“According to Chris Soghoian, the Indiana University doctoral candidate who discovered the weakness, the vulnerability exists for some of the most popular Firefox add-ons, including Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial extensions. Ironically, at least two of the toolbars listed here are designed to help protect users from new security threats.”Here is some more Tech News from around the web:
- Computers Outperform Humans at Recognizing Faces @ Slashdot
- What lurks below Microsoft’s Surface? A brief Q&A with Microsoft @ Ars Technica
- Okidata C6100DN LED Printer Review @ The TechZone
- Father’s Day Gift Guide @ Digital Trends
- OCBible 1.52 Released @ AOA Forums
- Fedora 7 Prime “Moonshine” @ Phoronix
- Mark Shuttleworth Talks Dell, Hardware, Ubuntu 7.10 & More @ Phoronix
- How to turn off the UAC (those annoying confirmation prompts) in Windows Vista @ OCModShop
Beware extensions bearing vulnerabilites
[H]ard|OCP has posted a warning to Firefox users about a vulnerability that can be exploited using a number of add-ons. The problem stems from the extension updates being hosted on a third party server, and being sent unencrypted, as opposed to being over HTTPS. This could allow an attacker to intercept the update, and replace it with their own code.