View RSS, RDF and ATOM feeds inside IE

I found a free application that will allow Internet Explorer users to view RSS, RDF and ATOM feeds.  It is Chrysanth NETime Channel.  I gave it a try (Internet Explorer 6 in XP SP2).  See screenshot:


Before (Click image for larger view):



After (Click image for larger view):



After installating this free application, it adds BHO, Toolbar, an entry in HOSTS file, Browser Menu Extension and User’s System Startup:


Alert is shown by SpywareGuard for installation of BHO.  Logged by SpywareGuard:


NEW BHO DETECTION ALERT
On 05:12:48 02/27/2005 a new BHO installation attempt was detected.
BHO: {9323C176-6AA5-4902-B0B9-4D37AA8DFB9A}
ProgramID: n/a
File Location: D:WINDOWSsystem32CSNETimeChannelLibrary.dll
User Action Taken: KEEP BHO


Alert is shown by Spybot Search & Destroy for installation of Toolbar, BHO, Browser Menu extension and Startup.  Logged by Spybot Search and Destroy:


2/27/2005 5:12:59 AM Allowed value “Chrysanth NETime Channel News Reader Server” (new data: “D:Program FilesChrysanthNETimeNETime ChannelCSNCNewsFeedServer.exe”) added in System Startup user entry!
2/27/2005 5:13:00 AM Allowed value “{C6C04637-E680-4971-B656-9FF46E7785F7}” (new data: “”) added in Global browser toolbar!
2/27/2005 5:13:00 AM Allowed value “{9323C176-6AA5-4902-B0B9-4D37AA8DFB9A}” (new data: “”) added in Browser Helper Object!
2/27/2005 5:13:01 AM Allowed value “Monitor this RSS News Feed” (new data: “”) added in Browser menu extension!


Microsoft AntiSpyware alerted me for installation of BHO, Toolbar and addition in the HOSTS file.  WinPatrol alerted me on changes in the HOSTS file and installation of BHO.  The added entry in the HOSTS file is 127.0.0.1 feedreader.netimechannel.com

Opera Tackles Phishing: Second Beta of the Opera Browser Available Today

Opera Software ASA today released the second Beta version of its next browser, which includes an answer to the recent security debate over Web site spoofing (see – Multiple Browsers IDN Spoofing Security Issue). In this Beta, the browser displays security information inside the address bar, located next to the padlock icon that indicates the level of security present on a site.


The small, yellow security bar appears on secure sites and displays the name of the organization that owns the certificate. By clicking on the bar the user has access to more information about the validity of the certificate. These anti-spoof measures help users make educated decisions about a site’s validity and security.


“One of the most important measures to counter phishing attacks is the use of security certificates,” says Christen Krogh, Opera’s Vice President of Engineering. “The challenge for browser vendors is to better explain the verification of certificates and to make the user more aware of this additional verification before entering into secure transactions.”


More in Opera Press Releases website

Mozilla Firefox 1.0.1 released (Security hole and bug fixes)

Most of the changes in Firefox 1.0.1 were security fixes and stability fixes.


Security hole fixes
22183 – Display hostname in title bar when address bar is hidden, to reduce the impact of the fact that web sites are allowed to spoof address bars.
260560 – Security and download dialogs can be spoofed by covering them partially using popup windows.
262887 – Secunia background tab security issues (SA12712).
273699 – 2 Frame Injection Vulnerabilities (popup blocking race condition & onunload event mis-firing).
275417 – Download dialog source spoofing (SA13599).
279945 – Image drag and drop allows to create executable files.
280056 – When dropping a javascript link to a tab, the script runs in the security context of the site currently displayed in the tab.
280603 – “New Updates Avail” popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
280664 – Using Flash and the -moz-opacity filter you can get access to about:config and make the user silently change values.
282270 – Display IDN URLs as punycode by default (controlled by a hidden pref).


Notable bug fixes
229706 – Unattended install asks for installation folder.
233625 – Uninstalling deleted non-Firefox folders (after installing to C:Program Files).
98564 – Caret overlaps the last character in textfield (if positioned after the last char).
271473 – Decouple services on update.mozilla.org.
280603 – “New Updates Avail” popup in bottom right-hand corner pops up endlessly / excessive hits on update service.
236596 – Form element cannot get focus when loaded by XML/XSLT page.
262822 – FIPS can’t be enabled.
261934 – Regression: network.standard-url.encode.utf8 and network.enableIDN prefs are ignored.
242845 – [Mac] Firefox disk image should use .dmg internal zlib-compression, not .dmg.gz.
180309 – [Linux] Crash while loading page with MS .fon font.


http://www.squarefree.com/burningedge/releases/1.0.1.html


Download Mozilla Firefox 1.0.1 to take advantage of security fixes.

[March 23, 2005] Phishers, Spammers and Scammers: Criminals of the Internet

Start Time:   Wednesday, March 23, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Wednesday, March 23, 2005 10:30 AM (GMT-08:00) Pacific Time (US & Canada)  
  
Event Description
 
Products: Other 
Recommended Audience: IT Professional 
Language: English-American
 
Description:   


Attend this webcast and learn how criminals use the Internet to infiltrate the security of your network. Learn about the underground economy associated with these threats and the co-operation of spammers and virus writers. We will also cover Phishing and attacks against the finance sector, Worms and critical infrastructure vulnerabilities, and we’ll address the issue of “Where are the network police?” Join us in this webcast as Mikko H. Hyppönen, Chief Research Officer of F-Secure Corporation, helps you understand Phishers, spammers and scanners, and how to better secure your network from these threats.


Presenter: Mikko H. Hypponen, Chief Research Officer, F-Secure Corporation


Microsoft Events

[March 22, 2005] Application-Level Attacks: Phishing and Session Hijacking

Start Time:   Tuesday, March 22, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Tuesday, March 22, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada)


Event Description


Products: Other 
Recommended Audience: Developer 
Language: English-American
 
Description:   


This webcast will provide in-depth demonstrations of a variety of Web application hacking techniques such as SQL Injection and Cross Site Scripting (XSS) and show how to identify whether an application is vulnerable to these types of attacks. Discover how the SQL Injection hacking methodology can transfer to other areas, allowing exploitation of Web services and LDAP. We will also examine the method of Google hacking and explore the fundamentals of using XSS attacks with phishing techniques, spam, and even touch-screen terminals and kiosks.


Presenters:  Dennis Hurst, Senior Consulting Engineer, SPI Dynamics & Caleb Sima, CTO, SPI Dynamics


Microsoft Events

[March 21, 2005] Introduction to Security Patching Using Windows Update Services

Start Time:   Monday, March 21, 2005 11:30 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Monday, March 21, 2005 1:00 PM (GMT-08:00) Pacific Time (US & Canada)


Event Description
 
Products: Windows Update 
Recommended Audience: IT Professional 
Language: English-American
 
Description:


This webcast presents an overview of Windows Update Services (WUS), formerly known as SUS 2.0. WUS provides the features administrators need to manage and distribute updates through a Web-based tool.  Administrators are able access this tool on any Windows computer in their corporate network.  Join us as we look at the new features, offer planning and deployment guidance, and demonstrate the technology found in Windows Update Services. 


Presenter: Jason Leznek, Senior Product Manager, Microsoft Corporation


Microsoft Events

[March 21, 2005] Assessing Network Security

Start Time:   Monday, March 21, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Monday, March 21, 2005 10:30 AM (GMT-08:00) Pacific Time (US & Canada)


Event Description


Products: Security 
Recommended Audience: IT Professional 
Language: English-American
 
Description:


Identify where you are vulnerable to network attacks!  This webcast will help you plan and implement processes to help identify where you are vulnerable to network attacks, and provide guidance on how to remediate issues identified in the assessment process. We will show you how to plan and perform security assessments, implement penetration testing for intrusive network attacks, and identify and remediate common issues using checklists outlined during the presentation. Join us and find out how to use tools and processes to scan your systems for vulnerabilities.


Presenter: Kai Axford, Security Specialist, Microsoft Corporation


Microsoft Events

[March 15, 2005] Security360 with Mike Nash: Phishing: Don’t Get Hooked

Start Time:   Tuesday, March 15, 2005 9:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Tuesday, March 15, 2005 10:00 AM (GMT-08:00) Pacific Time (US & Canada)


Event Description  


Products: Other
Recommended Audience: Technology Decision Maker
Language: English-American
 
Description:


On this month’s Security360 webcast, host Mike Nash, security executive at Microsoft, identifies emerging technologies and best practices that can help you reduce online fraud and phishing scams. Learn what you can do to protect your customers and employees and prevent your company brand from being hijacked. As with every Security360, this session will include the insights of industry experts, a checklist of recommendations and resources, and a live Q&A.
 
Presenter: Mike Nash, Corporate Vice President Security Business & Technology Unit, Microsoft Corporation


Microsoft Events

[March 10, 2005] Ask the IT Security Experts: Overview and Functionality Changes in the Upcoming Windows Update Services Release

Start Time:   Thursday, March 10, 2005 11:00 AM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Thursday, March 10, 2005 12:00 PM (GMT-08:00) Pacific Time (US & Canada)


Event Description
 
Products: Security 
Recommended Audience: IT Professional 
Language: English-American
 
Description:   


This webcast series brings together some of the sharpest, security-focused, Microsoft IT professionals to provide expert answers to your security questions. Join us in this 60-minute session and find out about the new features and added functionality in the next generation of Software Update Services (SUS). Hang on tight as PSS Security Support Engineers Jason Hoffman and Michael Cook lead an exciting presentation that will explain Microsoft Windows Update Services (WUS) – the successor to Microsoft SUS, and give you the inside scoop on the next generation of Update Services. Be sure to have your questions ready. There will be plenty of time for Q&A so you can ask in-depth questions about the upcoming Microsoft update services release.


Presenter: Jason Hoffman, PSS Security Support Engineer, Microsoft Corporation


Microsoft Events

[March 08, 2005] Tools and Techniques for Securing the Desktop

Start Time:   Tuesday, March 08, 2005 1:00 PM (GMT-08:00) Pacific Time (US & Canada)  
End Time:   Tuesday, March 08, 2005 2:00 PM (GMT-08:00) Pacific Time (US & Canada)


Event Description  


Products: Windows
Recommended Audience: IT Professional
Language: English-American


Description:   


Desktops are the most numerous and the most vulnerable systems in most IT environments which can place a large burden on support staff.  This webcast will provide guidance on how to improve desktop security. We will discuss Microsoft Software Update Service (SUS), Group Policies, and Microsoft Systems Management Server (SMS) as well as best practices for operating procedures. Don’t miss this valuable presentation.


Presenter: David Smith, Senior Consultant, Entirenet


Microsoft Events