Remova os Addons de Firefox, melhore a segurança
Junho 4o, 2007 · por David Bradley
Usando determinados addons de Firefox, tais como o Google popular, os addons de Facebook, e de LinkedIn, podiam deixar seu computador aberto aos hackers, de acordo com o perito da segurança e o estudante graduado da universidade de Indiana no informatics Christopher Soghoian. Thankfully, as ferramentas tais como NoScript, Greasemonkey, e AdBlock mais são seguras. Os problemas podem levantar-se, dizem Soghoian, por causa da maneira que os gostos do addon de Facebook são updated através de um sistema externo Mozilla do usuário melhor que do pai de Firefox.
Os Addons afetados pelo vulnerability da segurança incluem:
- Google Toolbar e sincronização do Browser de Google
- Yahoo Toolbar
- Extensão de Del.icio.us
- Facebook Toolbar
- AOL Toolbar
- Ask.com Toolbar
- Browser Toolbar de LinkedIn
- Netcraft Anti-Phishing Toolbar
- PhishTank SiteChecker
Os “usuários são vulneráveis e são em risco de um atacante que instala silenciosamente o software malicioso em seus computadores. Esta possibilidade existe sempre que o usuário não pode confiar em sua conexão do domain name server (DNS) ou de rede. Os exemplos deste incluem redes wireless públicas, e os usuários conectados aos routers home comprometidos,” dizem Soghoian em his blogspot ligeiro do paranoia.
Lendo entre as linhas, entretanto, sugestão de Soghoian essa nós todos removemos estes addons “comerciais” em uma vez, somos talvez uns pequenos sobre o alto. Se você lata confíe em seu DNS, nunca use o acesso wireless público e tenha bastante compreensão de sua instalação do router para assegurá-lo não são comprometidos com esse método (o assegure simplesmente ajustam uma senha nova e nunca usam o defeito!), então você deve ser perfeitamente seguro.
Os milhões das reivindicações de Soghoian dos usuários são em risco, e poderiam ser vítima ao software malicioso que está sendo instalado em seu computador que poderia hijack sessões da e-operação bancária, rouba email, emite o Spam de sua máquina. Adiciona aquele, “somente aqueles [addons] que downloaded do oficial Add-Ons de Firefox a página é segura.
Outro, principalmente comercial, as extensões afflicted também dizem Soghoian, que recomenda o uninstall do usuário todos estes addons durante a liberação dos remendos da segurança que impossibilitam as edições.
Sendo dito como Firefox poderoso e seguro seria comparado com outros browsers altamente suscetíveis, talvez a maré está girando agora. Talvez é hora de descascar para trás nossos browsers e funcionamento com uma aproximação do minimalist - nenhuns addons, nenhuns tweaks, nenhuns encaixes. Poderia tornar-se muito aborrecido, muito rapidamente. Assim, instead, esteja muito ciente do problema, certificam-se que você segurança-está permitido sempre que você conecta wirelessly ou com um DNS que não seja fornecido por seu ISP (OpenDNS é uma alternativa melhor do que o DNS oferecido por um ponto de acesso.) mas, sobretudo, não deixa seu router que funciona com as senhas do defeito. Lists of default passwords are available across the web to wouldbe criminals. Better safe than sorry.
In case you were curious as to where you had heard the name Christopher Soghoian before, he was infamously raided by the FBI in 2006 for posting information about airport security that allegedly jeopardized homeland security. Hence the odd photo of him on his site in orange overalls being rubber-gloved by an officer of the law, presumably.
For a quick run through of removing Firefox addons check out this post. And, if you want to be really secure, disconnect your internet connection and uninstall Firefox altogether and maybe taking up gardening instead.
Add me on StumbleUpon
Join me on Facebook
Browse my Flickr Photos
Follow my Tumblr Page
Check out my Pownce Profile
Follow my Twitters
Network with me on LinkedIn
Shout me on Digg
12 responses so far ↓
David Bradley // Jun 4, 2007 at 12:17 pm
By the way, if you run your Windows machine under a limited user account to help protect you from malicious installs, then don’t think you are safe from this exploit in Firefox. Firefox will update and install addons regardless of the status of the logged in user (a bit of a bummer in terms of security, really).
Wayne Smallman // Jun 5, 2007 at 8:16 pm
“This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers,†says Soghoian…”
As you mention, the implications here are immense. Quite sobering, in fact.
Good job I’m on OpenDNS, as well.
Additionally, this could be the very tip of a whole new class of Internet fraud…
David Bradley // Jun 5, 2007 at 10:21 pm
Yep, readers should check out the review of OpenDNS on this site and Wayne’s earlier review of OpenDNS
Hsien Lei // Jun 6, 2007 at 9:01 am
UGH. Another thing to worry about. The other day, I went to a site I visit frequently and my Google Desktop told me there was potential malware on it. Turned out it was one of the ads being served and probably only to users in W. Europe and Asia. @#!
David Bradley // Jun 6, 2007 at 10:53 am
It is the way of the world Hsien, I’m afraid. Even more bad news from Poland via zdnet yesterday - apparently numerous security holes have been opened up in the fully patched versions of Internet Explorer and Firefox.
Tom // Jun 6, 2007 at 12:20 pm
Rumors abound that Firefox 3 will have an antimalicious streak.
Wayne Smallman // Jun 6, 2007 at 11:33 pm
I say let’s start a Neo-Luddite commune in, err .. Doncaster, and get back to basics!
David Bradley // Jun 7, 2007 at 8:11 am
Sunny Donny, hey? Or, Nottingham, even…
Tom // Aug 3, 2007 at 7:43 pm
Fuzzers poke at programs in search of vulnerabilities that can arise when an application receives data it doesn’t expect. Now, Mozilla (producers of Firefox) are unleashing these hacker tools on to the net in the hope that the community will spot security loopholes before hackers/crackers and alert other users and Mozilla itself before such problems become serious.
http://blogs.pcworld.com/staffblog/archives/005059.html
Tom
mack // Aug 23, 2007 at 10:20 pm
1) how can firefox addons be DELETED?
2) why does all typing, now, since the installation of firefox show a series of small red dots under everything in email?
3) this new install has taken over everything - 40% of the screen =- and is a nuisance!
David Bradley // Aug 24, 2007 at 8:35 am
mack, removing firefox addons is relatively easy. go into the Tools menu, slide down the menu and click Addons. A box will appear with those you have installed. Simply select the ones you no longer which to run and hit the Uninstall button. Restart FF and they will be gone.
As to the red dots…are they spelling errors?
To what new install are you referring? The latest version of Firefox or an Addon? Have you tried cascading or tiling your windows from the toolbar (assuming you’re on XP) and then resizing them to your preference?
db
Wardriving coming to a Wi-Fi hub near you! // Oct 8, 2007 at 10:09 pm
[…] further than my news feeds. So I do today as I did yesterday. And on this occassion, I happen upon an interesting topic over on David Bradley’s Science Text concerning Firefox security issues: “Using certain Firefox addons, such as the popular Google, Facebook, and LinkedIn Add-Ons, could […]
Leave a Comment