Still typing username and password everyday? Let IntelliLogin do it for!

http://www.getfirefox.com

BEN: Go to http://FREE.GRISOFT.com and download AVG anti-spyware. AVG just merged with security firm EWIDO, so EWIDO is now AVG Antispyware. And it’s free, so you can run that in addition to your ADAWARE and your SPYBOT (if you don’t have those, those are recommended too. Good stuff)

And when you get those, do a check for PurityScan adware. Otherwise known as Yazzle. There’s a couple variants. Open COMMON FILES folder in PROGRAM FILES and see if you have something in there from Outerinfo. If so remove it.

Ok, hope that helps!

And really it’s very easy not to get anything while surfing, simply turn off Javascript. Javascript is responsible for probably approaching 90% of all problems on the internet with popups and ads and so forth. (no matter what browser you’re using, it doesn’t matter) javascript:window.open() and OnLOAD= functions and resizers and popunders, defocusers, hijackers, menu removers, etc, that is all JAVASCRIPT. Click it off for casual surfing and it will obviate all of that stuff. Turn it ON when you need it, on sites that you know are ok. Another benefit is that your speed will increase. You’ll be much faster.

Good Luck!

I wont be keeping this software as I’ve already come up against a problem. My master password no longer works. I haven’t a clue whether it was my own fault, but it seems pointless to me having a master password when I only have several combinations of passwords all with the same log in name (well 2 or 3 actually), all of which I have no problems remembering, I think. (so far, lol) Besides they are all written down in a little black book I keep in the study, apart from my PayPal account, which is definitely kept in my memory only.

Comment by WhiteRabbit aka stephen — March 4th, 2007 at 11:33 pm ”

– Thanks STEPHEN! Yeah, don’t worry, there’s always a few in the fringe, and it was actually kind of entertaining :)

But on the serious side, not surprising how many don’t know about the flaws in firefox, and this one is serious. It could be devastating, if someone got into people’s passwords from firefox’s password manager and lost all their savings or got their paypal ruined or bank cards broken into. This is not just stuff like “it ruined my icons!” this is potentially serious. ID Theft. medical information. any number of implications. Not just “it crashed my pc and I had to reboot!” ok all fixed!

But there’s no convincing some people who want to believe things despite what’s in front of their face. heck the Geocentrist church nearly jailed Galileo Galilei, refusing to believe that the world was round instead of flat. (You know there’s still a Flat Earth Society out there today? lol. ) But it doesn’t matter how much they refuse to believe it, they can yell in comments and scream all they want, it doesn’t change the facts. They’ll just have to learn to deal with it.

One even said that he wouldn’t listen to anything even if I, or you, or security sites, or mozilla themselves, or any one of you on this board told him the right information, he wasn’t going to listen to it:

“Listen man we don’t need all this garbage about how anyone else should like Internet Explorer better then Mozilla Firefox just because you or someone else says its better.
I think you should keep your comments to yourself because people can decide for themselfs. And for what its worth I think Firefox is better.
Comment by Popeye — March 4th, 2007 at 6:44 pm ”

lol.

So if he doesn’t want to realize that it’s on Mozilla’s own site, the makers of Firefox, then not much you can do. hahaha. He’ll live & learn 1 day. Some people don’t get things until it hits them in the face and something actually happens to them.

And another one didn’t read and didn’t realize that it wasn’t me typing the information quoted, those are direct quotes from MOZILLA.ORG, CERT, Secunia, CastleCops, Wilder Security, Sophos, and well known security organizations.

There will always be those who cringe at the thought that their precious firefox baby might have a flaw in it and deny deny deny and scream it isn’t true. … But not much you can do about it.

Darwin has a way of sorting things out.

:)

—- lol. Hmm. Thanks for the compliment and that highly technical explanation of that. Since you posted the highly informative ‘it sucks’ message, I believe it, and I promise not to ever use it again. Especially since you backed it up with “it really does”. Nevermind CERT, milw0rm, secunia, and SecureLabs. That’s enough to corroborate it for me! Whew! you saved me a lot of research! Thanks buddy! ;)

#53 TORBRAM BUS 14 WROTE: “It doesen’t even sit anymore as the standard browser because people prefer to have others like oprea or firefox because EXPLORER has its flaws like confusing interface”

—– Uhm. lol. Sorry, just had to pause there because I got really confused by the interface. Ok, now where was I?… lol.

#53 TORBRAM BUS 14 WROTE: “I find it gets infected faster with popups and spyware like 20 times faster”

——20 times faster? I see. That’s interesting. And how exactly did you test that. Hmm. did you measure it with a stopwatch? You must work for a security firm, huh. AHA, I know, I bet you tested it with the old pc Infector speed test, eh? Actually, me and my friends get together for “Browser Races” on the weekend. We say, “who’s is faster!?” And then we go Ready…Set…Go! and surf all over the place, and then the first one back is the winner. But you say you were 20 times faster! Wow, you are really fast! That’s a lot faster than us, so I think you’re the fastest browsing king of the world. You win a hotdog. :) In the meantime, I will focus on the subject of today’s software, which is a password manager, and the fact that Firefox’s password manager has a specific flaw that can leak out your passwords to malicious sites. But thanks for the speed info. I always wondered how fast it took you to get infected. Now I know. :)

#53 TORBRAM BUS 14 WROTE: “and as for other websites getting your password that does not happen unless you have a virus…”

——Um. No. Torbram READ what I wrote previously. This is NOT a virus, my friend. This is a FLAW contained in the built-in password manager in Firefox. This is not a virus. This is a function that is coded INTO the Firefox program itself. And this function deals specifically with passwords. Which is todays topic. Passwords. And this ‘feature’ of Firefox contains a security flaw which has been confirmed by the MOZILLA Foundation themselves. As well as CERT, Secunia, MilW0rm, Symantec, Wilder Security, and others. This is not new. And this is widely known to everyone who is in IT Security at major corporations. It might not be so widely known in your school, but 2 minutes on altavista can help you with that. This flaw has been acknowledged by the developers of Firefox themselves. Firefox’s password manager has a flaw that will expose your passwords. Whether you want to hear it or not, or whether you like it or not, or whether you *hope* it isn’t true. The fact remains true. And despite the fact that the Reverse Site Cross Scripting flaw can affect multiple browsers, Firefox was found to be the worst, because of Firefox’s password manager. The recommended course of action for Firefox was to TURN OFF Firefox’s password manager feature and NOT use it. And if that was not bad enough, the way it affects firefox is that it could be giving out your passwords WITHOUT you ever seeing it or knowing it. Because a malicious page could set the form fields *invisible*. Then Firefox, without you knowing it will fill them in, submit, and give out your passwords to the hackers, all without you being able to see what just happened to you. If you don’t know about this flaw, my friend, you probably should start at MOZILLA’s own bugtrack website. Then do some additional studying up in the security field. Or, just keep typing “it doesn’t happen” and “it sucks it really does” whichever you prefer. :)

#53 TORBRAM BUS 14 WROTE: ” these browsers are supposed to be full proof or else they get bad reputation and then they stop putting these browsers for download all toghether!!! ”

—-Nice use of exclamation points there. Romanian judge gives you a 9.5 on that. And those exclamation points really go far in convincing me. Thanks. But seriously, you actually think browsers are in your words “FULL PROOF”? [sic]. First of all, the word is “FOOL” proof, not full proof. But I can understand why you would try to avoid typing the latter term there. In any case, by typing that what are you saying? You are saying that Firefox browser or any browser is Foolproof? I don’t think you want to be typing that, friend. You’re not going to build credibility upon your Firefox is foolproof claim. And as for bad reputatons, Firefox ALREADY has a bad reputation. I don’t know how quickly news travels around your circle, but in IT SECURITY firms, the Firefox bubble already burst with a big resounding “POP!” a long time ago. There are literally hundreds of flaws in Firefox, and people are now realizing that a lot of the claimed hype claiming that firefox was ’secure’ was used for MARKETING ['Spread Firefox!" campaign]. But people are now realizing all over the world now that this claim was false.

—–Mozilla itself admits FIREFOX contains Flaws:
“Updated: The Mozilla Foundation has confirmed findings that its Mozilla and Firefox browsers are vulnerable to attacks ” that’s right from the makers of Firefox. So there’s nothing you can say about it. If you’re simply unaware of this, then maybe you should read up on Mozilla’s own website 1st before claiming browsers are foolproof. Not Firefox, not IE, and not Opera. Anyway, I think everyone here already knows they are not.

“Ill even get you the chart I saw the other day I think it was CNET that evaluated the two browsers and overall firefox won 5-0 against EXPLORER You know what else the reason it comes with windows is because its crap everything that comes with windows is crap thats why we download third party applications/browsers etc.
Comment by Torbram Bus 14 — March 4th, 2007 at 1:06 pm ”

—– Ahh, yes, CNET, the place that contains javascript tracking links. (How do you think they post that info on CNET about how many times a program has been downloaded? Hmm?) But what you don’t know about CNET, but you would if you had been a software development corporation, is that when you sign up with CNET to host a shareware file on there, they give the developer collected statistics information on all the visitors that downloaded their program. Guests can’t see this. But if you’re a software developer, you know about CNET. Anyone hosting files on DOWNLOAD.com will receive tracking information which is collected by CNET on each visitor to CNET’s site and given as part of the hosting contract to the developer to track who’s been visiting their page and downloading their shareware program. But anyway, yes, I think you should go get us the little “chart” you saw ‘the other day’ ( 5-0. great research by the way) much better than the “it sucks” you posted above. And let’s see your chart and point us all to the place on your little chart where it shows Firefox’s PASSWORD MANAGER. It better have the Password Manager on that chart, friend, because THAT is the subject we are focused on today. It’s the PASSWORD manager that pertains to today’s GIVEAWAYOFTHEDAY software download. That is what we are talking about here. Today’s GAOTD program is about a password manager program. And the information I posted relates specifically to that Password feature of Firefox, which several people have gone and advocated on here in these comments, not realizing that Firefox’s PASSWORD MANAGER will expose them to ID theft. Dont give us a chart that talks about firefox has nicer icons 1 point! or “It has nice scrollbars! 2 points!” You can discuss that on other places, feel free. Todays GAOTD software deals with passwords, so on your ‘chart’ it better have a bar graph of the Reverse Cross Site scripting vulnerability on there relating to the built in Password Manager. Show it to me. I want to see it.

In the meantime, thanks for the entertainment :)

For all, I hope you got a laugh or a smile, but also some serious security information so that you are at least ‘aware’ of the flaw.

From there, each can make their own decisions about what you still prefer to use. If you choose to disregard it, that’s ok. up to you. But don’t complain when you find out all your passwords got stolen out of Firefox’s password manager :)

Now see! That’s a nice comment. One can still have perhaps a contrary view, but instead post a good technical alternative: Turn off Firefox’s Password Manager and use Google’s alternative instead. (Providing that one is good, haven’t tested it) but it’s a lot better than a “it sucks!” post. Good job, Diggity!

*Opens Google.com*….
Googles for “All posts by SCHOP”…
http://www.google.com/search?q=site%3AGiveAwayofthDay.com+%2BSCHOP
Yep! You’re right! Lots of useless information there. :))

But my favorite place for it is johnschop.nl

There I can find valuable things like photos of picking up 2 peanuts using chopsticks, how cold it is in ohio! And a cool picture of a truck!

Haha.

THEN…

#56 FEEDBACK WROTE: To all the PW Professionals here: IS #10 (Tab Delimited) RIGHT OR IS HE JUST BEING MR. LOOKATME EMPTYTHREATS?
Cheers! Comment by Feedback — March 4th, 2007 at 12:07 pm ”

TABDELIMITED is right. To an extent. You still need to decode the hash. But the thing is, it doesn’t really matter if you have the AMUST 1-login software or not, if the hacker got a keylogger onto you. You see what I mean? You could have the software, or have no software, doesn’t matter, if there’s a keylogger on you, its gonna get whatever you type, including your passwords anyway.

And for the portion about not needing physical access to your machine, if the perpetrator managed to email you the keylogger or somehow got it on you, then it could phone home with the data, so that part is correct as well.

So yes, it’s correct. What he was trying to get at, was that it would be faintly easier to surmise a password that was not (yet) logged, as long as they logged the master one. But the thing that would ruin that supposition would be that you need the hash. If it’s a fixed quantity, then yes. but if it’s a PSEUDO-RANDOM seed generator, or something unique to that cpu, then the remote person wouldn’t be able to as easily decode non-logged signons.

Naturally the same effect could take place for people who (not me) use the same password on all or most of their sites! they get one, they got them all.

So I think the caveat is more apt to watch out for the malicious keylogger, and today’s program would be of secondary concern.

Thanks Mac! Appreciate it!

Hehe, ‘the special one’…haha. that sounds like I ride “the special bus” … Maybe I do! Probably all the way to the special olympics. :)

But yeah, Mac, try out those VIRTUALIZATION Technologies, they are really useful for use as a testing platform as well as operating multiple virtual machines including preconfigured linux shells and distros, as well as possible use in massive deployments if you do rollouts of pc’s in the hundreds or thousands. You can do simulations of your master OS rollout images on there and iron out any problems before you deploy installations enterprise-wide. Good stuff. Will save you some time.