Tag Archives | threat

Firesheep Buzz

firesheep in action

There has been a lot of buzz about a Firefox add-on named Firesheep.  I have kind of ignored the topic for some time, but after getting a few emails from Firefox users asking what it is about – I thought it might be time to shed some light on the topic – so that all Firefox users know it is out there.  Firesheep snoops fro cookies, and then allows others to log into websites as you if you are browsing on an open wireless network.

Continue Reading →

Firefox Vulnerability Isn’t a Threat (Maybe)?

There is a kind of major security threat that isn’t really a threat but it is and yeah, I am very confused. Instead of trying to explain things I’ll share with you the information as I got it.

Ronald van den Heetkamp says that he found a vulnerability that effects all versions of Firefox (even the most recent 2.0.0.12 update). Found out about this over at Mozilla Links.

Then I go check out Asa’s blog to see what he is saying about it, and he writes:

This news item on /. and making the rounds on some blogs is not real. It’s not a flaw. This guy’s found a way to read a file that doesn’t contain any personal information and that’s identical for every Firefox install on the planet. It’s simply not a flaw.

His post then points me over to Mike Shaver’s post who does a better job at explaining the situation. It turns out that the vulnerability found does not have access to the user’s setting at all. The files are not stored in the Windows program files (or any other operating system’s equivalent for that mater). Check out his post to see Ronald and Mike discuss the topic on on one via the comments for more information.

I love the Internet.

Could Extensions Hurt You?

Browser SyncExtensions that auto-update? Yeah, there could be a threat there and we aren’t sure when a fix is coming.

This is actually a threat that I had considered once or twice before – but it seems like it is getting a little more “conversation” around the Web this time around. For the best description on what this security hole is all about – lets turn to CyberNet News.

So what’s the problem? When using an extension in Firefox it frequently checks to see if there is a more updated version available, and Firefox will notify the user whether they are running the latest version. Normally the user will agree to the update and proceed with their normal browsing activities, but there could be more going on behind the scenes than the user is actually aware of.

Looks like Firefox isn’t looking to fix this yet till version 3 of the browser rolls out. Folks like Google though have promised to fix any issues with their extensions as soon as they can. All we can hope is that others will follow suit.

Password Manager Bug

Well it looks like the good times train has made a stop in bug city! I have no doubt though that the Mozilla folks will get this one squashed as soon as possible. Till then, it is always good to know the facts.

Today, Mozilla made public bug #360493, which exposes Firefox’s Password Manager on many public sites. The flaw derives from Firefox’s willingness to supply the username and password stored on one page on a domain to another page on a domain. For example, username/password input tags on a Myspace user’s site will be unhelpfully propagated with the visitor’s Myspace.com credentials.

+ Read More About the New Bug in Firefox 2’s Password Manager!

Mozilla Patches Firefox

Have you updated your version of Firefox yet?

Mozilla Corp. Thursday updated its Firefox browser to fix 7 flaws, including 4 pegged by the open-source developer as “Critical.” Of the four critical vulnerabilities patched in Firefox 1.5.0.7, none are currently being exploited, Mozilla said in detailed descriptions of each fixed flaw. In fact, Mozilla said in several of the descriptions that it was not sure whether the specific vulnerabilities could be exploited, but had issued patches just in case.

+ Read More About the Security Threat!

Spyware Poses as Firefox Extension

Well this is an interesting piece of news for the day. This is one of those things that you thought were bound to happen, but it doesn’t mean you have to be happy about it.

Virus writers have created a spyware package that poses as an extension to the Firefox web browser. FormSpy, which poses as the legitimate NumberedLinks 0.9 extension, is programmed to steal confidential information from compromised machines including passwords, credit card numbers, and ebanking login details. The malware is also capable of sniffing passwords from ICQ, FTP, and email traffic before sending this data to a hacker-controlled website.

[Learn More About Firefox’s Security Threat!]