2.php page in particular, I thought to let you know that there is one much easier and straight-forward way of exporting Firefox's "bookmarks.html" files (and importing them too), i.e. all one needs to do is go to the main menu on the program's interface, click on "Bookmarks" item, choose "Organize Bookmarks...", and then in the Bookmarks Manager go once again to the menu, click on "File" and choose the "Export..." option.
regards, Ivan Tadej
http://www.tadej-ivan.be/
Good point, Ivan. However, in the case of that particular article, Karen (the subscriber with the question) wanted to know where the actual file was located.
There's an even easier way to back up Firefox, Mozilla, Netscape and Thunderbird profiles. There is a free utility that will back up the profiles (and restore them). I cover it in my article Backing Up Your Mozilla, Firefox, Thunderbird and Netscape Profiles
New subscriber Valerie Mitchell found her answers on Terry's Computer Tips. She was having a problem with slow-loading web site links, when she clicked on links in her Outlook Express email program. I'm glad she wrote to thank me!
Just wanted to thank you for the tips on this. The only one that did work for me however, was turning off system restore and letting it dump then turning it back on. Links in emails now load quickly again.
Thanx
v.mitchell
If you've experienced this problem, or if you do in the future, you can find my tips on solving it in my article Slow-loading Web Browser Links.
The link is also available in the Computer Tips / Email / Outlook Express and Computer Tips / Web Browsers / Internet Explorer areas of my site navigation bar.
Part 1 | Part 2 | Part 3 | Part 4
Volume 2, Number 24 — Sunday, November 26, 2006
Copyright © 2006 Terry A. Stockdale. All rights reserved.
|
|
