[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Home]
4chanarchives logo
http://arstechnica.com/security/201 6/04/noscript-and-other-
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.

You are currently reading a thread in /g/ - Technology
Thread replies: 25
Thread images: 7
Anonymous
2016-04-06 05:52:10 Post No. 53893377
[Report] Image search: [Google]
File: 1354743945117.gif (484 KB, 200x149) Image search: [Google]
1354743945117.gif
484 KB, 200x149
Anonymous 2016-04-06 05:52:10 Post No. 53893377 [Report]
http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/

NoScript and other popular Firefox add-ons open millions to new attack

NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.

>firecucks
>once, never again
>>
Anonymous 2016-04-06 06:06:37 Post No.53893536
[Report]
Anonymous 2016-04-06 06:06:37 Post No.53893536 [Report]
>Because risks such as this one exist, we are evolving both our core product and our extensions platform to build in greater security. The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia. As part of our electrolysis initiative—our project to introduce multi-process architecture to Firefox later this year—we will start to sandbox Firefox extensions so that they cannot share code.


Are they seriously shitting on their single remaining selling-point (powerful and thus actually useful addons) just to color the upcoming deprecation of addons as a GOOD thing!?
>>
Anonymous 2016-04-06 06:11:16 Post No.53893588
[Report]
Anonymous 2016-04-06 06:11:16 Post No.53893588 [Report]
"First, someone must go through the trouble of installing the trojanized extension."

So it's nothing.
>>
Anonymous 2016-04-06 06:11:30 Post No.53893592
[Report]
Anonymous 2016-04-06 06:11:30 Post No.53893592 [Report]
>>53893536
The directors just want more money in the shortest amount of time. They don't give a fuck about the actual product. Even though it'll die in the long run.

This notion has been reiterated countless times on hacker news
>>
Anonymous 2016-04-06 06:22:15 Post No.53893697
[Report]
Anonymous 2016-04-06 06:22:15 Post No.53893697 [Report]
>>53893588
Like it has ever been a real stumbling block to either install malicious code onto a target machine or get some dumb user to do it for you.

If that barrier was insurmountable, we wouldn't even have malware as we know it today.
>>
Anonymous 2016-04-06 06:22:17 Post No.53893698
[Report] Image search: [Google]
Anonymous 2016-04-06 06:22:17 Post No.53893698 [Report]
File: wew.png (286 KB, 1340x879) Image search: [Google]
wew.png
286 KB, 1340x879
Too late for me
>>
Anonymous 2016-04-06 06:23:22 Post No.53893712
[Report]
Anonymous 2016-04-06 06:23:22 Post No.53893712 [Report]
>>53893697
since enforcing addon-signing, sideloading doesn't work anymore though.
>>
Anonymous 2016-04-06 07:00:11 Post No.53894065
[Report]
Anonymous 2016-04-06 07:00:11 Post No.53894065 [Report]
>>53893698
you've already been hacked.

>mess with the best, die like the rest
>>
Anonymous 2016-04-06 07:08:04 Post No.53894133
[Report] Image search: [Google]
Anonymous 2016-04-06 07:08:04 Post No.53894133 [Report]
File: breakingnews.jpg (37 KB, 640x360) Image search: [Google]
breakingnews.jpg
37 KB, 640x360
>it allows an attacker-developed add-on to conceal its malicious behavior
Holy fucking shit, stop the presses!

OP you're a retard
>>
Anonymous 2016-04-06 07:14:02 Post No.53894188
[Report]
Anonymous 2016-04-06 07:14:02 Post No.53894188 [Report]
>>53893698
That happens whenever you click around on a 4chan page while the captcha thing is loading. If you click on that image, like the window tells you to try, it'll switch to an image of the 4chan page you're on, where you clicked.
>>
Anonymous 2016-04-06 07:19:49 Post No.53894247
[Report]
Anonymous 2016-04-06 07:19:49 Post No.53894247 [Report]
>The researchers noted that attackers must clear several hurdles for their malicious add-on to succeed. First, someone must go through the trouble of installing the trojanized extension. Second, the computer that downloads it must have enough vulnerable third-party add-ons installed to achieve the attackers' objective.

Oh, look, it's fucking nothing.
>>
Anonymous 2016-04-06 07:23:38 Post No.53894286
[Report] Image search: [Google]
Anonymous 2016-04-06 07:23:38 Post No.53894286 [Report]
File: THEYknowSHUTITD.png (25 KB, 322x595) Image search: [Google]
THEYknowSHUTITD.png
25 KB, 322x595
>>53893377
>>
Anonymous 2016-04-06 07:25:12 Post No.53894304
[Report]
Anonymous 2016-04-06 07:25:12 Post No.53894304 [Report]
>HOLY SHIT THERE IS A VULNRABILITY IN SOFTWARE (YOU) USE
>...but you have let the attacker install x on your...
every
single
time
>>
Anonymous 2016-04-06 07:59:06 Post No.53894638
[Report]
Anonymous 2016-04-06 07:59:06 Post No.53894638 [Report]
firecucks is ded
>>
Anonymous 2016-04-06 08:07:18 Post No.53894694
[Report]
Anonymous 2016-04-06 08:07:18 Post No.53894694 [Report]
>>53894304
it's the war on general purpose computing.

before:
>omg, malware is dangerous because it can do shit without you knowing

now:
>omg, malware is dangerous because it does shit after you install it

curated walled gardens is the future.
>>
Anonymous 2016-04-06 09:29:18 Post No.53895378
[Report]
Anonymous 2016-04-06 09:29:18 Post No.53895378 [Report]
>>53893698
>using new captcha
>>
surrealdeal 2016-04-06 09:32:53 Post No.53895410
[Report] Image search: [Google]
surrealdeal 2016-04-06 09:32:53 Post No.53895410 [Report]
File: hqdefault.jpg (13 KB, 480x360) Image search: [Google]
hqdefault.jpg
13 KB, 480x360
> extensions can be hacked if they are hacked

you don't fucking say.........
>>
Anonymous 2016-04-06 09:41:46 Post No.53895495
[Report]
Anonymous 2016-04-06 09:41:46 Post No.53895495 [Report]
>>53893377
What a waste of dubs.
>>
Anonymous 2016-04-06 10:08:52 Post No.53895717
[Report]
Anonymous 2016-04-06 10:08:52 Post No.53895717 [Report]
>>53895495
fuck you
>>
Anonymous 2016-04-06 11:13:35 Post No.53896290
[Report]
Anonymous 2016-04-06 11:13:35 Post No.53896290 [Report]
>>53894286
Better than fucking uhide origin. If I wanted just to hide ads I would close my eyes.
>>
Anonymous 2016-04-06 11:14:37 Post No.53896294
[Report]
Anonymous 2016-04-06 11:14:37 Post No.53896294 [Report]
>>53894694
>curated walled gardens is the future.
I only trusted Steve Jobs as my walled garden curator and he's dead.
>>
Anonymous 2016-04-06 11:19:44 Post No.53896333
[Report] Image search: [Google]
Anonymous 2016-04-06 11:19:44 Post No.53896333 [Report]
File: fnothing.png (44 KB, 440x360) Image search: [Google]
fnothing.png
44 KB, 440x360
>>53893377
>Unlike many browsers, Firefox doesn't always isolate an add-on’s functions.

I wonder if that's because other browser are chromium with different make up or IE/Edge.

>First, someone must go through the trouble of installing the trojanized extension.
>Second, the computer that downloads it must have enough vulnerable third-party add-ons installed to achieve the attackers' objective
>>
Anonymous 2016-04-06 11:29:28 Post No.53896429
[Report]
Anonymous 2016-04-06 11:29:28 Post No.53896429 [Report]
Why would anyone support Firefox management team at this point? They are intentionally crashing their show. I really don't want to have to learn greasemonkey or similar filtering, but its becoming necessary is a possibility now, fuck.
>>
Anonymous 2016-04-06 11:33:19 Post No.53896461
[Report] Image search: [Google]
Anonymous 2016-04-06 11:33:19 Post No.53896461 [Report]
File: 1443812294124.jpg (25 KB, 600x385) Image search: [Google]
1443812294124.jpg
25 KB, 600x385
>>53893377
>First, someone must go through the trouble of installing the trojanized extension. Second, the computer that downloads it must have enough vulnerable third-party add-ons installed to achieve the attackers' objective.
Trust OP to just read the title.
>>
Anonymous 2016-04-06 11:42:31 Post No.53896558
[Report]
Anonymous 2016-04-06 11:42:31 Post No.53896558 [Report]
>>53893377
>The researchers noted that attackers must clear several hurdles for their malicious add-on to succeed. First, someone must go through the trouble of installing the trojanized extension
It's fucking nothing.
"if you download a trojan bad things will happen!!"
whoa, really?
Thread replies: 25
Thread images: 7
banner
banner
[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Home]
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
If a post contains personal/copyrighted/illegal content you can contact me at [email protected] with that post and thread number and it will be removed as soon as possible.
DMCA Content Takedown via dmca.com
All images are hosted on imgur.com, send takedown notices to them.
This is a 4chan archive - all of the content originated from them. If you need IP information for a Poster - you need to contact them. This website shows only archived content.