IE7 is being hailed as Microsoft’s trump card on the web. If you ask anyone in the know, there are better features and security in nearly any other browser, but Microsoft does have the market cornered, with IE7 set to be rolled out automatically to millions of computers via Windows Update.

IE7 vulnerabilities… already?

Unfortunately, the day after IE7‘s big release, Secunia already lists two security flaws:

• Internet Explorer 7 “mhtml:” Redirection Information Disclosure
• Internet Explorer “mhtml:” Redirection Disclosure of Sensitive Information

Gladly, the vulnerabilities only rate as “Less Critical“, so it’s unlikely that they’ll bring your computer to a halt. It’s more of a possible risk of exposing your browsing habits to someone with malicious intent. It’s not that these vulnerabilities are new, per se. It’s just that Microsoft hasn’t bothered to fix them. Personally, I expect better quality control from one of the world’s largest software giants.

Despite this nasty early surprise (can we really call it that?), IE7 is definitely an improvement over all previous versions of Internet Explorer. Everyone with Windows XP Service Pack 2 should install IE7 to get rid of older, even buggier, versions of Internet Explorer.

After upgrading, you might still like to consider using a better, more frequently updated browser.

Blessings, Steve

P.S. For any eagle-eyed readers, there’s also been a recent “Highly Critical” flaw discovered in Opera. For anyone with version 9.01 or earlier, you can already update your browser (version 9.02 at the time of writing).

[Listening to Incubus, Alive at Red Rocks --- Idiot Box]

A new security advisory at Secunia describes newly-found problems in Macromedia’s Flash Player for all versions up to v8.0.22.0.

This affects almost everyone on the web, as the Flash Player is used by almost every Windows-based browser, including (but not limited to):

• Internet Explorer (including IE-based “browsers” such as Maxthon and Avant Browser)
• Firefox (including derivatives such as Flock)
• Mozilla (and other Mozilla-based browsers)
• Opera
• Netscape
• Other Flash-capable browsers

This is not a fault with these browsers per se. However, as the Flash Player component is embedded into the browser, the problem can be exploited by simply browsing to a site that contains a malicious Flash movie.

Updating Flash Player

You need to update the Flash Player for your browser(s). To avoid having any (more?) problems because of this vulnerability, download the latest Flash Player (v8.0.24.0 at the time of writing) from the Macromedia website.

• Macromedia Flash Player Download Center

Important: If you have more than one browser installed (eg. Firefox and Internet Explorer), make sure you update the software for each browser. To do this, you will have to visit the Flash Player Download Center with each browser you have installed. The page automatically detects your browser and displays an appropriate version of the software.

Go and update as soon as possible!

Blessings Steve

Update: Problems downloading

Heh.

When I tried to update my other browsers, I had mixed results. I was able to update the Flash Player easily using Firefox, which also updated all the other Mozilla or Netscape-based versions.

However, when I accessed the Download Center using Internet Explorer, it seemed to display the download for a random operating system (namely Mac OS X and OS 9… I’m using Windows here…).

If you are having trouble updating your browser, Macromedia also have a list of downloads for all versions of Flash Player.

• Macromedia Web Players – list of “alternate” versions of Flash Player

Hopefully that’s the last we’ll hear of it.

[Listening to Delirious, GLO — Jesus' Blood]

The Mozilla Foundation surprised me this morning with an update to the excellent Firefox browser, now at version 1.5.0.1. Couldn’t find that much info about what was updated though… Secunia has a full list of vulnerabilities that have now been fixed in v1.5.0.1.

I only had two extensions disabled with this one — Fangs and Venkman, so I didn’t have too much to complain about in the upgrade.

For all you Firefox lovers out there (isn’t that all of you? ), go forth and download!

Blessings, Steve

Update

Secunia outlines the list of vulnerabilities in Firefox that have been fixed in version 1.5.0.1. The advisory is rated as being Highly Critical, and there are already some nefarious types using exploits on the internet to infect unsuspecting users.

The good news is that the team behind Firefox have moved very quickly to fix these problems. All software has bugs, but the negative effect of the bugs are minimised when they are addressed quickly.

Don’t wait to update your browser when there is an update. Update Firefox now!

[Listening to The Police, Live! (Disc 1) — Landlord]

Earlier this month, Macromedia disclosed a problem with its Flash Player software that may give hackers access to your computer. Secunia also reported the problem, giving it a rating of Highly critical.

Does this affect me?

Yes. Almost without question. Virtually every web browser comes with Flash Player as part of the software (such as Microsoft Internet Explorer) or as a downloadable plugin (as in Firefox, etc). Macromedia’s surveys claim that 97% of browsers have Flash Player.

The vulnerability has been confirmed not only on Windows systems but also on Mac and Linux platforms.

In fact, if you have more than one browser installed, you probably also have more than one version of Flash Player installed. For example, Windows comes with Internet Explorer already installed (and so also Flash Player), so if you’ve upgraded to a better browser (eg. Firefox or Opera), you probably have another version of Flash Player installed.

How do I update Flash Player?

Go and get yourself a cup of your favourite beverage before you start, particularly if you’re not that comfortable with the thought of upgrading things.

Updating Microsoft Internet Explorer

All Windows users should do the following:

1. Open Microsoft Internet Explorer (one of the only times I’ll be telling you to do this!);
2. Browse to the Macromedia Player Download Center at http://www.macromedia.com/go/getflash;
3. Follow the instructions to upgrade IE‘s Flash ActiveX control. You may need to read the instructions related to browser security options;
4. Close Internet Explorer. If you have another browser, you still need to upgrade its Flash Player as well (keep reading).

Updating other browsers

To update other browsers, such as Firefox, Mozilla or Opera:

1. Open your preferred browser (not Internet Explorer!);
2. Browse to the Macromedia Player Download Center at http://www.macromedia.com/go/getflash (you’ll see a different page than that displayed by IE);
3. Download the latest version of Flash Player to your computer (v8.0.22.0 at the time of writing);
4. Close your browser and install the Flash Player update (double-click the install file).

All done

If you have done all the appropriate steps outlined above, your Flash Player(s) should be up to date and safe from this vulnerability.

Take a deep breath and relax for a bit! If you’d like a laugh after all the hard work, check out my favourite reason to have a Flash Player — Homestar Runner.

Blessings, Steve

[Listening to Dream Theater, Falling Into Infinity — New Millennium]

Secunia, et al detail how a malicious webmaster could easily break the current version of IE, even with all current patches, using an extremely simple script in a page. Microsoft says it’s “investigating” the issue, which it admits has been on its books since May!

Stop using Internet Explorer now.

It won’t take long before this vulnerability is being exploited and real users suffering as a result.

Don’t be one of them. Get a real browser now, like Firefox or Opera.

As far as I’m concerned, Internet Explorer should now only be used to update your computer with the latest patches to make your PC safer. Unfortunately Microsoft Update doesn’t work in safer browsers.

What a sad irony.

If you’re still using Internet Explorer, consider changing to a safer, better browser. The internet will be safer for it.

Blessings, Steve

Udpates

• Attack code released for IE hole

[Listening to Neal Morse, Testimony — Sing It High ]