[DUG] Offtopic - but....

Jeremy North jeremy.north at gmail.com
Wed Jan 20 12:25:45 NZDT 2010 

> while it affects IE6 on XP most no versions are immune.

Scaremongering much John?

On Wed, Jan 20, 2010 at 10:20 AM, John Bird <johnkbird at paradise.net.nz> wrote:
> In Chrome you can find out what is using CPU for each tab, there is a task
> manager.
>
> Try the Firefox 3.6 beta
>
> I really really would hesitate to use IE at the moment, seeing as all
> versions including IE8 on Windows 7 are vulnerable to the latest China
> exploit - while it affects IE6 on XP most no versions are immune.
> Especially if you are known to have access to any valuable intellectual
> property!
>
> Chrome UI is an acquired taste, personally I find Firefox Chrome and Opera
> all comparable in speed, Chrome and Opera are the speed freaks in most
> tests.  Safari is also very fast but tends to have more security issues than
> the others.
>
> >From what I have gathered, as details are deliberately a bit vague the
> "China attacks" worked like this:
>
> -They tried to hack into Gmail/Yahoo/Hotmaill accounts of known china
> activists and supporters.  Gmail has now changed its default to https to
> make this harder - others are expected to follow.
>
> -Last year there were targeted emails sent to certain staff in the Dalai
> Lama's office, looking to be from someone the person knew with links to an
> innocuous web site, or attached photos/PDFs which had a malware dropper in
> it.   Once loaded on the target PC, the Trojan started monitoring all email
> traffic and logins, and turned on web cams and microphones to monitor what
> was happening in the office around the PC, ie conversations nearby were also
> being monitored.
>
> Once security specialists were called in, they found also a significant
> number of Asian embassies of various countries also had similar spyware
> installed - it was described as the most sophisticated and comprehensive
> spyware ever seen
>
> The traffic looked to being sent to a site in China and Taiwan physically
> close to the Chinese governments electronic monitoring site, however no-one
> was sure of this as it could in theory have been going anywhere.
>
> -The Google and Adobe attacks this year look to be similar - There were
> targeted emails sent to staff deduced to have privileged access on networks
> eg to source repositories.  The emails apparently looked innocuous and from
> parties known to the receiver (this is the targeted part - the senders had
> done careful research).   Once installed the malware started downloading the
> source it could locate to web sites that Google identified as being Chinese.
> Google say up to 30 firms in California were targeted.  The fact that they
> had publicly identified China as the offender implies they have done some
> thorough tracking of the destination of stolen data.
>
> This exploit is mainly in IE, and may also involve a PDF exploit as well.
> By all accounts Microsoft have conceded there is a problem in IE6 and do not
> yet have a fix, and it is not certain it can be fixed.  Turning the security
> zone settings to High makes it less likely but is still not an absolute
> preventative.  All versions of IE have this vulnerability.
>
> There was a similar serious problem with https in 2009 where a rogue web
> site could impersonate a legitimate site using a specially crafted digital
> certificate that had a binary null between the name of the impersonated site
> and the false site name - this allowed the certificate to be verified but
> the impersonated name would be shown, not the true impersonating domain.
> This meant that a man-in-the-middle attack for https traffic to in
> particular bank web sites became possible with no warning in the browser as
> the certificate looked to be verified  (it was but for the malware domain).
> This vulnerability was fixed quite fast, but interestingly on Windows it
> affected IE, Chrome, Opera and Safari as they all used a Microsoft component
> to verify digital certificates - Firefox was the only browser immune in this
> case as it used its own component.
>
> Personally I prefer Firefox as its fast enough (close to if not fastest),
> best bookmarks search, and fastest consistently to fix security holes.
> However security is a constantly moving target and all software has its
> vulnerabilities.
>
> John
>
> From: "Jeremy North" <jeremy.north at gmail.com>
> To: "NZ Borland Developers Group - Delphi List" <delphi at delphi.org.nz>
> Sent: Wednesday, January 20, 2010 10:28 AM
> Subject: Re: [DUG] Offtopic - but....
>
>
> I'm sorry but I disagree. If all of those tabs are loaded then it
> shouldn't be using any CPU, or a very small amount.
>
> Firefox has security issues, just like IE.
>
> I use both but prefer IE, it handles flash a lot better than Firefox.
>
> Couldn't get into Chrome.
>
> I installed Firefox on the mac but it just seems out of place so
> generally use Safari - even though it is a pain to use. I don't browse
> often on the mac.
>
> On Tue, Jan 19, 2010 at 6:13 PM, John Bird <johnkbird at paradise.net.nz>
> wrote:
>> My Firefox (3.7) is using 12-13%cpu and 400MB with 88 tabs open at the
>> moment. Thats not too bad...
>>
>> John
>>
>> From: Sean Cross
>>
>> To: NZ Borland Developers Group - Delphi List
>> Sent: Tuesday, January 19, 2010 4:50 PM
>> Subject: Re: [DUG] Offtopic - but....
>>
>> Ram? I find processor usage is the problem. It can suck up 30% of my
>> processor for no apparent reason when it's just sitting in the background!
>>
>>
>>
>> Regards
>>
>>
>>
>> Sean Cross
>> CIO
>>
>>
>>
>> Catalyst Risk Management
>> PO Box 230
>> Napier 4140
>> DDI: 06-8340362
>> Mobile: 021270 3466
>>
>>
>>
>> Visit us at http://www.catalystrisk.co.nz
>>
>>
>>
>> Offices in Auckland, Hamilton, Napier, Wellington, Christchurch & Dunedin
>>
>>
>>
>> Disclaimer:
>> "The information contained in this document is confidential to the
>> addressee(s) and may be legally privileged. Any view or opinions expressed
>> are those of the author and may not be those of Catalyst Risk Management.
>> No
>> guarantee or representation is made that this communication is free of
>> errors, viruses or interference. If you have received this e-mail message
>> in
>> error please delete it and notify me. Thank you."
>>
>>
>>
>>
>>
>> From: delphi-bounces at delphi.org.nz [mailto:delphi-bounces at delphi.org.nz]
>> On
>> Behalf Of Jeremy Coulter
>> Sent: Tuesday, 19 January 2010 12:03 p.m.
>> To: NZ Borland Developers Group - Delphi List
>> Subject: [DUG] Offtopic - but....
>>
>>
>>
>> I know thi sis offtopic, but does anyone know WHY FireFox consumse SO MUCH
>> RAM ??
>> I have 8 tabs open and its usign over 400MB !! Its complete madness ! I
>> have started going off Firefox lately. On ym Vista 64bit install at home,
>> I
>> cant do an F5 to refresh, I have to do a CTRL+F5 ..... grrr
>>
>>
>> Jeremy
>>
>> ________________________________
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>> ________________________________
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>> _______________________________________________
>> NZ Borland Developers Group - Delphi mailing list
>> Post: delphi at delphi.org.nz
>> Admin: http://delphi.org.nz/mailman/listinfo/delphi
>> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
>> unsubscribe
>>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject:
> unsubscribe
>
>
> _______________________________________________
> NZ Borland Developers Group - Delphi mailing list
> Post: delphi at delphi.org.nz
> Admin: http://delphi.org.nz/mailman/listinfo/delphi
> Unsubscribe: send an email to delphi-request at delphi.org.nz with Subject: unsubscribe
>

More information about the Delphi mailing list