Monday, March 30, 2009

Koobface Virus includes a bot-like component, BeAware!

Facebook Koobface Protection and Removal

What is the koobface virus?

The koobface worm is new malware variant that has the ability to replicate itself when it gets through the computer system. It also referred to as Net-Worm.Win32.Koobface.b. Please refer here to my previous post.

The koobface virus popularly infects computers via social networking sites like facebook. The facebook virus koobface also has the ability to send automated emails using infected computer systems.

Koobface includes a bot-like component that could install other malicious apps at a later time.If the viewer approves the Flash installation, Koobface attempts to download a program called tinyproxy.exe. This loads a proxy server called Security Accounts Manager (SamSs) the next time the computer boots up. Koobface then listens to traffic on TCP port 9090 and proxies all outgoing HTTP traffic. For example, a search performed on Google, Yahoo, MSN, or may be hijacked to other, lesser-known search sites.

How to Avoid Koobface

The best way to avoid having trouble with this computer virus is to observe the koobface protection practices. When using social networking sites (myspace, friendster, facebook, hi5, etc), always be cautious of automated messages that are either too tempting or insulting (eg. you look funny in this video, etc) and avoid clicking on the link provided as this may likely contain a koobface download. This is one of the simplest but most valuable means of koobface virus protection. Please refer to my previous post on Koobface virus.

How to Detect Koobface

The McAfee website provides information on the characteristics and symptoms of this computer worm. You may want to read their report to learn more how to detect koobface.

How to get rid of the koobface virus

This "koobface removal article" provides information on how to remove koobface manually including details to delete koobface registry keys. Please note however that great caution should be observed when you attempt to delete koobface virus manually because you may put your computer at risk. I will not recommend my readers to manually remove this virus. also provides a free koobface antivirus download. If you detect koobface in your PC, you may download the koobface virus removal tool here: Download Koobface Remover or Facebook has also posted instructions on how to remove the infection.

Sunday, March 29, 2009

Welfare agencies using Facebook to nab fraudsters?

New Zealand welfare agency uses Facebook to nab fraudsters

Wellington - New Zealand's government welfare agency has confirmed it examines internet social network sites like Facebook to catch benefit fraudsters, a newspaper reported on Sunday.

Young mother Lauren Kaney, 22, of Mount Maunganui, was convicted in court last week of getting three times the weekly benefit she was entitled to, after claiming she lived on her own with her 2-year-old- son. In fact, her Bebo and Facebook pages revealed she was living with the boy's father, the Herald on Sunday reported.

Kaney admitted receiving 17,500 New Zealand dollars (nearly 10,000 US dollars) more than her entitlement and was sentenced to four months' home detention and 200 hours of community service. She told the paper it was a big surprise when she was caught after Ministry of Social Development investigators looked at her Bebo page.

'I didn't ever think they would look me up like that,' she said. 'It's not really fair of them to do that, but it wasn't fair of me to rip them off in the first place.'

Minister of Social Development Paula Bennett has asked ministry staff to prepare a report on benefit fraud, which costs taxpayers about 60 million New Zealand dollars a year, the paper said.

Thursday, March 26, 2009

Malware in iTunes podcasts may swipe passwords

Update your Apple's ITunes as soon as possible...

Apple notified customers in a Mar. 11 alert that a malicious podcast may steal your Apple iTunes credentials and expose your user ID and password. Normally, iTunes will notify you that updates are available, but if you don't see the notification, you can download the update manually from Apple's iTunes download page.

On Windows systems, an additional vulnerability impacts the Digital Audio Access Protocol, Apple's proprietary protocol for sharing media across a network. The hole could allow a Denial of Service attack.

Tuesday, March 24, 2009

The PC of 2019

What's in store for everybody's go-to computer?

For those of you who want the world at your fingertips, the wait is almost over. Pranav Mistry at MIT's Media Lab has developed the "Sixth Sense," a technology so personal that it blurs the boundary between individual and machine. Please click here to watch the video or click here to read full article on Computerworld.

Monday, March 23, 2009

Microsoft Security Assessment Tool: Can It Make Your Organization More Secure?

MS security assessment tool is a 'game changer'

Microsoft on Friday released an open-source program designed to streamline the labor-intensive process of identifying security vulnerabilities in software while it's still under development.

As its name suggests, !exploitable Crash Analyzer (pronounced "bang exploitable crash analyzer") combs through bugs that cause a program to seize up, and assesses the likelihood of them being exploited by attackers. Dan Kaminsky, a well-known security expert who also provides consulting services to Microsoft, hailed the release a "game changer" because it provides a reliable way for developers to sort through thousands of bugs to identify the several dozen that pose the greatest risk.

"Microsoft has taken years of difficulties with security vulnerabilities and really condensed that experience down to a repeatable tool that takes a look at a crash and says 'You better take a look at this,'" Kaminsky told The Reg. "What makes !exploitable so fascinating is that it takes at least the first level of this knowledge and packages it up into something that can be in the workflow."

Over the past five years, Microsoft has made a fair amount of progress hardening its operating systems and applications against the most-common security threats. Protections such as Address Space Layout Randomization and cross-site scripting defenses have been added to later versions of Windows and Internet Explorer, respectively. And the company has generally managed to exorcise its programs of dangerous vulnerabilities before they can be exploited by attackers.

Please refer here to read full article. Alternatively, you can click here to read more details about MSAT on Microsoft's technet website.

Internet Explorer 8 got hacked easily?

Microsoft flooded with complaints after IE 8 release

Internet Explorer 8 was released at noon on Thursday and users have already flooded the pages of Microsoft’s feedback pages with complaints. It hasn’t done too hot with Pwn2Own and got hacked easily. Although many problems were supposed to be resolved during the beta testing phase, it still seems that there are multiple issues affecting the web browser.

Top complaints include problems printing from websites, search function malfunctions, and misplaced images. Many users have said that their search bar doesn’t work and have appeared blank. Additionally, a bug has appeared to cause an issue with dragging photos in IE onto Facebook pages. Boot up times have also been reported as slow as well as taking up an extra 4GB of hard drive storage space.

Microsoft has contended that they have fixed the most significant issues in beta based on priority by community voting. Upgrades to IE 8 include several bars that you can use to manage the sites that you navigate on the web. A favorites bar, tab bar, and address bar have all been added with the upgrade. You can manually download IE 8 from Microsoft’s download page.

Friday, March 20, 2009

I know what you typed last summer

Boffins sniff keystrokes with lasers, oscilloscopes

Researchers have devised two novel ways to eavesdrop on people as they enter passwords, emails, and other sensitive information into computers, even when they're not connected to the internet or other networks.

Exploiting vibrational patters and electromagnetic pulses that emanate with every character entered, the Italian researchers are able to remotely sniff keystrokes from significant distances. The techniques use inexpensive equipment and can be hard for targets to detect, making them ideal for snooping on unsuspecting people in the office or building next door.

"The data is there," Andrea Barisani, of security firm Inverse Path, told those attending the CanSecWest security conference in Vancouver, British Columbia. "That's the important thing you need to know: whenever you type your data goes somewhere else. Not many people think about that."

The first method involves the use of laser microscopes, which have long been the stuff of thrillers with spies who eavesdrop on conversations spoken from afar. By pointing the devices at windows, snoops can read the sound waves and then reconstruct the words that are being spoken.

Barisani, who was joined on stage by fellow Inverse Path colleague Daniele Bianco, said laser microscopes can be trained on a laptop computer or desktop keyboard to similarly read the characters being entered. Because each keystroke has a distinctly different sound vibration, it is possible to remotely discern the characters by capturing the sound and then subjecting it to analysis.

The process is akin to the way secret codes are often cracked. An eavesdropper first figures out which sound represents the space bar. From there, he compares the input against words in a dictionary for likely matches. The more input the device picks up, the more accurate it becomes. Because keystrokes sound different for different people, a snoop would need to learn the distinctive sounds of each person being spied on.

Of course, the technique requires the eavesdropper to have a clean line of sight to the target PC, but it remains suitable for snooping on people typing in public places or next to windows. An attacker can also use one line of sight to point the laser on the victim and a separate straight line to receive the signal that's bounced back for analysis. What's more, infrared lasers can be used to escape detection.

Source: The Register

Wednesday, March 18, 2009

MS09-008. Does the patch work?

If successful attack has already taken place before applying the patch, applying the patch will not fix the issue...

This vulnerability could be used to launch "man-in-the-middle" attacks on Windows DNS servers. The web browsers of the PCs in the network are configured through these WPAD entries, so a user that is getting the proxy configuration automatically could be redirected to a malicious proxy and the attacker will have access to all the traffic of the user. To perform this attack, the attacker could insert a WPAD entry in the DNS server when dynamic updates are enabled.

As a part of the solution to this vulnerability, Microsoft creates two new values in the registry under the key HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters

Once created these values in the registry, if anyone tries to launch a “man-in-the-middle” attack it won’t success, as the system will block petitions to the WPAD entry, unless this entry had not been created before applying the patch.

However, in the case of MS09-008 patch it doesn’t work in the same way; even if we have applied the patch, if we were already attacked through this vulnerability, it doesn’t solve the problem and the “man-in-the-middle” attacks will continue. Why? Because in that case the data in the value GlobalQueryBlockList created when the patch is applied is “isatap” instead of “wpad isatap”, so the queries to WPAD are not being blocked.

In case a successful attack has already taken place before applying the patch, your traffic can be being redirected to a malicious proxy. Then, even if you apply the patch, the issue is not completely solved, and the malicious proxy will stay there “sniffing” all your traffic.

To solve this, it is only needed to add in the registry to the value GlobalQueryBlockList the data wpad and restart the DNS service. Microsoft guys have blogged about this and how to resolve this, you can find more information here.

Friday, March 13, 2009

XP SP3 and Server 2003 SP2 may need repatching

If you installed XP Service Pack 3 or Windows Server SP2 after September 2008, you need to reapply an important security update.

In addition, if Windows Update offers your XP or Server 2003 system Microsoft's security bulletin MS08-067 patch, you should install it — even if you've previously done so. You may be wondering why my lead topic today is MS08-067, a patch from 2008. Well, I'm wondering, too.

You may find this week that your Windows XP SP3 and Windows 2003 SP2 machines are offered MS08-067 (954593). If so, you probably installed SP3 on XP or SP2 on Windows 2003 some time after September 2008.

People who installed MS08-067 when it first came out last summer — and then installed either the XP SP3 or 2003 SP2 service pack — may not know that systems were reverted back to a vulnerable version of gdiplus.dll. Service packs aren't supposed to do that. They're supposed to be smart enough to retain the patched versions of all system files.

Last month, however, I found that some XP machines I'd updated to SP3 post-September had the pre-update version of gdiplus.dll. On three of the systems, my third-party patching tool from Shavlik flagged this file as out-of-date. It offered the patch to me when I performed a manual scan.

I thought it odd at the time, but I believed that the problem was with Shavlik's tool, not Microsoft's. When I reviewed the patch information on Shavlik's forum, though, I found a forum post from last November by a commenter named Fordhami indicating that Microsoft knew of this issue back then. Interestingly, I'd installed XP SP2 on several XP SP3 workstations and then reinstalled XP SP3, only to find that the machines were properly patched. I searched for gdiplus.dll on those systems and found three files in locations similar to the following path:

C:\Windows \ WinSxS \ x86_Microsoft.Windows.GdiPlus_hashnumber

The version of all three files was 5.1.3102.5581. This indicated that the machine was patched. You may want to search for that file and see what version you have. Don't worry about any gdiplus.dll files located elsewhere on your system. The important one is found in the WinSxS folder.

This isn't the first patch-detection problem for XP SP3. Given the number of months since the update's initial release, it's disturbing that the problem is just now coming to light. People still ask me whether it's OK to install SP3 on XP systems. When it comes to any service pack, I always caution you to be prepared by creating a complete backup before installing it.

Thursday, March 12, 2009

Some tips on successful ATM fraud and to protect yourself!

ATM Fraud devices such as skimmers, physical key-loggers, Card Reader/writer are freely available

A bank-machine hacker who reportedly was arrested earlier this month in Turkey gave would-be fraudsters tips on how to install rogue card-reading devices, including advising them to target drive-through ATMs (automated teller machines) and avoid towns with fewer than 15,000 residents.

I basically think fraudsters tips are widely available on internet - all users need to do is bit of research. What we need is fraudsters prevention tips which we will hardly find on internet.

The hacker, who went by the handle "Chao", reportedly was arrested earlier this month in Turkey. He was one of the most well-known ATM hackers in the world, according to Uri Rivner, head of new technologies for RSA Consumer Solutions.

Chao sold fake faceplates that fraudsters could attach to the card slots in ATMs. These "skimmer" devices can read the magnetic stripe of every customer's ATM or credit card, and are often used in conjunction with a hidden camera that watches people enter their PINs (personal identification numbers), Rivner says. Alternatively, criminals can attach an extra keypad on top of the one in the machine and capture the PIN that way, he adds.

After collecting this data over a period of time in these devices, the fraudster can remove the devices and use the information to make counterfeit ATM and credit cards that can be used in stores and ATMs. There are other such devices that can send the information to a nearby computer via wi-fi, he adds. Fraudsters also commonly produce counterfeit cards using information stolen directly from bank and credit-card databases. Overall, card counterfeiting is one of the major types of fraud against ATM and credit card issuers, representing roughly 30% of their fraud losses in the US and other part of the world.

Credit card skimmers are available on ebay quite easily. Once, the fraudsters has the credit card details they can use that details to make duplicate credit card using magnetic card writer device called MSR 2006 or other similar devices.

In an animated online video commercial for his skimmers, Chao provided a glimpse into the world of ATM hacking with a series of tips for potential customers who would buy and install his products.

Picking an ATM to target with this scheme requires watching the surrounding area for days or weeks and taking notes on foot traffic and other characteristics, Chao says in the video. Among his tips are these:

— don't install a skimmer in the morning, because people are more vigilant then;

— determine where a person would have to stand to keep an eye on everything happening on that block;

— avoid blocks where more than 250 people per day walk through, because of the danger of detection;

— don't install skimmers in towns with fewer than 15,000 people, because people in those towns know what their ATMs look like;

— avoid areas with small shops open 24 hours a day, because there may be surveillance cameras and vigilant shopkeepers;

— don't set up in areas where a lot of illegal immigrants live;

— places with a lot of tourist traffic are good;

— look for affluent neighbourhoods and drive-through ATMs;

— ATMs near cash-only bars are a good bet for lots of customer activity.

These tips are basically common-sense. Do you think fraudsters will install skimmer in a town where there is only 2 ATMs and everybody knows each other?

It's fairly rare for a consumer to be a victim of skimming, but Chao's tips indicate consumers are probably safer if they use ATMs at their own banks or financial institutions, says Enterprise Strategy Group analyst Charlotte Dunlap. The safest course would be to use machines inside the bank, though that's not practical for most people's schedules, she notes.

Consumers also should keep tabs on their account activity, via statements or the web, and report any abnormal activity, Dunlap advises. Consumers typically are protected from this type of theft, as they are with a lost or stolen credit card, she says.

I have been reading about ATM-fraud for last 10 years now. I have done enough research to write a book on this topic. All i can say this information is widely available on internet. People using forums, irc channels and groups to trade this information.

I always advise my readers, users, friends and colleagues with the following tips to protect themself from ATM fraud:

- cover your keypad with other hand when entering your PIN

- carefully monitor your credit card statement

- always look around before using ATM machine

- Avoid using ATM machines at pubs, clubs, petrol stations, etc

- Always try to use ATM machines located at banks

- When using merchant, make sure you don’t let your card go away from your sight ( Credit card skimmers can also be installed at merchant POS machines )

- Always pay attention and use little bit of your common sense

- Any transaction which you are unable to recognize – contact your bank immediately

- Reduce your ATM – withdrawal limit to minimal

- Always use bank teller counter to withdraw cash as they manually verify the card-holder

Please contact me if you have any questions.

Tuesday, March 10, 2009

Best Password Auditing Tool will be coming back

Finally, LophtCrack is back

More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight.

The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week's SOURCE Boston conference. A teaser post on the Web site mentions "new features and platform support," which, according to Space Rogue, includes 64-bit Windows support and upgraded rainbow tables.

L0phtCrack was a popular tool used to identify and remediate security vulnerabilities that result from the use of weak or easily guessed passwords. It was also used to recover Windows and Unix account passwords to access user and administrator accounts whose passwords are lost or to streamline migration of users to newer authentication systems.

Monday, March 9, 2009

WarVOX - Place up to 10,000 calls in an 8 hour period

'War-Dialing' making a small comeback

Once, many moons ago, before even most people knew about the Internet, some hackers and self-motivated computer security enthusiasts used programs called war-dialers. The war-dialers were fairly simple programs; they would just dial telephone numbers in order, using a modem, and they would take note of any connections they could make. While 99.9% of the calls early war-dialers made would be made to some confused or annoyed person, trying to figure out what that squelching sound was, every blue moon a war-dialer might stumble upon an unprotected computer system that accepted incoming calls.

War-dialing is really old news; but like many other examples in network security, hacking methods and tools never fade away completely, they just get re-worked.

Penetration expert HD Moore has made a new war-dialer for 2009. It is free, and uses VOIP services to place up to 10,000 calls in an 8 hour period. The program is called WarVOX, and, like any self-respecting network security tool, it only runs in Linux.

Moore made the tool, he says, to assist network security auditors find holes in companies' phone systems. "Right now, the target audience for WarVOX is anyone who currently uses legacy war-dialing tools and is frustrated by the amount of time and money it takes to perform the audit," he was quoted as saying on the website Dark Reading.

"After playing with WarVOX over the last few weeks, I was surprised at how many lines I have found that expose some sort of security risk," Moore went on to say. "This includes the administrative interfaces to PBXes, lines that drop you to a fresh dial tone after a dozen rings, internal directories for large companies, and tons of sensitive information."

So you might be saying: "Big deal. So dude found some fresh dial tones -- so what?"

But for someone that really knows what they are doing, one small hole can be sometimes be tunneled and transformed into a gaping passageway into closed networks. Or war-dialing methods can be used just to gather restricted information about a company: "It's possible to reverse-engineer a company directory out of the voice mail greetings. Company directory information is useful, but running WarVOX at regular intervals and viewing the data over time can provide a lot of useful data about an organization, such as how many people they laid off, how many new people they hired, and who is picking up their phone at a given time and date," Moore said.

The WarVOX dialer also records any audio it can gather from the telephone call. So say you had audio archive of 9,000 calls made by the dialer -- the odds are you could filter the calls to the find the longest, and maybe, if you were lucky, something interesting might have been said in one of the calls.

Source: Dark Reading

Friday, March 6, 2009

Conflicker Worm - Microsoft's fault or not?

AutoRun patch a long time coming for XP users

Nearly 18 months after it was discovered, Microsoft has finally fixed a hole in the AutoRun function of older Windows versions that allowed viruses to spread via external storage devices.

While it's good to know Microsoft is finally listening to the complaints of the Windows community, the company's delay in applying important patches put our systems at risk unnecessarily.

The more noise customers make, the more likely the problems will be rectified. Most recently, the Conficker worm has been spreading across networks, often entering systems via USB flash drives and other removable media. Shamefully, Microsoft could have — and should have — prevented this massive infection from happening in the first place.

In October 2007, Nick Brown documented in his blog how viruses and worms were entering his network via USB memory sticks. Fast-forward to one year ago. Will Dormann and US-CERT (the United States Computer Emergency Readiness Team) published information on Mar. 20, 2008, confirming that Microsoft's AutoRun advice didn't block threats.

In July 2008, Microsoft released security bulletin MS08-038. The patch in this bulletin made it possible for users to control AutoRun properly, but only on Windows Vista and Server 2008.

So what happened to the equivalent patch for Windows 2000, XP, and Server 2003? In May 2008, Microsoft had in fact released a patch for these systems, which is described in Knowledge Base article 953252. However, as described in a Jan. 22, 2009, Computerworld article, US-CERT found that the fix for XP/2000/2003 had to be applied manually. Furthermore, Microsoft was not making the patch available automatically via any Windows Update service.

It wasn't until Feb. 24 of this year that Microsoft distributed this patch via Windows Update to XP, 2000, and 2003. This is described in the company's security advisory 967940.

Many home and business PC users rarely deploy patches that aren't available through Windows Update, Microsoft Update, or WSUS (Windows Software Update Services). Add to this the confusing and conflicting information about the AutoRun patch, and it's no wonder the Conficker worm, which exploits AutoRun functionality, made the inroads that it did.

You may be wondering why it took Microsoft so long to distribute for XP/2000/2003 users the fix that permits AutoRun to be properly disabled. One clue may be found in the file versions listed in KB article 967715. The Windows Server 2003 files are dated Feb. 10, 2009. Typically, Microsoft doesn't release a fix for one platform if it's still developing a fix for another platform. This is done to avoid putting one set of customers at risk while protecting others.

That's usually a valid reason to wait before distributing patches. But when you open up the files described in the earlier KB article 953252, you find that all the files in that hotfix date back to mid-2008.

Why did it take an admonition from CERT to convince Microsoft to add this vital fix to Automatic Updates for those versions of Windows? To make things even more confusing, the way Microsoft released the XP/2000/2003 fix at the end of February caused many people to think it was an out-of-cycle security patch.

For home users, I'm not yet ready to pull the fire alarm and tell everyone to disable AutoRun. But I do urge you to be very leery of plugging USB flash drives into your system if you're unsure whether they've been used on other computers. Large organizations, however, should consider disabling AutoRun on their networked PCs, considering how hard it's been to stomp out the Conficker worm and others.

So do you think if this patch had been pushed to all Windows users sooner, much of Conficker's pain might have been avoided?

Tuesday, March 3, 2009

Safety of the data means more than protecting information

Unplanned Security - It can be life threatening..

Imagine for just a moment that it's 6:30 a.m. and you are a patient in a hospital waiting for surgery. It's a routine operation to remove your gall bladder (one of those throw-away parts), and no big deal. What you don't know, however, is that the hospital's computer network was recently redesigned. The support staff moved all of the critical applications from the mainframe to a distributed network environment. In the rush to move from one platform to another, management never developed security policies and procedures for the new systems. So the hospital support staff never configured security. On the surface, the right-sized network is running smoothly. Underneath, however, anyone on the hospital network can steal, modify, or destroy patient information on the servers.

Yesterday, when you were admitted to the hospital, you had some pre-op testing done to make sure that you don't have an infection. They did blood work and a chest X-ray -- the standard pre-op stuff. You wake up early the nexy day, 4:00 a.m., and your surgery isn't for several hours. You wake up because you're little nervous about getting that gall bladder removed. After considering the problems it was giving you, you decide you will be better off without it. Feeling calm, you fall back to sleep and have a few pleasant dreams.

Siz a.m., rolls around. The doctor calls down from the operating room. He tells the nurse that he wants the results of your pre-op tests sent with you to the operating room. Since the results haven't come back to the floor yet, the nurse logs into the computer to get your results. They are normal. Or, atleast they are now.

What your nurse doesn't is that a hacker broke into the server and changed your test results from abnormal to normal. Before the information was modified, the results of your lung X-ray review noted a questionable shadow -- maybe just congestion, or maybe pneumonia. Results that would tell your doctor to postpone the surgery to avoid possible complications that could lead to resporatory failure.

Since your doctor doesn't get those results, he operates anyway. Your gall bladder takes the route your tonsils fell to many years ago. It appears to have been a successful operation. That is, until the anesthesiologist notifies your surgeon that he can't seem to get you off the respirator. He orders a repeat chest X-ray which shows a dense pneumonia. He then requests your pre-op X-ray that shows a smaller shadow in the same area. He calls your surgeon wanting to know why he did an elective surgery on patient with preexisting pneumonia. Your doctor can't be reached because he is busy filling out your dead certificate. Guess what? Your lungs gave out -- your are dead.

This is one case when the safety of the data means more than protecting information -- it means protecting lives. Pretty scary when you consider just how much real hospital rely on their computers. Just imagine....

Sunday, March 1, 2009

Gazelle Browser Offers Better Security ?

Researchers Say Gazelle Browser Offers Better Security

Researchers at various universities are working with Microsoft Research to develop a more secure Web browser code-named Gazelle. The researchers recently demonstrated Gazelle on Windows Vista and with Internet Explorer's Trident renderer, and have also published a paper describing the project. Gazelle uses a browser-based operating system, a browser kernel that consists of approximately 5,000 lines of C# code and can withstand memory attacks. No existing browsers, including new architectures like IE 8, Google Chrome, and OP [another experimental browser], have a multi-principal OS construction that gives a browser-based OS, typically called browser kernel, the exclusive control to manage the protection and fair-sharing of all system resources among browser principals.

A team consisting of Microsoft Research personnel and university staff members has demonstrated a potentially more secure Web browser called Gazelle. A paper (PDF) describing the browser prototype was published at Microsoft Research Thursday.

However this research team, led by Helen J. Wang and others, appears to be doing work that's separate from Microsoft's Internet Explorer 8 team. IE8 and Google Chrome frequently appear in the paper as examples of browsers that get security wrong.

The principals, or Web sites, communicate with each other by passing messages through the browser kernel, which manages security and the sharing of system resources. The browser uses separate processes to run a Web page and its embedded principals. Still in the prototype stage, Gazelle is slow because of its level of overhead, and the team also will have to address the browser plug-in issue.