Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Massive Ubuntu Touch Update Coming to Phones and Tablets This Summer

We reported the other day that the Ubuntu Touch developers had a great session during the Ubuntu Online Summit for the next major release of the world's most popular free operating system, Ubuntu 15.10 (Wily Werewolf). Read more

Ugoos UM3 TV box dual boots Android and Ubuntu

The Ugoos UM3 is a small box that you can plug into your TV to run Android apps. But unlike most devices that fit that description, this one can also run Ubuntu Linux. That means you could use it to stream videos from YouTube or Netflix, play music from Pandora or Spotify, or play Android games. Then you could reboot the device and switch operating systems to run full desktop apps including LibreOffice and Firefox. Ugoos offers a larger model called the UT3S which sells for about $179. But the Ugoos UM3 costs about $50 less. Read more

4 things governments need to know to adopt open source cloud - Red Hat

Open source cloud platforms, like OpenStack, can allow public sector agencies to connect systems and share data easily. Here are four things governments need to know to make open source cloud a success. Read more

Open source key to preserving human history, argues Vatican

Ammenti explained that, in order for the manuscripts to be readable, the Vatican Library opted for open source tools that do not require proprietary platforms, such as Microsoft Office, to be read. "We save it as a picture as it's longer life than a file. You don't rely on PowerPoint or Word. In 50 years they can still just look at it," he said. Read more