Web Hosting Security

  Home arrow Web Hosting Security arrow Firefox Silent Updates Bad for Securit...
Web Hosting Articles  
Web Hosting FAQs  
Web Hosting How-Tos  
Web Hosting News  
Web Hosting Reviews  
Web Hosting Security  
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
WEB HOSTING SECURITY

Firefox Silent Updates Bad for Security?
By: wubayou
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 2
    2011-11-30

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     

    SEARCH WEB HOSTERS

    TOOLS YOU CAN USE

    advertisement
    The team of engineers behind Mozilla’s Firefox browser is supposedly contemplating the implementation of silent updates to create a better user experience for its customers. While such a move would definitely be less irritating for users in the short run and help ensure that they are running the browser in its most up to date version, some wonder if the potential security risks involved outweigh any advantages silent updates would bring to the table.

    As it stands, Firefox users are given a notification when a browser update is available.  Once they accept the update, the Firefox updater program initiates to download and install the latest version.  A progress bar appears onscreen to give users a visual representation of the time left for installation.  Once the installation is complete, the Firefox restarts and is good to go with all of the latest improvements.

    Although the current Firefox updating process is not all that bad, Firefox engineers feel that the silent updating alternative will speed things up for its users.  Updates would be downloaded in the background to prevent any interruptions.  The downloaded updates would then be installed on a copy of Firefox in a brand new directory.  The newest browser version would become active once a user re-launches Firefox, replacing the older version.  “Now, the reason that this approach fixes the problem is that swapping the directories, unlike the actual process of applying the update, is really fast,” wrote Ehsan Akhgari, a Firefox engineer, in a recent Mozilla blog.  Such a system would offer a more streamlined updating process, but Akhgari noted that users would not know that an update was applied since no UI is shown, which could be seen as counterproductive.

    Philip Lieberman is one security expert who believes that Mozilla’s proposed silent updating for Firefox could backfire.  Lieberman, who is the founder and president of password management solutions provider Lieberman Software, discussed his concerns in a recent article in Business Computing World.  He wrote, “While many IT security systems will have to be reconfigured to allow background updates to Firefox--which is not a good thing in the first place--there is danger that hackers could subvert the update system to allow them back-door access to the users’ computer.”  The sacrifice needed to make updating faster and less irritating could be damaging in the long run, and Lieberman explained the consequences.  “If, as I think appears quite likely, hackers start reverse engineering the Firefox background updating system--and remember we are talking about open source software here--then it is only a matter of time before they subvert this auto-updating mechanism to inject malware,” he added.

    As for his beliefs in how the updating process should occur, Lieberman stated that those with administrative privileges should have complete control over the downloading and installation of any new versions of Firefox, as well as software in general.  This holds true for both consumer and corporate environments.  By moving to a silent updating process, Lieberman argued that Mozilla could open the door to hackers, which might be a recipe for disaster.

    For more on this topic, visit http://www.pcworld.com/article/244612/silent_updates_proposed_for_firefox_are_a_bad_security_risk.html

    Facebook Threatens Those Behind Recent Shock Spam Attacks

    A recent burst of so-called shock spam on Facebook has the social network promising legal action against those responsible.  Facebook released a statement to the media noting that it had assembled a team dedicated to stop the massive attacks that caused pornography and other forms of shock spam to mysteriously appear in news feeds.

    Facebook’s public statement told the media and its users that its special enforcement team “has already identified those responsible and is working with our legal team to ensure appropriate consequences follow.”  While such a statement may seem like an ideal threat to some, Facebook does have a history of taking strong action against those that cross its path with malicious intentions.  One has to look no further than the case of Sanford Wallace, a spam king who allegedly hit the social network with 27 million spam messages and phishing attacks between 2008 and 2009.  Facebook won an indictment against Wallace earlier this year. 

    Regarding the latest shock spam attack, Facebook has announced that it has identified the perpetrators.  Some suggested that the hacker group Anonymous was behind the attack, but that has been ruled out since it is not in accordance with the group’s style and they already called off any planned attacks set for the beginning of November.

    Despite the existence of the Facebook Immunity System (FIS), spam and other attacks are still managing to seep through the social network’s cracks.  The recent host of shock spam was able to spread by tricking members into pasting JavaScript code into their browsers’ address bars, which lead to the sharing of vile material with friends across the network.  Facebook has done a good job so far in cleaning up the offensive spam, but Mike Geide of the Zscaler blog noted that the problems still exist.  “Facebook has cleaned up most of the offensive content from in the recent campaign.  But doing some specific searches I was able to find some examples of this self-inflicted JS injection technique being used on Facebook,” he said.  To keep from spreading spam yourself, it is encouraged that you refrain from pasting computer code into your browser’s URL bar.

    For more on this topic, visit http://www.pcworld.com/article/244101/facebook_to_porn_spammers_we_know_who_you_are.html


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More Web Hosting Security Articles
    More By wubayou

    WEB HOSTING SECURITY ARTICLES

    - For Online Security, Invest in People
    - World`s Third-Largest Botnet Bites the Dust
    - Yahoo Security Breach Highlights Poor Practi...
    - How to Prevent Mobile Malware
    - FBI Issues Internet Security for Travelers a...
    - More of the Top Internet Scams
    - How to Stop Phishing Scams
    - Social Networking Safety Tips
    - How to Avoid Financial Fraud Online
    - Android`s Most Notorious Trojans and Viruses
    - GFI Report Details Top 10 Threat Detections ...
    - Sophos Releases Security Threat Report 2012
    - Facebook Safety Tips for 2012
    - Email Scam Hits Apple Users
    - Tips for Mobile Security

    Developer Shed Affiliates

     




    © 2003-2014 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap