[perfume]

I opened the FF3 browser just now and was surprised to find a heading"Geotool" with a Google map showing Google's own location ( town, state and country),IP address, etc! Then KIS2009 displayed an intrusion attack on my pc, with the Ip address. When i copied the IP address, i found it was from China! Took a snap. Kindly view it. Looks like we are small insects clearly visible in the web spun by Dr.Who, and i dread to imagine what's will be our future on the net in another one or two decades from now on!

[lotuseclat79]

Hi perfume,

Did you use Firefox 3.5 Release Candidate 2?

I would report the intrusion by clicking on the Send Feedback link in the Tab bar.

It appears that KIS2009 did its job, but you ask an enduring question. Never stop asking it!

I would not hesitate to disable the feature until Mozilla comes up with a more secure variant of the feature - i.e. if it is possible to disable the feature as I assume it is a built-in feature.

-- Tom

[Elvandil]

Is that a rhetorical question?

If not, I guess we'd need first to define what it is that the threat really is. Certainly, it is probably no more dangerous than leaving a door unlocked while you watch TV. A murderer could walk in, but you suspect that the odds are against it.

Generally speaking, I think people may be a bit too paranoid about the web at times and not enough at others. It seems the people who are most worried about "intrusions" from people looking for private data are the same ones that give out their credit card numbers readily to anyone that asks.

I don't worry about security so long as no one on the web could get any information about me that is not also available by going through my trash. The trouble with locking everyone out is that you also lock yourself in. If you treat a stranger on the net the same way you would a stranger on the street, then you should have few problems. But people tend to trust unseen web entities more than real people that they don't know, for some very strange reason.

[perfume]

Dear lotuseclat79,
I have FF3.0.10.

I have reported the intrusion attack to Mozilla. Mozilla and Google seem to be tight buddies. I have the following add-ons-1)NoScript,2)Better Privacy,3)Adblock Plus,4) Interclue,5)Ghostery,6)WOT,7)TamperData, 8)TACO and 9) FlagFox for security and privacy.

The one problem with Ghostery is it will tell you who and how many trackers there are, but does not remove them!

[perfume]

In the attached thumbnail above, at the bottom right corner, you can see a red guy with eyes saying 3 trackers.

[lotuseclat79]

Quote:

Originally Posted by perfume

Dear lotuseclat79,
I have FF3.0.10.

I have reported the intrusion attack to Mozilla. Mozilla and Google seem to be tight buddies. I have the following add-ons-1)NoScript,2)Better Privacy,3)Adblock Plus,4) Interclue,5)Ghostery,6)WOT,7)TamperData, 8)TACO and 9) FlagFox for security and privacy.

The one problem with Ghostery is it will tell you who and how many trackers there are, but does not remove them!

Hi perfume,

You should upgrade FF to version 3.0.11 - its been out now for a couple of weeks If I recall properly.

Yeah, Ghostery only tells you who the trackers are - which is informative. I tried it, but also got rid of it just because of the annoyance factor.

The only way to insure security and privacy is to pay for it. The best advice I can give at this time is to encrypt all of your outbound traffic with a client that uses a VPN. Tor is the poor man's alternative which should be used with controller software - I have used Tork, but there is Vidalia. But, Tor is vulnerable at the exit node. A good thing about using a Tor controller like Tork is that you can change your identity - i.e. switch whom carries your Tor traffic. The best deal for the $$ I have found is Xerobank's ShadowVPN.com service at $10/month. Xerobank has the real privacy and security solution goods and are working on a cryptrouter (hardware) you just plug in between your ISP's router and your computer. You can see their beta test device at JanusPA.com or JanusVM.com and pick one up for $150/US. They say they are working on some deal to give it away to the Tor community. Read the Xerobank.com Forum for information. On Aug 1st this year, they will release a DeAnonymizer software that they claim will blow the doors off other claimed solutions - e.g. proxies, etc. Can't wait to give that puppy a spin!

-- Tom

[lunarlander]

Hi Perfume,

Did Kapersky say what kind of attack it was ?

[perfume]

Dear lotuseclat79,
Sorry,i got the FF3 version wrong.It is 3.0.11 i have. I am really happy to tell you that i have used TOR+VIDALIA+PRIVOXY bundle to excellent advantage. The ONLY downside is the Internet speed reduces significantly. In fact i was offering a gentleman in "this" forum that i was willing to help him to avoid hacking using TOR! It's a fantastic piece of free software created by volunteers and kudos to them!

I used to check whether my IP address was masked or not by going to ipchicken.com. I have recently bought a pc with 1TB internal HD and other configurations to suit my needs and in the process did not re-install TOR.

Dear Elvandil,
With due apologies,no one in his right mind is gonna venture into ghettos in the nights, because he knows that the odds of getting attacked by a mob for money or worse are stacked very high!

Paris,the city of fashion and chic has it's share of pickpockets and even Parisiens are wary in crowded places. These are real life situations. On the net,suppose we visit a site which has become a botnet, we are vulnerable to getting the "botnet swine flu". I vividly remember that only the American Express website was rated as the safest and Google website was rated low in terms of security. That's why we install WOT or McAfee site Adviser as a guide(not totally reliable) to venture into a website. How many people frequenting the net know that opening e-mail attachments is highly risky, especially from people they don't know?. Three years back i received a parcel containing a CD totally sealed, from ....country. When i inserted it ,boom went my pc. I knew nothing about backups,scanning the CD for viruses, a good A-V etc at that point of time. I've learnt a lot here. On the net nobody knows nobody, hence the scare! Sorry for the long post!

Dear lunarlander,
The message KIS2009 gives is " This is an intrusion attack and the IP address is probably spoofed. KIS has successfully repelled the attack". Before i could note down the IP address the message used to turn off.Yesterday, the message stayed long enough and as mentioned on top of the webpage there was this"GEOTOOL" with a search bar at the bottom to facilitate jotting the IP address and it originated from China.

[lotuseclat79]

Hi perfume,

Here is a new video from Mozilla on the new about to be released Firefox 3.5 features
What's New in Firefox 3.5 - new video from Mozilla. It sounds like there is something similar to what you experienced with Geotool that is going to be a built-in feature.

I use FF 3.0.11 and do not find evidence of GeoTool, but, of course, I am using the Linux version which may have a different setup from the Win version you are using.

It appears that Geotool is invoked when the FF add-on FlagFox 3.2.7 is present which I do not use, but apparently you have, eh?

I wonder if your FlagFox preference settings are broadcasting your presence to other FF users with it installed, and that is how it works - i.e. you would have to respond or approve to the request such that the China experience would get a reply - if I am not mistaken in how it works.

-- Tom

[Cookiegal]

Also, KIS logs all intrusion alerts so you should be able to consult the log to see more details of the attack.

[perfume]

Dear cookiegal, will get back asap,after checking the logs. Dear lotuseclat79, You are right. I have completely uninstalled FF,using Revo and re-installed without Flagfox.Will let you know how things go. Also have installed the TOR bundle.

[perfume]

The TOR bundle has stiched the responses together.sorry for that.

[d4rkn1ght]

I'll say that since the net is huge, we're pretty secure.

Tracking someone down in this age of satellites is now an easy business, but as long as the chip implants don't start coming, I still feel safe enough.

Even though good black-hat hackers are not common enough so that everyone should feel as if they are under potential attack, the real threat comes from script kiddies, which hunt the net looking for potential victims which they can expose their art to. You probably underwent an intrusion attempt by a script kiddie. Nothing to worry about there. As long as your firewall is intact, it'll take CIA to intrude on your privacy.

Best Regards

[perfume]

Then why a hardware Firewall ,i wonder?

[lunarlander]

Quote:

Originally Posted by perfume

Then why a hardware Firewall ,i wonder?

A second hardware firewall is then 'Defence in Depth'.

Did you take a look in KIS's logs to see what kind of attack it was ?