Internet & Cyber Crime

Ways Cyber Criminals Use Your Own Bad Habits Against You

2011-08-11T19:38:00.000+05:30

We all make seemly innocent mistakes every single day when it comes to protecting our identity, our personal information, and our finances, without even realizing it. This is the number one reason that many colleges and universities are offering things like a cyber security degree. Prevention is far easier than trying to reclaim or recoup your losses after you’ve been a victim of internet fraud so maybe it’s time to evaluate how many bad habitsyou’re guilty of.

Writing down your password.

I am always shocked at how many people keep a “passwords” file right on their computer desktop or written on a sheet of paper tucked under their keyboard or in their wallet. There are a few obvious places that people hide this important information and believe me when I say that thieves are well aware of what they are.

The Fix- With the necessity of so many passwords for so many things in our daily life, it is definitely possible to lose track of them, and thieves count on this fact. If you absolutely have to write down passwords, use a little creativity. Add them to your address book under a relatives name with your password disguised as the phone number, fax or email address.

Using the same password for everything.

Though you may think of it as necessary or convenient, using the same password for everything leaves you incredibly vulnerable. Once a scammer cracks one password, they suddenly have access to every other site you’ve used it for. Think about that for a second. Scary, isn’t it?

The Fix- Again, because so many passwords are required these days, it does seem easier to remember a universal one. If you truly have a difficult time remembering multiple passwords, consider creating several different versions of your preferred code rather than just one. Keep them close enough to the original to remember, but individual enough to not be obvious.

Believing what’s too good to be true.

If you’re a gullible person, you are a prime target for thieves. Whether it’s the old scam of a bazillion dollars that you have to help them claim from a foreign country in order to get a big chunk of it yourself, or the always popular buying or selling of online items that don’t really exist or will never arrive. These two alone put millions of dollars in the wallets of internet scammers every single year.

The Fix- You only need to keep one simple rule in mind. If this “amazing opportunity” requires you to send money in order for it to happen, RUN. There’s a reason it seems too good to be true. IT IS! The elderly are particularly vulnerable to both phone or internet scams so make sure your older loved ones are informed and aware of the risks

You don’t have to change much to keep yourself safer online. The very best way is to recognize your bad habits and then change them!

An unofficial guide to Lulz security.

2011-07-24T15:33:00.002+05:30

You might have heard something about Lulz security group, “A bunch of computer security experts who recently penetrate web portal of many commercial giants like Sony,Fox etc” and Even CIA’s official pages too.
Here is short bio of Lulz Security
Lulz Security, commonly abbreviated as LulzSec, is a computer hacker group that claims responsibility for several high profile attacks, including the compromise of user accounts from Sony Pictures in 2011. The group also claimed responsibility for taking the CIA website offline.^[1] The group has been described as a "cyber terrorism group" by the Arizona Department of Public Safety after their systems were compromised and information leaked.^[2] Other security professionals have applauded LulzSec for drawing attention to insecure systems and the dangers of password reuse. It has gained attention due to its high profile targets and the sarcastic messages it has posted in the aftermath of its attacks.
At just after midnight (BST) on 26 June 2011, LulzSec released a "50 days of lulz" statement, which they claimed to be their final release, confirming that LulzSec consisted of six members, and that their website is to be taken down.^[3] This breaking up of the group was unexpected.^[4] The release included accounts and passwords from many different sources. Despite claims of retirement, the group committed another hack against newspapers owned by News Corporation on 18 July, defacing them with false reports regarding the death of Rupert Murdoch.
From Wikipedia ( http://en.wikipedia.org/wiki/LulzSec)
Members of Lulz Security Group

Sabu
Topiary
Kayla
T-Flow
Avunit
Pwnsauce
M_neva
Joepie91
Neueon
Ryan Cleary
Levitr0n

And Here is a detail press release about their all recent work
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something
meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and
brutal ocean: the Internet. The hate machine, the love machine, the machine powered
by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we've been disrupting and exposing corporations, governments,
often the general population itself, and quite possibly everything in between, just
because we could. All to selflessly entertain others - vanity, fame, recognition,
all of these things are shadowed by our desire for that which we all love. The raw,
uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave,
even the seemingly lifeless politicians and emotionless, middle-aged self-titled
failures. You are not failures. You have not blown away. You can get what you want
and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to
this identity permanently. Behind this jolly visage of rainbows and top hats, we are
people. People with a preference for music, a preference for food; we have varying
taste in clothes and television, we are just like you. Even Hitler and Osama Bin
Laden had these unique variations and style, and isn't that interesting to know? The
mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the
AntiSec movement. We believe in it so strongly that we brought it back, much to the
dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the
movement manifests itself into a revolution that can continue on without us. The
support we've gathered for it in such a short space of time is truly overwhelming,
and not to mention humbling. Please don't stop. Together, united, we can stomp down
our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise
has expired, and we must now sail into the distance, leaving behind - we hope -
inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment,
thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic
impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we
head for the horizon.
Let it flow...
Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of
our battlefleet members and supporters across the globe
----------
Included in this release:
    AOL internal data.txt
    AT&T internal data.rar
    Battlefield Heroes Beta (550k users).csv
    FBI being silly.txt
    Hackforums.net (200k users).sql
    Nato-bookshop.org (12k users).csv
    Office networks of corporations.txt
    Private Investigator Emails.txt
    Random gaming forums (50k users).txt
    Silly routers.txt
    navy.mil owned.png
Note: In "AT&T internal data.rar", do not open "BootableUSB/Program
Files/WinRar/WinRar v3.71.exe", as it is malware (due to AT&T using a pirated copy
of WinRar).

Sony once again faced a hacking attack.

2011-05-24T18:47:00.000+05:30

It seems that Sony corporation is going through a very rough patch as there are several cyber attacks has been done on various online businesses that Sony operates.Right after Online gaming website and PlayStation databases hacked .Online Portal on Sony Music Japan and Sony BMG Greece hacked.

For Hacking Sony Japans Portal and Greece portal popular SQL injection techniques are used and snapshots of both databases are posted online which contained information like Username,Passwords etc.

These constant penetrations by hacker are forcing various organisations to pay attention to their online security.

to read detailed breakthrough on this attacks visit "The Hacker News" Website as they are first post these news online.

Read Full Attack Report.

Facebook Unlike button scam spreading virally.

2011-05-21T18:27:00.000+05:30

Don't be too quick to click on links claiming to "Enable Dislike Button" on Facebook, as a fast-spreading scam has caused problems for social networking users this weekend.

Messages claiming to offer the opposite to a like button have been appearing on many Facebook users' walls:

Facebook now has a dislike button! Click 'Enable Dislike Button' to turn on the new feature!

Read Full Story Here [http://nakedsecurity.sophos.com/2011/05/16/facebook-dislike-button-spreads-fast-but-is-a-fake-watch-out/

]

From Naked Security

Useful video's related to internet security.

2011-05-21T18:25:00.000+05:30

Here is a short compilation video's which gives the detailed information about Security,Counter Majors and more.

99 Percent Of Android Devices Are Vulnerable To Password Theft

2011-05-21T17:40:00.000+05:30

Researchers at Germany’s University of Ulm have made some unsettling discoveries about the security of the Android platform. According to an article from The Register, the research group located a vulnerability that allows hackers to collect and use the digital tokens saved on a phone after a user inputs credentials for a password-protected service.

The problem seems to be linked to an authentication protocol called ClientLogin, which is present in version of Android 2.3.3 and earlier (aka most Android phones). After a user inputs credentials for services like Twitter, Facebook, or Google Calendar (to name a few), the programming interface retrieves an authentication token, which is sent in cleartext. “Because the authToken can be used for up to 14 days in any subsequent requests on the service, attackers can exploit them to gain unauthorized access to accounts,” claimed the article, quoting University of Ulm researchers.

Read Full Story Here [http://www.mobilecrunch.com/2011/05/17/99-percent-of-android-devices-are-vulnerable-to-password-theft/]

CCAvenue.com Payment Gateway Hacked

2011-05-15T21:07:00.003+05:30

CCAvenue.com, South Asia’s biggest Payment Gateway was attacked by ahacker (who used a call sign name of d3hydr8) using a very silly vulnerability SQLInjection.

As per Hacker Regiment, dehydr8 reported the issue to them and they have published the complete database structure as well as a sample records (thank’s for hiding the password field).

A bad thing to notice is that CCAvenue stored passwords in plain text in their database.

Now the question is, will CCAvenue be booked under new rules of IT act which saysThe intermediary shall take all measures to secure its computer resource and integrity of information received, stored, transmitted or hosted shall be ensured.

Source: http://www.mit.gov.in/sites/upload_files/dit/files/due_dilligance4intermediary07_02_11.pdf

Hours spent on twitter a new scam.

2011-05-09T21:43:00.000+05:30

Recently we've talk about various online scams,and now for this time spammers move towards twitter,Yes the famous micro blogging site is facing a scam which rapidly growing more and more people are getting trapped by spammers.
As like other earlier online scams this one does the same ,One fine day you got a tweet or status update from your friend like this

I have spent: 23.8 hours on Twitter! See how much you have

Followed by a link It pretend that it has been created to show your spend hours on twitter,After clicking on the link you'll redirected to a rough twitter application which ask your permission to post some messages and as you grant the access it'll post the same message from your twitter account and the application will start showing a processing window which tells that your result is being calculated and then it ask you for your email address to send you the result.Remember never give your email address to this kind of rough application. They might even send your some trojan or malware.

So now and in future don't click on such links they are spams .

We've earlier talk about this kind of scams and how to stay protected from them you can read them here.

Top cyber attacks of this week.

2011-05-06T19:07:00.002+05:30

1.Pre-teens at risk after X Factor hackers steal private data from wannabe contestants.

Read It here:http://netncrime.blogspot.com/2011/05/hackers-steal-simon-cowells-x-factor.html

2.Sony admits breach larger than originally thought, 24.5 million SOE users also affected.

Rad it here :http://netncrime.blogspot.com/2011/05/sony-online-entertainment-portal.html

3.LastPass forces users to change master password after network traffic oddity.

Read it here:http://netncrime.blogspot.com/2011/05/lastpass-advised-to-change-its-master.html

4.Osama bin Laden death video scam spreads virally on Facebook.

Hackers Steal Simon Cowell’s X-Factor Details.

2011-05-06T18:32:00.000+05:30

Cyber criminals have been on stealing spree of late. Not long after the the theft of more than 100 million user account details from Sony, Fox has confirmed that hackers also breached fox.com and obtained a file of details on 73,000 people who requested information about the X-Factor auditions.
The Fox TV show. which is an Americanized version of a British talent program. begins filming today. The winner of the show gets a $5 million recording contract with Cowell’s Syco music label and Sony Music.

Read Full Story Here: [http://blogs.forbes.com/parmyolson/2011/05/06/hackers-steal-simon-cowells-x-factor-details/]

Courtesy :Forbes

Lastpass advised to change its master password.

2011-05-04T19:31:00.000+05:30

A famous tool used to store multiple passwords in encrypted forms Lastpass advices it's all user to change their master password.after detecting an unauthorized transmission of data in their servers.After unsuccessful attempt to find the source of data Lastpass engineers are released a statement which forced all user to change their master password to stay protected.
Lastpass is widely used because the great functionality which allow user to store their all password which can simply be access by one master password.

Authorized Statement from the Lastpass blog

May 4, 2011
Laspass Security Notification

We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.

We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.

In this case, we couldn't find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can't account for this anomaly either, we're going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it's big enough to have transfered people's email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn't remotely enough to have pulled many users encrypted data blobs.

If you have a strong, non-dictionary based password or pass phrase, this shouldn't impact you - the potential threat here is brute forcing your master password using dictionary words, then going to LastPass with that password to get your data. Unfortunately not everyone picks a master password that's immune to brute forcing.

To counter that potential threat, we're going to force everyone to change their master passwords. Additionally, we're going to want an indication that you're you, by either ensuring that you're coming from an IP block you've used before or by validating your email address. The reason is that if an attacker had your master password through a brute force method, LastPass still wouldn't give access to this theoretical attacker because they wouldn't have access to your email account or your IP.

We realize this may be an overreaction and we apologize for the disruption this will cause, but we'd rather be paranoid and slightly inconvenience you than to be even more sorry later.

We're also taking this as an opportunity to roll out something we've been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We'll be rolling out a second implementation of it with the client too. In more basic terms, this further mitigates the risk if we ever see something suspicious like this in the future. As we continue to grow we'll continue to find ways to reduce how large a target we are.

For those of you who are curious: we don't have very much data indicating what potentially happened and what attack vector could have been used and are continuing to investigate it. We had our asterisk phone server more open to UDP than it needed to be which was an issue our auditing found but we couldn't find any indications on the box itself of tampering, the database didn't show any changes escalating anyone to premium or administrators, and none of the log files give us much to go on.

We don't have a lot that indicates an issue occurred but it's prudent to assume where there's smoke there could be fire. We're rebuilding the boxes in question and have shut down and moved services from them in the meantime. The source code running the website and plugins has been verified against our source code repositories, and we have further determined from offline snapshots and cryptographic hashes in the repository that there was no tampering with the repository itself.

Again, we apologize for the inconvenience caused and will continue to take every precaution in protecting user data.

The LastPass Team.

If you need any tips to choose good password you can refer our post..
http://netncrime.blogspot.com/p/prevention.html

Sony Online Entertainment portal breached.

2011-05-03T21:18:00.000+05:30

Yesterday a famous globals organisation's entertainment website victim a major security breach ,resulting in a huge loss and disclosure of The 24.6 million accounts consisted of:,
Names
Addresses
E-mail addresses
Birthdays
Gender
Phone numbers
Login names
Hashed passwords
This kind of attacked are already take place in past months and usually known as identity theft.Sony has made an offer that they are going to give PlayStation Network and Qriocity free stuff for all affected customer.But Surely this doesn't necessary at all at this stag,all major corporation should need to pay attention on their security issues more seriously.

Must have security add ons for firefox.

2011-05-01T22:16:00.000+05:30

With launch of Mozilla Firefox 4.0 the battle between browsers is again getting high,If you're one of those people who love Firefox.Then this post is for you.A nice and short look up of Firefox privacy and security add ons which makes your browsing experience more delightful.

1.LastPass Password Manager
LastPass is a free online password manager and Form Filler that makes your web browsing easier and more secure. Also for IE, Safari and Chrome. Your sensitive data is encrypted _locally_ before upload so even LastPass cannot get access to it.

2.Web of Trust - Safe Browsing Tool
Would you like to know which websites you can trust? The Web of Trust (WOT) add-on is a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.

3.Adblock Plus

Annoyed by adverts? Troubled by tracking? Bothered by banners? Install Adblock Plus now to regain control of the internet and change the way that you view the web.
A short video overview is available at http://www.youtube.com/watch?v=oNvb2SjVjjI

4.Bitdefender-Quickscan:
The quickest way to find out if your computer is infected!
BitDefender QuickScan is a very fast antivirus scanner, able to determine in a matter of seconds if a system is infected with malware.

5.Ghostery
Protect your privacy. See who's tracking your web browsing and block them with Ghostery.

Firefox updated version 4.0.1 launched.

2011-05-01T13:56:00.000+05:30

After releasing 4.0 version of the firefox,mozilla come up with new updated and more secured version of firefox called 4.0.1 with almost 50+ bugs fixed.
You can grab the latest version from mozilla's official home page here :http://www.mozilla.com/en-US/firefox/new/

New malware attack :My naked pics are attached.

2011-04-14T15:36:00.001+05:30

A new malware attack spreading widely where users received an email with following text

I love wild sex and looking for a discreet partner.
I have my picture attached to this email.
Take a look at it and get back if you like what you see.

With the subject as "My naked pic is attached." and attachment "picture.zip" when any one opens this email in excitement.Rather than seeing any photos of a naked lady users system get affected by a fake and rough security tools which try to belive you that you are comuters is infected with a virus and you need to purchased some security tool in order to remove that virus and ask for your credit card information.

As we are already talked about this kinds of attacks and people are also aware about this kind of rough security tools still their is possibility of some one might get affected so please be safe.

Wordpress.com hacked.

2011-04-14T15:22:00.000+05:30

A popular free blogging platform wordpress.com has been hacked.This incidents revealed lot's of important information on wordpress servers like source codes.This incident was affect the blog hosted on wordpress.com site only all the websites self hosted using wordpress software available on wordpress.org are not affected by this security breach.

A formal statement about this is incident by Automattic's(Companu Behind the wordpress) Matt Mullenweg
"We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited."

Read full statement here: http://en.blog.wordpress.com/2011/04/13/security/

While wordress security experts are busy in finding and fixing the security loop holes,All the users of wordpress.com are advised to change their login information like password to prevent further missuse of their accounts.Even though in this attack wordpress.com statement tells that their servers are affected by a low level attacks and some people gain access to their servers and all the information on servers is compromised although wordpress is not thinks that the passwords of users are revealed but still changing your existing password and choose a safe one is always better practice.

Top cyber attacks of this week.

2011-04-10T21:17:00.000+05:30

1.Massive email breach explore the customer data from major retailers.

Read about it

2.Japans fake tsunami charity scams

Read about it

3.IEEE member's database hacked.

Read about it:

4.Hackers hijack top Russian football club's website

5.Linda Smith / Jason Lee Facebook virus hoax spreads.

How to keep your email address safe.

2011-04-05T11:05:00.000+05:30

Tips to keep your email address safe.

Recently major global retailers victim a major data breach which exposed millions of customers information like email address and names.Now millions of email address are in hand of unsecured third party.If you are one of them please read following tips to stay safe and protected.

1.Don't share your personal information over email at any cost.

2.Please visit your merchant website and changed your account password for safety.

3.Check you banking and credit card statements.

4.Don't giveaway your personal information like banking password even if your email pretend to be came from your bank.

5.In case if you get trapped by criminal urgently call to your bank and report your phishing crime here:http://www.antiphishing.org/report_phishing.html

Massive email breach exposes data from major retailers.

2011-04-05T10:47:00.001+05:30

A massive email breach leaked data of Citibank and other leading retailers customers after a hacker penetrated a online marketer Epsilon.Emails and name of all those people who have signed up for victims website are on the risk

The affected organisations are:

City Bank
Target
Best Buy
Walgreen’s
Capital One
TiVo
JP Morgan Chase & Co.
Kroger
US Bank
Citi
McKinsey & Company
Ritz-Carlton Rewards
Marriott Rewards
New York & Company
Brookstone
The College Board
Home Shopping Network (HSN)
LL Bean
Disney Destinations
Barclays Bank of Delaware

Online marketer Epsilon has informed all it's users and customers that an illegal attempt is occurred at epsilon and user's private information including their email and names is on a risk company also stated that only emails and name are exposed and no other private information of any user is on a risk.

Epsilon takes all the law enforcement actions against this breach and assures that no credit card or other financial information is compromised.

The simple tip:If your information is compromised and you are amongst the victim of this data breach don't share your sensitives information over email.

Facebook privacy settings to stay protected.Part-2

2011-04-03T17:24:00.001+05:30

Continued from previous post

After discussing about some basics of Facebook privacy here are some another features of Facebook privacy settings

1.Block Lists :Edit your lists of blocked people and apps.

By using this facility you can block particular person or an application to access your data.You can also block some email address from which you don't want any applications invites.So next time you don't get any unwanted app requests.Along with these Facebook has also provide a feature by which you can restrict specific people to send you some event request or invites.

2.Control What you share

By using this features users can control on data they are sharing.We can select people with whom we want to share our data.For normal user recommended settings are good.But you can customized this settings by clicking on custom button.

Facebook privacy settings to stay protected.Part-1

2011-03-31T21:01:00.001+05:30

Facebook team has done a great job by providing a privacy setting.A place where you can configure all of your privacy setting from who will views your information to block the apps and people you don't want to give access.Facebook has allow you to set the permissions for your profile visitor and you can decided who can view your profile information in very easy way you can simply choose various available options

1. Sharing on Facebook.
Facebook has provided three access levels for you contents.
1.Everyone
2.Friends of Friends
3.Friends only
So you can easily assign privacy settings.Facebook alsohave a recommened mode for normal users who don't want to mess up more facebook automatcicaly assign permissions to your personal information according to its importance.If you want go to into deep you have a custom option where you can select privacy levels as you want.

2.Apps and Website
This feature allows you to select the apps with which you want to share your personal data..On Facebook, your name, profile picture, gender and networks are visible to everyone . Also, by default, apps have access to your friends list and any information you choose to share with everyone.You can change what you share with apps using these settings

3.Block Lists and 4.Controlling How You Share Coming soon..

You can read more about Facebook privacy and scams here.

IEEE member database hacked

2011-03-31T09:44:00.000+05:30

Over 800 members’ credit card details exposed

A hacker stole the credit card details of over 800 members of the IEEE (Institute of Electrical and Electronics Engineers) last December, according to its law firm.

A team of IEEE-appointed forensic investigators “concluded that a file containing customer credit card information had been deleted on or about November 17, 2010”, the institute's law firm told the Attorney General of New Hampshire in February [pdf].

The forensic team believed that 828 members’ credit card numbers, associated names, expiration dates and security numbers may have been accessed.

It discovered “certain vulnerabilities in the system”, but the IEEE had no proof that the exposed credit cards had been used to make fraudulant transactions, according to the letter.

But credit card details may not be what the hackers were after. The institute has many of the world's top engineers as its members, and is responsible for the 802.11 wireless networking standard.

Kaspersky Lab’s Threat Post blogger Paul Roberts, who broke the story, speculated that IEEE’s members could become “the targets of sophisticated phishing and social engineering attacks using stolen data.”

He added that holding such details ran against Payment Card Industry Data Security Standard (PCI DSS).

The IEEE's lawyers said the institute had alerted the FBI to the breach.

Courtesy - iTnews

Top cyber attacks of this week.

2011-03-30T10:27:00.001+05:30

It seems that this week was real hard for online world.Various organisations reported security breaches including bank of america and MySQL.This is list of top 5 cyber attacks of this weeks.

1.Recording Industry Association of America (RIAA) website get attacked by antonymous hacktivist

2.Bank of America security breach of $100,000

3.MySQL and Sun hacked by SQL injection attacks.

4.UK's utility company trapped in identity theft attacks.

5.Cyber Attack Hits European Commission.

Official Google Blog: Fighting fraud online: taking "Google Money" scammers to court

2011-03-25T10:39:00.000+05:30

Official Google Blog: Fighting fraud online: taking "Google Money" scammers to court

Firefox 4.0 Launched.

2011-03-24T10:03:00.001+05:30

There is a update in browser world a popular browser Mozilla just launched with it’s 4.0 version .Firefox one of the widely used browser in the world has now concentrated in security and lot’s of other new features

Let’s have a look on some features of firefox.

Security Features in new version of mozilla firefox 4.0

Instant Web Site ID: Gives users an icon to verify a sites' legitimacy.

Content Security Policy: Designed to shut down cross-site scripting attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate.

Secure Updates: Looks for a secure connection before Firefox installs or updates add-ons and third-party software.

Anti-Malware: Warns you away from a site which it detects as hosting malicious content.

Do Not Track: Allows you to transmit a “Do Not Track HTTP” header to websites, opting you out of behavioral tracking.

Click here to download Mozilla 4.0 http://www.mozilla.com/en-US/firefox/RC/