Beware extensions bearing vulnerabilites
Subject: General Tech | May 31, 2007 - 08:43 AM | Jeremy Hellstrom
[H]ard|OCP has posted a warning to Firefox users about a vulnerability that can be exploited using a number of add-ons. The problem stems from the extension updates being hosted on a third party server, and being sent unencrypted, as opposed to being over HTTPS. This could allow an attacker to intercept the update, and replace it with their own code.
"According to Chris Soghoian, the Indiana University doctoral candidate who discovered the weakness, the vulnerability
exists for some of the most popular Firefox add-ons, including Google Toolbar, Google Browser Sync, Yahoo Toolbar,
Del.icio.us, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar,
PhishTank SiteChecker and a number of others, mainly commercial extensions. Ironically, at least two of the toolbars
listed here are designed to help protect users from new security threats."
Here is some more Tech News from around the web:
- Computers Outperform Humans at
Recognizing Faces @ Slashdot
- What lurks below Microsoft's Surface? A brief Q&A with Microsoft @ Ars Technica
- Okidata C6100DN LED Printer Review @ The
- Father's Day Gift Guide @ Digital
- OCBible 1.52 Released @ AOA Forums
- Fedora 7 Prime "Moonshine" @ Phoronix
- Mark Shuttleworth Talks Dell, Hardware, Ubuntu
7.10 & More @ Phoronix
- How to turn off the UAC (those annoying
confirmation prompts) in Windows Vista @ OCModShop
Get notified when we go live!