The team of engineers behind Mozilla’s Firefox browser is supposedly contemplating the implementation of silent updates to create a better user experience for its customers. While such a move would definitely be less irritating for users in the short run and help ensure that they are running the browser in its most up to date version, some wonder if the potential security risks involved outweigh any advantages silent updates would bring to the table.
As it stands, Firefox users are given a notification when a browser update is available. Once they accept the update, the Firefox updater program initiates to download and install the latest version. A progress bar appears onscreen to give users a visual representation of the time left for installation. Once the installation is complete, the Firefox restarts and is good to go with all of the latest improvements.
Although the current Firefox updating process is not all that bad, Firefox engineers feel that the silent updating alternative will speed things up for its users. Updates would be downloaded in the background to prevent any interruptions. The downloaded updates would then be installed on a copy of Firefox in a brand new directory. The newest browser version would become active once a user re-launches Firefox, replacing the older version. “Now, the reason that this approach fixes the problem is that swapping the directories, unlike the actual process of applying the update, is really fast,” wrote Ehsan Akhgari, a Firefox engineer, in a recent Mozilla blog. Such a system would offer a more streamlined updating process, but Akhgari noted that users would not know that an update was applied since no UI is shown, which could be seen as counterproductive.
Philip Lieberman is one security expert who believes that Mozilla’s proposed silent updating for Firefox could backfire. Lieberman, who is the founder and president of password management solutions provider Lieberman Software, discussed his concerns in a recent article in Business Computing World. He wrote, “While many IT security systems will have to be reconfigured to allow background updates to Firefox--which is not a good thing in the first place--there is danger that hackers could subvert the update system to allow them back-door access to the users’ computer.” The sacrifice needed to make updating faster and less irritating could be damaging in the long run, and Lieberman explained the consequences. “If, as I think appears quite likely, hackers start reverse engineering the Firefox background updating system--and remember we are talking about open source software here--then it is only a matter of time before they subvert this auto-updating mechanism to inject malware,” he added.
As for his beliefs in how the updating process should occur, Lieberman stated that those with administrative privileges should have complete control over the downloading and installation of any new versions of Firefox, as well as software in general. This holds true for both consumer and corporate environments. By moving to a silent updating process, Lieberman argued that Mozilla could open the door to hackers, which might be a recipe for disaster.
For more on this topic, visit http://www.pcworld.com/article/244612/silent_updates_proposed_for_firefox_are_a_bad_security_risk.html
Facebook Threatens Those Behind Recent Shock Spam Attacks
A recent burst of so-called shock spam on Facebook has the social network promising legal action against those responsible. Facebook released a statement to the media noting that it had assembled a team dedicated to stop the massive attacks that caused pornography and other forms of shock spam to mysteriously appear in news feeds.
Facebook’s public statement told the media and its users that its special enforcement team “has already identified those responsible and is working with our legal team to ensure appropriate consequences follow.” While such a statement may seem like an ideal threat to some, Facebook does have a history of taking strong action against those that cross its path with malicious intentions. One has to look no further than the case of Sanford Wallace, a spam king who allegedly hit the social network with 27 million spam messages and phishing attacks between 2008 and 2009. Facebook won an indictment against Wallace earlier this year.
Regarding the latest shock spam attack, Facebook has announced that it has identified the perpetrators. Some suggested that the hacker group Anonymous was behind the attack, but that has been ruled out since it is not in accordance with the group’s style and they already called off any planned attacks set for the beginning of November.
For more on this topic, visit http://www.pcworld.com/article/244101/facebook_to_porn_spammers_we_know_who_you_are.html
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting Security Articles
More By wubayou