Jump to content

Search the Community

Showing results for tags 'extensions'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. In an effort to head off the problem of malicious or misbehaving browser add-ons, Mozilla is planning to require developers to have their Firefox extensions signed by the company in the near future. As much of users’ computing has moved into their browsers in the last few years, extensions and add-ons have become important tools. There are an untold number of useful extensions for most of the major browsers, but there are also are plenty of malicious ones. Attackers have been known to insert extensions into browser Web stores or other download sites in order to steal users’ data or perform other malicious actions. There also are all kinds of somewhat legitimate extensions that may collect more data than they disclose to users or perform unwanted actions. To defeat this problem, Google requires developers to distribute their extensions through the Chrome Web store. However, Mozilla officials said they didn’t want to take that approach. “We’re responsible for our add-ons ecosystem and we can’t sit idle as our users suffer due to bad add-ons. An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions. However, we believe that forcing all installs through our distribution channel is an unnecessary constraint. To keep this balance, we have come up with extension signing, which will give us better oversight on the add-ons ecosystem while not forcing AMO to be the only add-on distribution channel,” Jorge Villalobos of Mozilla said in a blog post. The idea is that sometime in the second quarter, Mozilla will begin requiring developers to submit their extensions and add-ons to AMO, the company’s main distribution channel for those apps. Each submission will go through a review process to ensure that it doesn’t exhibit any malicious or undocumented behavior. If the developer plans to host her extension on AMO and it passes the check, Mozilla will automatically sign it. If the developer plans to host the extension elsewhere, it will go through the same process and be sent back signed if it passes muster. The change will mean that after a transition period of about three months, users won’t be able to install any unsigned extensions on either the Release or Beta versions of Firefox. Villalobos said the company plans to begin displaying warnings about unsigned extensions in Firefox 39. This move by Mozilla will give users more confidence in the extensions and add-ons they’re installing. “Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into Web pages or even inject malicious scripts into social media sites. To combat this, we created a set of add-on guidelines all add-on makers must follow, and we have been enforcing them via blocklisting (remote disabling of misbehaving extensions). However, extensions that violate these guidelines are distributed almost exclusively outside of AMO and tracking them all down has become increasingly impractical. Furthermore, malicious developers have devised ways to make their extensions harder to discover and harder to blocklist, making our jobs more difficult,” Villalobos said. Source
×
×
  • Create New...