Blogs

On February 18. Secunia announced a zero-day-exploit for Firefox 3.6. A serios bug in Mozilla Firefox offers the possibility for remote code execution with administrator rights on Windows. It is possible that earlier versions of Firefox are affected too.

Evgeny Legerov about the result of his work: "People who've seen firefox exploit agree with me - it is a really cool bug, it was an interesting challenge to find and exploit it."

A team of scientists that has already informed about other unusual possibilities of espionage has now discovered a new method to obtain personal information: they analyzed the noises of a dot matrix printer and were thus able to reconstruct a large part of the printed information.

Philosophy and technology

Do we need JonDonym? The question seems to be out of place, since this is the blog of the company which co-develops that software. But nevertheless, if we have a look at western democracies just a very small minority of people is using services like JonDonym and the majority does not miss anything at all surfing the Web. So, do we need JonDonym?

As analogon to the "all-in-one device suitable for every purpose", they now really exist: the "pirate copying child porn terrorists" as Times Online states in a recent article (17.10.2008). Terrorists are supposed to hide secret messages in child pornographic images and to thereby spread them over the internet. We suppose that they also lack opyrights among other legal deficiencies - that's why the new term PCCPT may be established.

As the german web site Heise reports, companies might now be able to contact arbitrary visitors of their web sites using a new technology. This may be realised by a software of the company demandandbase, which may in many cases even identify individual employees of a specific company.

According to a report on Spiegel-Online, the german Federal Office for Information Security (BSI) explicitly warns from using the new Google browser "Chrome" productively. The browser may be half-baked (explicit beta, not a complete product) and had been released to market far too early. Moreover, Google may very probably use this browser to collect private surf information and other personal user data.

Since a while, a new profiling system named Phorm is in beta test at U.S. american and british access providers. Without asking the customers meanwhile some hundred thousand, partially quite detailed, data sets about visited websites and requested content (e.g. also from web e-Mails) have been created. It might be just a matter of time until such a technology will be applied in other european countries.

After recent reports about the german BKA looking for suspects in the visitors of their web sites, now even more threatening measures against web surfers have been uncovered to be used by the U.S. FBI. After clicking on prepared web links (or after automatic download by browser prefetching...). the FBI searches the houses of those people whose IP addresses could be backtraced to their identities.

The FakeNameGenerator makes ist quite easy to create plausible identities for exploring the web. This service is free and does not need any registration.

For synchronizing Firefox bookmarks we have been developing an extension that should - in contrast to all other existing ones - keep the privacy of its users. As Mozilla is now developing a far more flexible concept, Weave, that fulfills the same requirements, we have decided to stop our own development without releasing it.

Simon Pecher, a computer scientist experiences in anonymisation techniques, is now a member of our development team. Some users know him from former forum postings he did as private person to give techical help.

As the CCC is still installing a new server, the whole CCC Cascade is not available at present.

As known since some weeks, even the pure installation of Internet Explorer 7 may lead to a major security breach of the Windows operating system. Links (URLs) in non-Microsoft applications (e.g. Adobe Reader, Mozilla Firefox, Skype, Miranda,...) may be modified in a way that clicking on them starts arbitrary Windows applications. This could be used to install and start spyware, viruses, trojan horses and so on.

As already known to us, but now confirmed by a report of the Georgia Tech Information Security Center, online videos (like from YouTube) may become THE favorite of hackers and online-spies. The browser plugins needed for these videos, like Flash and Java (do not confuse with JavaScript), may contain evil code in many ways, which is generally executed on the web surfers' computer without his control. Thereby this code gets control of the user's computer - virus scanner and firewalls do not help.

As was published recently, the german Bundeskriminalamt, by the help of providers, uncovers the identity if internet users, who visit some of their purely informative internet pages. Those who do not anonymise their IP address on visiting these BKA pages may therefore fall into a search raster through no fault of their own.