Language Selection

English French German Italian Portuguese Spanish

A New Vector For Hackers -- Firefox Add-Ons

Filed under
Security

Makers of some of the most popular extensions, or "add-ons," for Mozilla's Firefox Web browser may have inadvertently introduced security holes that criminals could use to steal sensitive data from millions of users.

By design, each Firefox extension -- any of a number of free software applications that can be added to the popular open-source browser -- is hard-coded with a unique Internet address that will contact the creator's update server each time Firefox starts. This feature lets the Firefox browser determine whether a new version of the add-on is available.

Mozilla has always provided a free hosting service for open-source extensions at addons.mozilla.org. But many third-party makers opt to serve updates on their own, using servers that often transmit the updates via insecure protocols (think http:// instead of https://).

As a result, if an attacker were to hijack a public Wi-Fi hot spot at a coffeehouse or bookstore -- a fairly trivial attack given the myriad free, point-and-click hacking tools available today -- he could also intercept this update process and replace a Firefox add-on with a malicious one.

Full Story.



More in Tux Machines

Review: Ubuntu 15.04 is an amazing release, but I hate it

I have run Ubuntu 15.04 since the day it was made available, and while it was a great release, one decision by Ubuntu is ruining it for me. Read more

Oracle v. Google: We're not screwed yet

Superficially, the Solicitor General's advice to SCOTUS to find against Google and reject its appeal looks like bad news. But there are some substantial straws to grasp Read more Related: Let Oracle own APIs, Justice Dept tells top court in surprise filing Obama administration asks U.S. top court to decline Google copyright appeal

The NVIDIA SHIELD Android TV Review: A Premium 4K Set Top Box

The battle for the living room (i.e, controlling the television experience) is heating up with forays from multiple vendors. As the cord-cutting trend gains momentum, the time seems to be right for disruption. Roku has been around for a long time and they continue to taste success with inexpensive and small over-the-top set-top boxes (OTT STBs). At the other end of the spectrum is the Apple TV, which, despite just being a 'hobby', has managed to move millions of units. Google had tried to make inroads into this market a few years back with the Google TV / Logitech Revue, but, it unfortunately didn't pan out as expected. Chromecast turned out to be more popular in their second attempt, but it was a limited play. In late 2014, Google launched Android TV along with the Nexus Player. Read more

Red Hat CEO: Here's how to create an 'Open Organization'

In a brand-new book, Red Hat CEO Jim Whitehurst explains what he's learned from leading the largest open source company and how the lessons can be applied Read more Also:

  • The open source CEO strikes again
    In The Open Organization, Red Hat CEO Jim Whitehurst presents a compelling, modern alternative to the traditional, top-down hierarchy of business organization. I had the pleasure of interviewing Whitehurst for TechCrunch.com in early 2012, and the seeds of many of the ideas in the book were clearly present even then. Reading The Open Organization felt, in some ways, like the conclusion to that interview.
  • Why I Wrote "The Open Organization"
    In my line of work, I get a lot of questions. Most of these are along the lines of "What's it like to be CEO of an open source company" or “Where do you see technology moving over the next year?”