Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Seeing the cloud through Ubuntu-colored glasses

In Canonical's sixth annual Ubuntu Server and Cloud Survey, the company found -- no surprise -- that the enterprise is rapidly adopting the cloud. Further, the cloud is moving from "mostly development and testing to more production-grade workloads". What kind of cloud? It's still heavily weighted to private clouds, which has 35 percent of users. The most popular platform for private cloud is OpenStack, which is used by 53 percent of users. At the same time, hybrid clouds are on the rise, at 20 percent, up from 15 percent last year. Indeed, the survey found that hybrid clouds are now almost as popular as public cloud, which is at 23 percent. Read more

Bill Gates Inadvertently Shows Off Ubuntu on His Facebook Page

Bill Gates is much more involved in philanthropy than Microsoft these days and he's done some great work regarding the eradications of certain diseases and to improve the quality of life in a number of third world countries. He's also inadvertently promoted Ubuntu, which is a Linux system. Read more

Major Release LibreOffice 4.4 Announced

The Document Foundation today announced the latest and "most beautiful" LibreOffice ever. LibreOffice 4.4 is the ninth major release for the project and brings with it lots of design and functionality improvements. Redesigned toolbars, menus, status bars, rulers and new theme selector are among the goodies for users. Michael Meeks said today that this release not only improves the visible features but also the foundations underneath. Read more

Sphinx: An outstanding open source documentation platform

Sphinx is a free, open source project written in Python and, not surprisingly, is really well suited for documenting Python projects. Now, before you harrumph “Meh, I code in which isn’t at all like Python!” be aware that Sphinx supports several other languages (C and C++ support is in development). Read more