Internet Explorer IE 6 Security Privacy Flaw

For privacy and security Internet Explorer (IE) wouldn’t be my recommended browser ever – but today I had to test a website connection which I was having trouble with through my tunneled Firefox.

To do this I had a look at this site and some of their tools: CentralOps.net

I found using the Domain Dossier with service scan and trace route clicked helped me no end.

While I was there, and using IE6, I had a quick look at their Browser Mirror, and noticed this under clipboard

As can be easily seen, I had the words “Browser Mirror” in my clipboard and this script could read it – not so secure.

To fix this I change the security preferences from “default level” to Custom Level and disabled all automatic scripting functions, like so:

From (insecure):

To (more? secure):

For security and privacy reasons it is best simply not to use this junk – use Firefox (I tested Firefox and nothing was taken from my clipboard).

How to “socksify” a mac

Recently I have needed to socksify a mac.

Socksifying means that applications (like email pop3 / smtp programs) that normally do not use proxies or socks can tunnel their connections through the socks proxy. Socksifying connections is used mostly when using SSH secure tunneling for privacy and anonymous reasons (fully encrypted and secure all your internet / network connections including; web surfing, pop3 / smtp email, chat, etc use). The SSH tunnel service provider must be running socks4 or socks5 proxy software.

Now with a windows PC this is fairly straight forward (I thought) as there is free software available (called SocksCap). To socksify a PC connection means a simple download, install and configuration of the free software.

Being a ex-PC user (aren’t we all!) I thought the same would be required for my mac, how was I wrong, I wasted days downloading and installing many useless programs like fink, socat and what they required, Xcode (a 600 + mb download!).

After 2 days of total frustration I simply configured my network and browser proxy settings to the “socks” proxy only (left everything else blank) – and guess what it worked like a charm. No software to install, no configuration at all – macs are so easy sometimes the ease is simply overlooked.

To socksify your mac simply leave all other proxy settings empty and only fill in the socks proxy boxes.

In details it means;

1. Open up your system preferences, choose network, choose the live connection (most likely already selected), click configure, click proxy settings, and in the two socks boxes put in the socks server you are using and port. Click apply and you are finished.

A mac must be the easiest machine to sockify!

Why would anyone want to do this? Well … for privacy and anonymity on the internet of course …

Mac Trojans, Mac Viruses, Mac Keyloggers & Mac Spyware!

And MAC users thought they where safe!

Check out this list of active keyloggers, viruses, trojans, spyware, remote access baddies;

Trojan: ttyltty, TakeDown Suite, UnderHand Server, UnderHand Trojan Server, UnderHand, Termite X, Termite ServerEdit, Termite, Xover Server, Xover Client, HellRaiser Client 3.0 and HellRaiser Server 3.0

Keylogger: Monitorer, CarbonKeys Client 1.2, CarbonKeys Client 1.3, CarbonKeys Server 1.2, CarbonKeys Server 1.3, Monitorer Manager, Monitorer Pro Manager, OSXvnc, CarbonKeys, TextTrap, SuperSave, Peeping Tom, Mac Life Insurance, Invisible Oasis, Last Resort, KeyStroke, Keystroke Recorder, TypeSaver , TypeRecorder, Monitorer X, Keyboard Spy, Keyboard and Mouse Recorder, Keystroke Recorder X and Monitorer X Pro

Remote Administration: TypeRecorder X, WDTech RAE

Instant Access Dialer: PPP Dialer

Login Bypasser: BypassIt

Remote Access Trojan: Xover

A list of trojans, etc can be found here: http://macscan.securemac.com/list.php

I tried out MacScan and found nothing on my Mac (excellent to see of course) but that does make me wonder – since I have never used this type of scanner before *ever* just how many of these bad guys are actually running around and active (outside the real narsty side of the web of course).

Check out MacScan for yourself, free download and shareware for around a month and US$ 30 to buy.