Researcher: Don’t trust toolbars for Firefox | IDGNS | News | May 30, 2007 | By Robert McMillan, IDG News Service

A security researcher has found that Firefox toolbars by companies like Google, Yahoo, and AOL do not update via secure connections, creating a vulnerability

One of the things that moved me from Opera to Firefox was the number of extensions and the fact they added functionality that I actually needed on a regular basis. Scribefire is one of them and I am using it now. The only snag is not being as happy with the security as I was with Opera. I’m not suggesting that toolbars and addons are created maliciously, but these days honest mistakes can be very troublesome.

I suppose I should really go back to Opera, but it is hard to go back to tasks taking longer, even though I know I’ll be safer.

Flaw Fixed in Unix-like Systems

A buffer overflow vulnerability caused by an integer underflow in the file_printf function in Unix-like operating systems has been patched

Patches by Red Hat and Ubuntu were released more than a week ago for users of Red Hat Enterprise Linux 4 and 5 as well as Ubuntu 5.10, Ubuntu 6.06 LTS, Ubuntu 6.10 and corresponding versions of Kubuntu, Edubuntu, and Xubuntu. OpenWall GNU/*Linux and Mandriva have also released updates to address the issue.

Time to double check for online updates methinks…..

Linux.com | Introduction to OpenID

OpenID is an open decentralized digital identity system that has been gaining traction in recent months. It implements a solution to some everyday headaches such as single-sign-on, but it does not address related issues like privacy, trust, spam prevention, or message authentication. OpenID uses a multiple-stage sign-on process, but don’t let that discourage you. As an end user, the benefits are stacked in your favor.

What is OpenID?

The Short Answer OpenID is a light-weight, decentralized authentication mechanism that allows you to have one login that you can use anywhere on the Internet. To sign up for an OpenID, please visit any of the following identity providers: MyOpenID , VeriSign Personal Identity Provider, GetOpenID, MyLID, Sxipper

Echoes of Passport here, but with (hopefully) a greater chance of success. Anything that can be trusted and reduces the ridiculous number of usernames and passwords, is worth a go.

Linux.com | Note to new Linux users: No antivirus needed

Misleading claims and false advertising by virus protection rackets to the contrary, you simply don’t need antivirus products to keep your Linux box free of malware.

While I agree that Linux does not need antivirus protection, I consider it good practice to have some form of AV protection on a Linux computer. Not for that computer’s benefit mind (at least, not at the moment) but for Windows users. Email borne viruses may pass through your inbox by mistake.

Then again, some distributions come with AV built in; it’s also open source so there’s no licensing issues. If you read the verbose mode of Mandriva there is a reference to ClamAV. Grisoft also has a Linux version of the ever popular AVG Free for Linux.

None of this detracts from the fact that Linux is far more resilient to viruses. Sadly though there is no solution to human error relied upon by most phising attacks…

Kaspersky Lab announces a new section of the website – Kaspersky Linux Security. Here you can find the latest Kaspersky Lab antivirus and anti-spam products for protecting your Linux systems.

Kaspersky Lab: Antivirus software