Internet Explorer IE 6 Security Privacy Flaw

For privacy and security Internet Explorer (IE) wouldn’t be my recommended browser ever – but today I had to test a website connection which I was having trouble with through my tunneled Firefox.

To do this I had a look at this site and some of their tools: CentralOps.net

I found using the Domain Dossier with service scan and trace route clicked helped me no end.

While I was there, and using IE6, I had a quick look at their Browser Mirror, and noticed this under clipboard

As can be easily seen, I had the words “Browser Mirror” in my clipboard and this script could read it – not so secure.

To fix this I change the security preferences from “default level” to Custom Level and disabled all automatic scripting functions, like so:

From (insecure):

To (more? secure):

For security and privacy reasons it is best simply not to use this junk – use Firefox (I tested Firefox and nothing was taken from my clipboard).

How to “socksify” a mac

Recently I have needed to socksify a mac.

Socksifying means that applications (like email pop3 / smtp programs) that normally do not use proxies or socks can tunnel their connections through the socks proxy. Socksifying connections is used mostly when using SSH secure tunneling for privacy and anonymous reasons (fully encrypted and secure all your internet / network connections including; web surfing, pop3 / smtp email, chat, etc use). The SSH tunnel service provider must be running socks4 or socks5 proxy software.

Now with a windows PC this is fairly straight forward (I thought) as there is free software available (called SocksCap). To socksify a PC connection means a simple download, install and configuration of the free software.

Being a ex-PC user (aren’t we all!) I thought the same would be required for my mac, how was I wrong, I wasted days downloading and installing many useless programs like fink, socat and what they required, Xcode (a 600 + mb download!).

After 2 days of total frustration I simply configured my network and browser proxy settings to the “socks” proxy only (left everything else blank) – and guess what it worked like a charm. No software to install, no configuration at all – macs are so easy sometimes the ease is simply overlooked.

To socksify your mac simply leave all other proxy settings empty and only fill in the socks proxy boxes.

In details it means;

1. Open up your system preferences, choose network, choose the live connection (most likely already selected), click configure, click proxy settings, and in the two socks boxes put in the socks server you are using and port. Click apply and you are finished.

A mac must be the easiest machine to sockify!

Why would anyone want to do this? Well … for privacy and anonymity on the internet of course …

Running IE on Debian and Ubuntu Linux

Need Internet Explorer (IE) for testing websites or just to work with some websites (surely no one would actually want to use it) AND are running Debian or Ubuntu? Then this maybe for you, no visualization software to install, installation is not complicated at all!

Running Internet Explorer in Debian and ubuntu Linux

Is there anything Linux can not do? Of course at the moment there is but there is always a workaround – worse case is running a windows dual boot system or running windows actually on your Linux operating system (more about that later).

Mac Trojans, Mac Viruses, Mac Keyloggers & Mac Spyware!

And MAC users thought they where safe!

Check out this list of active keyloggers, viruses, trojans, spyware, remote access baddies;

Trojan: ttyltty, TakeDown Suite, UnderHand Server, UnderHand Trojan Server, UnderHand, Termite X, Termite ServerEdit, Termite, Xover Server, Xover Client, HellRaiser Client 3.0 and HellRaiser Server 3.0

Keylogger: Monitorer, CarbonKeys Client 1.2, CarbonKeys Client 1.3, CarbonKeys Server 1.2, CarbonKeys Server 1.3, Monitorer Manager, Monitorer Pro Manager, OSXvnc, CarbonKeys, TextTrap, SuperSave, Peeping Tom, Mac Life Insurance, Invisible Oasis, Last Resort, KeyStroke, Keystroke Recorder, TypeSaver , TypeRecorder, Monitorer X, Keyboard Spy, Keyboard and Mouse Recorder, Keystroke Recorder X and Monitorer X Pro

Remote Administration: TypeRecorder X, WDTech RAE

Instant Access Dialer: PPP Dialer

Login Bypasser: BypassIt

Remote Access Trojan: Xover

A list of trojans, etc can be found here: http://macscan.securemac.com/list.php

I tried out MacScan and found nothing on my Mac (excellent to see of course) but that does make me wonder – since I have never used this type of scanner before *ever* just how many of these bad guys are actually running around and active (outside the real narsty side of the web of course).

Check out MacScan for yourself, free download and shareware for around a month and US$ 30 to buy.

Free SSL Website Certificates from CACert

Free and open source SSL secure certificates for your websites are available now from CACert.

Now, website owners can save hundreds (if not thousands) when securing their websites.

Sadly, CACert is having trouble getting their root certificate preinstalled in most common browsers – this system of course protects the established expensive providers only – not the end user (us).

CACert’s root certificate is very easy to install – one click install here (this page gives you the install option).

Main website: http://www.cacert.org/

Protect your email address from spammers

Protecting your main email address is becoming more and more important.

Phishing attacks (where a scammer send you a email which *looks like* it is from your bank or other trusted source) are dangerous, one slip up and you may find yourself in big trouble.

Other *lose email* practices simply result in your inbox just being filled with garbage – spam, spam and more spam! Use the internet long enough and you will start to receive hundreds of spam emails everyday.

There are a few options available to the average person to tackle spam and it’s dangers:

(more…)