Mozilla beefs up security with Firefox 3

Mozilla beefs up security with Firefox 3
The Mozilla Foundation released on Monday a beta version of the group's latest open-source Firefox browser, rewriting parts of the code and enhancing security.

Firefox 3 Beta 1 adds anti-malware features to the browser, using a similar mechanism as the anti-phishing feature in Firefox 2, harnessing a Google-generated blacklist of sites that are hosting malicious code. The beta version of the browser also checks plugins to make sure they are compatible with the software and uses a secure download mechanism for updates.

"There is a lot of code that has changed, but I don't think there is a lot more code," Mike Schroepfer, vice president of engineering for the group, told SecurityFocus. "We have actually excised old code, and there are couple of areas were we dug out the component and rewrote the whole thing."

Web sites have become an increasingly important vector for malicious and fraudulent software. Earlier this month, attackers defaced hundreds of Web sites -- and thousands of pages -- embedding hidden iframe code to redirect visitors to malicious download sites. Yet, while such techniques can affect Firefox as well as Internet Explorer, attackers have generally left the open-source browser alone, despite it having a greater number of flaws.

Security features have become a point of competition between Mozilla and Microsoft. A year ago, when both organizations launched their latest browsers, they both claimed to have a better -- albeit, very similar -- anti-phishing solution.

Mozilla has included several user interface improvements to help users understand the risks of a particular Internet site. Clicking on the favicon, the small icon for the site at the left of the URL (uniform resource locator), will drop down a box containing identity information about the site. The group also rewrote the Password Manager in JavaScript from C++ to eliminate memory errors, Schroepfer said.

The Mozilla Foundation has not given a release date for the final version of the Firefox 3 browser.

What is Cross Site Scripting?

What is Cross Site Scripting?
Cross Site Scripting (or XSS) is one of the most common application-layer web attacks. XSS commonly targets scripts embedded in a page which are executed on the client-side (in the user’s web browser) rather than on the server-side. XSS in itself is a threat which is brought about by the internet security weaknesses of client-side scripting languages, with HTML and JavaScript (others being VBScript, ActiveX, HTML, or Flash) as the prime culprits for this exploit. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the malicious user. Such a manipulation can embed a script in a page which can be executed every time the page is loaded, or whenever an associated event is performed.

A basic example of XSS is when a malicious user injects a script in a legitimate shopping site URL which in turn redirects a user to a fake but identical page. The malicious page would run a script to capture the cookie of the user browsing the shopping site, and that cookie gets sent to the malicious user who can now hijack the legitimate user’s session. Although no real hack has been performed against the shopping site, XSS has still exploited a scripting weakness in the page to snare a user and take command of his session. A trick which often is used to make malicious URLs less obvious is to have the XSS part of the URL encoded in HEX (or other encoding methods). This will look harmless to the user who recognizes the URL he is familiar with, and simply disregards and following ‘tricked’ code which would be encoded and therefore inconspicuous.

Top 10 Web application vulnerabilities for 2007

Top 10 Web application vulnerabilities for 2007
A1 - Cross Site Scripting (XSS) XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content. XSS allows attackers to execute script in the victim's browser which can hijack user sessions, deface web sites, possibly introduce worms, etc.
A2 - Injection Flaws Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data is sent to an interpreter as part of a command or query. The attacker's hostile data tricks the interpreter into executing unintended commands or changing data.
A3 - Malicious File Execution Code vulnerable to remote file inclusion (RFI) allows attackers to include hostile code and data, resulting in devastating attacks, such as total server compromise. Malicious file execution attacks affect PHP, XML and any framework which accepts filenames or files from users.
A4 - Insecure Direct Object Reference A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, database record, or key, as a URL or form parameter. Attackers can manipulate those references to access other objects without authorization.
A5 - Cross Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim's browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim's browser to perform a hostile action to the benefit of the attacker. CSRF can be as powerful as the web application that it attacks.
A6 - Information Leakage and Improper Error Handling Applications can unintentionally leak information about their configuration, internal workings, or violate privacy through a variety of application problems. Attackers use this weakness to steal sensitive data, or conduct more serious attacks.
A7 - Broken Authentication and Session Management Account credentials and session tokens are often not properly protected. Attackers compromise passwords, keys, or authentication tokens to assume other users' identities.
A8 - Insecure Cryptographic Storage Web applications rarely use cryptographic functions properly to protect data and credentials. Attackers use weakly protected data to conduct identity theft and other crimes, such as credit card fraud.
A9 - Insecure Communications Applications frequently fail to encrypt network traffic when it is necessary to protect sensitive communications.
A10 - Failure to Restrict URL Access Frequently, an application only protects sensitive functionality by preventing the display of links or URLs to unauthorized users. Attackers can use this weakness to access and perform unauthorized operations by accessing those URLs directly.

Akhirnya Lima Siswa SMAN 34 Diberhentikan

Akhirnya Lima Siswa SMAN 34 Diberhentikan
Dinas Pendidikan Menengah dan Tinggi (Dikmenti) DKI Jakarta akhirnya memutuskan untuk memberhentikan lima siswa SMAN 34 yang diduga melakukan tindakan kekerasan terhadap adik kelasnya.

“Mereka dinilai telah melanggar tata tertib yang telah disepakati saat menjadi siswa baru,” tegas Margani Mustar, Kepala Dinas Dikmenti DKI Jakarta di Balai Kota, Rabu (14/11).

Margani menuturkan, saat masa penerimaan siswa baru, semua siswa menandatangani surat pernyataan yang intinya bersedia untuk mematuhi tata tertib. “Salah satu peraturan itu yakni tidak berkelahi,” jelasnya.

(www.dikmentidki.go.id)

Membuat Blog dengan Mudah

Membuat Blog dengan Mudah
Syarat utama membuat blog anda harus mempunyai email, disarankan (gmail.google.com)
Setelah itu Silahkan browsing ke alamat penyedia layanan blog, misalkan http://blogger.com/

1. Klick "Create Your Blog Now" / "Ciptakan Blog Anda sekarang", selanjutnya akan keluar form
"Create a Google Account"
2. Lalu isikan data anda dengan lengkap
3. Klick tombol "Continue" selanjutnya akan muncul form "Name your Blog"
4. Tentukan nama dan alamat Blog Anda
5. Klick tombol "continue" selanjutnya muncul form "Choose a Template"
6. Klick Tombol "Continue" muncul Tulisan "Your Blog has been created!"
7. Klick tombol "Start Posting" untuk mulai mengisi blog

What is Podcasting?

What is Podcasting?
A podcast is a digital media file, or a series of such files, that is distributed over the Internet using syndication feeds for playback on portable media players and personal computers. A podcast is a specific type of Webcast which, like 'radio', can mean either the content itself or the method by which it is syndicated; the latter is also termed podcasting. The host or author of a podcast is often called a podcaster. The term "podcast" is a portmanteau of the name of Apple's portable music player, the iPod, and broadcast: "pod" refers to the iPod, and "cast" to the idea of broadcasting.[1]
In other words, a podcast is a collection of files (usually audio but may include video) residing at a unique web feed address. People can "subscribe" to this feed by submitting the feed address to an aggregator (like iTunes - software that runs on the consumer's computer). When new "episodes" become available in the podcast they will be automatically downloaded to that user's computer. Unlike radio or streaming content on the web, podcasts are not real-time. The material is pre-recorded and users can check out the material at their leisure, even offline.
Though podcasters' web sites may also offer direct download or streaming of their content, a podcast is distinguished from other digital media formats by its ability to be syndicated, subscribed to, and downloaded automatically, using an aggregator or feed reader capable of reading feed formats such as RSS or Atom.
Certain podcasts can even be live and interactive. Dozens of podcast enthusiasts can be on at once, with the "host" being able to control their audience in the same way a radio host can.

Apa itu RSS ?

Apa itu RSS ?
RSS merupakan akronim dari Really Simple Syndication atau Rich Site Summary. RSS dapat dideskripsikan sebagai teknologi penampil isi sebuah website. dengan RSS dapat mempermudah kita untuk mencari informasi tampak mengujungi website tertentu. cukup dengan berlanggana RSS tersebut.
RSS pertama kali dirilis oleh Netscape. dengan versi perdananya RSS 0.90. dan sekarang yang populer digunakan adalah RSS versi 2.0.
Website penyedia RSS dapat mudah dikenali karena biasanya mencantumkan ikon RSS feed atau XML yang berwarna oranye. RSS ini besar manfaatnya bagi para blogger.

What is RSS

What is RSS
For other meanings of RSS, see RSS (disambiguation).
For RSS feeds from Wikipedia, see Wikipedia:Syndication.
RSS

Screenshot of an RSS feed as seen in Mozilla Thunderbird
File extension:
.rss, .xml
MIME type:
application/rss+xml (Registration Being Prepared)[1]
Extended from:
XML
RSS (which, in its latest format, stands for "Really Simple Syndication") is a family of web feed formats used to publish frequently updated content such as blog entries, news headlines or podcasts. An RSS document, which is called a "feed", "web feed", or "channel", contains either a summary of content from an associated web site or the full text. RSS makes it possible for people to keep up with their favorite web sites in an automated manner that's easier than checking them manually.
RSS content can be read using software called a "feed reader" or an "aggregator." The user subscribes to a feed by entering the feed's link into the reader or by clicking an RSS icon in a browser that initiates the subscription process. The reader checks the user's subscribed feeds regularly for new content, downloading any updates that it finds.
The initials "RSS" are used to refer to the following formats:
Really Simple Syndication (RSS 2.0)
RDF Site Summary (RSS 1.0 and RSS 0.90)
Rich Site Summary (RSS 0.91)
RSS formats are specified using XML, a generic specification for the creation of data formats.

Anything about Blog

Anything about Blog
A blog (a portmanteau of web log) is a website where entries are written in chronological order and commonly displayed in reverse chronological order. "Blog" can also be used as a verb, meaning to maintain or add content to a blog.
Blogs provide commentary or news on a particular subject such as food, politics, or local news; some function as more personal online diaries. A typical blog combines text, images, and links to other blogs, web pages, and other media related to its topic. The ability for readers to leave comments in an interactive format is an important part of many blogs. Most blogs are primarily textual, although some focus on art (artlog), photographs (photoblog), sketchblog, videos (vlog), music (MP3 blog), audio (podcasting) or sexual topics (Adult blog), and are part of a wider network of social media.
In May 2007, blog search engine Technorati was tracking more than 71 million blogs.[1]

Ragam Jenis Blog

Ragam Jenis Blog
Banyak sekali ragam Blog!!!
ditinjau dari tipe medinya blog dibedakan :
1. Photoblog
2. Videoblog atau Vlog
3. LinkLog
4. Podcast

untuk memulai membuat blog kita tentukan dulu jenis blog yang akan dibuat, setelah itu nantikan postingan saya selanjutnya!11

Langkah Awal Membuat Blog

Langkah Awal Membuat Blog
Tanpa sadar seringkali kita mendengar kata blog, blogging, ataupun web blog. sebenarnya apa yang dimaksud dengan blog?? atau web blog?? kalau kita searching pada search engine (misalkan : google.com) pasti ketemu!!...
Secara gampang kita dapat mendefinisikan blog sebagai web yang mudah kita atur dan memuat tulisan-tulisan kita yang diarsipkan dengan kronologis terbalik (sesuai urutan tanggal posting)
Dengan blog kita dapat mengenalkan diri kita ke dunia maya, mempromosikan kemampuan kita, sampai dapat digunakan untuk mendulang dolar lewat internet
Anda tertarik?? ikuti postingan saya selanjutnya!