信號無花果主頁 信號無花果Newsfeed 信號無花果由Email 信號無花果多數普遍的崗位
有效數字
幫助您,通過幫助以blogging,瀏覽和技術技巧

搜尋二幾天 促進您的Blog與球形

去除Firefox添加物,改進安全

2007年6月4日 · 由大衛布雷得里

Firefox商標使用某些Firefox添加物,例如普遍的Google, Facebook和LinkedIn添加物,在信息學克里斯托弗Soghoian方面能把您的計算機留在開放對黑客,根據安全專家和印第安納大學研究生。 感激地,工具例如NoScript、Greasemonkey和AdBlock加上是安全的。 問題可能出現,說Soghoian,由於Facebook addon喜歡通過一個外在服務器而不是Firefox的父母系統Mozilla是更新的方式。

安全漏洞的影響的添加物包括:

  • Google工具欄和Google瀏覽器Sync
  • 雅虎工具欄
  • Del.icio.us引伸
  • Facebook工具欄
  • AOL工具欄
  • Ask.com工具欄
  • LinkedIn瀏覽器工具欄
  • Netcraft Anti-Phishing工具欄
  • PhishTank SiteChecker

「用戶是脆弱的并且是沈默地安裝惡意軟件的在危险中攻擊者在他們的計算機。 這種可能性存在,每當用戶不可能信任他們的域名服務器(DNS)或網絡連接。 此的例子包括公開無線網絡,并且用戶被聯絡到妥協的家庭路由器」,在他的說Soghoian 輕微的偏執狂blogspot.

讀在線之間,然而, Soghoian的建議我們全部立即去除這些「商業」添加物或許,是一點在上面。 如果您 罐頭 信任您的DNS,從未使用公開無線通入并且有對您的路由器設定的足够的理解保證您沒有通過那個方法妥協(簡單地保證您設置一個新口令和從未使用缺省!)您應該然後是完全安全的。

Soghoian的要求成千上萬用戶是在危险中,并且可能是受害者對在可能劫持e銀行業務會議,竊取電子郵件,從您的機器送發送同樣的消息到多個新聞組的您的計算機安裝的惡意軟件。 他增加那, 「從官員被下載了仅的那些[添加物] Firefox添加物 頁是安全的。

其他,主要商務,引伸也被折磨說Soghoian,推薦用戶卸載所有這些添加物等待的安全補丁發行阻止問題。

告訴怎麼強有力和安全Firefox與其他高度易受影響的瀏覽器比較,或許浪潮現在轉動。 可能是時間剝離我們的瀏覽器和跑以最低綱領派方法-沒有添加物,沒有扭動,沒有插入。 它可能非常迅速變得非常乏味。 如此,反而,知道非常問題,確定您安全使能,每當您連接無線或通過您的ISP沒有提供的DNS (OpenDNS比訪問接入點提供的DNS是一個更好的選擇。),但,最重要,不留給您的路由器運行默認密碼。 Lists of default passwords are available across the web to wouldbe criminals. Better safe than sorry.

In case you were curious as to where you had heard the name Christopher Soghoian before, he was infamously raided by the FBI in 2006 for posting information about airport security that allegedly jeopardized homeland security. Hence the odd photo of him on his site in orange overalls being rubber-gloved by an officer of the law, presumably.

For a quick run through of removing Firefox addons check out this post. And, if you want to be really secure, disconnect your internet connection and uninstall Firefox altogether and maybe taking up gardening instead.

12 responses so far ↓

  • David Bradley // Jun 4, 2007 at 12:17 pm

    By the way, if you run your Windows machine under a limited user account to help protect you from malicious installs, then don’t think you are safe from this exploit in Firefox. Firefox will update and install addons regardless of the status of the logged in user (a bit of a bummer in terms of security, really).

  • Wayne Smallman // Jun 5, 2007 at 8:16 pm

    “This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers,” says Soghoian…”

    As you mention, the implications here are immense. Quite sobering, in fact.

    Good job I’m on OpenDNS, as well.

    Additionally, this could be the very tip of a whole new class of Internet fraud…

  • David Bradley // Jun 5, 2007 at 10:21 pm

    Yep, readers should check out the review of OpenDNS on this site and Wayne’s earlier review of OpenDNS

  • Hsien Lei // Jun 6, 2007 at 9:01 am

    UGH. Another thing to worry about. The other day, I went to a site I visit frequently and my Google Desktop told me there was potential malware on it. Turned out it was one of the ads being served and probably only to users in W. Europe and Asia. @#!

  • David Bradley // Jun 6, 2007 at 10:53 am

    It is the way of the world Hsien, I’m afraid. Even more bad news from Poland via zdnet yesterday - apparently numerous security holes have been opened up in the fully patched versions of Internet Explorer and Firefox.

  • Tom // Jun 6, 2007 at 12:20 pm

    Rumors abound that Firefox 3 will have an antimalicious streak.

  • Wayne Smallman // Jun 6, 2007 at 11:33 pm

    I say let’s start a Neo-Luddite commune in, err .. Doncaster, and get back to basics!

  • David Bradley // Jun 7, 2007 at 8:11 am

    Sunny Donny, hey? Or, Nottingham, even… ;-)

  • Tom // Aug 3, 2007 at 7:43 pm

    Fuzzers poke at programs in search of vulnerabilities that can arise when an application receives data it doesn’t expect. Now, Mozilla (producers of Firefox) are unleashing these hacker tools on to the net in the hope that the community will spot security loopholes before hackers/crackers and alert other users and Mozilla itself before such problems become serious.

    http://blogs.pcworld.com/staffblog/archives/005059.html

    Tom

  • mack // Aug 23, 2007 at 10:20 pm

    1) how can firefox addons be DELETED?

    2) why does all typing, now, since the installation of firefox show a series of small red dots under everything in email?

    3) this new install has taken over everything - 40% of the screen =- and is a nuisance!

  • David Bradley // Aug 24, 2007 at 8:35 am

    mack, removing firefox addons is relatively easy. go into the Tools menu, slide down the menu and click Addons. A box will appear with those you have installed. Simply select the ones you no longer which to run and hit the Uninstall button. Restart FF and they will be gone.

    As to the red dots…are they spelling errors?

    To what new install are you referring? The latest version of Firefox or an Addon? Have you tried cascading or tiling your windows from the toolbar (assuming you’re on XP) and then resizing them to your preference?

    db

  • Wardriving coming to a Wi-Fi hub near you! // Oct 8, 2007 at 10:09 pm

    […] further than my news feeds. So I do today as I did yesterday. And on this occassion, I happen upon an interesting topic over on David Bradley’s Science Text concerning Firefox security issues: “Using certain Firefox addons, such as the popular Google, Facebook, and LinkedIn Add-Ons, could […]

Leave a Comment

Comments are checked for spam before appearing, no need to post it twice.

Related Posts