 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Mozilla shipped worm with Firefox add-on | |
|
||
| Time: 09:07 EST/14:07 GMT | News Source: ComputerWorld | Posted By: Jonathan Tigner | ||
|
Mozilla Corp. yesterday warned users about a worm that slipped into Firefox's Vietnamese language add-on and went undetected for months. The malware-infected file has been pulled from Mozilla's servers. "The Vietnamese language pack for Firefox 2 contains inserted code to load remote content," Window Snyder, Mozilla's chief security executive, confirmed in a post to the company's blog on Wednesday. "Everyone who downloaded the most recent Vietnamese language pack since Feb. 18, 2008, got an infected copy." According to Snyder, the download count for the add-on since last November has been 16,667. "So we anticipate the impact on users to be limited," she said. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 14 of 14 |
This is an archived static copy of ActiveWin.com. |
| #1 By 23603 (74.57.49.167) at Friday, May 09, 2008 10:22:52 AM |
|
Glad I don't use FireFox...
That is and always will be the problem with open source software... you never exactly what you are downloading. Long live IE8 (beta1 :-) |
| #3 By 2960 (72.196.195.185) at Friday, May 09, 2008 10:50:56 AM |
| Old news. Was reported days ago. |
| #4 By 92283 (142.25.203.200) at Friday, May 09, 2008 12:28:44 PM |
|
"Snyder said that Mozilla would boost the number of times it scanned files for malware. "We are also adding after-the-fact scans of everything to address this sort of case in the future," she said.
Developers on Bugzilla, however, argued whether that was feasible. "Ideally, yes, except that we get new definitions on average every six hours or so and it takes over a week to virus-scan the entire FTP server," said Mozilla's Miller as he replied to a proposal to rescan after every signature update. " They need to get a faster ftp server. |
| #5 By 15406 (216.191.227.68) at Friday, May 09, 2008 01:02:26 PM |
|
#1: That is and always will be the problem with open source software... you never exactly what you are downloading.
That's got to be about the silliest comment I've read on ActiveWin in a while. With closed source, you have no idea what you're getting. With open source, you have the option of viewing & compiling the code yourself instead of trusting the binaries provided. #2: Good reply. |
| #6 By 92283 (142.32.208.233) at Friday, May 09, 2008 01:22:21 PM |
|
"With open source, you have the option of viewing & compiling the code yourself instead of trusting the binaries provided"
But clearly no one did. |
| #7 By 92283 (142.32.208.233) at Friday, May 09, 2008 01:22:25 PM |
|
... This post was edited by NotParkerToo on Friday, May 09, 2008 at 13:22. |
| #8 By 23275 (68.186.182.236) at Friday, May 09, 2008 02:05:28 PM |
|
Clearly Moz/Ff is not the secure wunderkind it was held out to be, and this last business is but one example.
For my money, I would prefer to stick with "a plan" - that being executed under the SDL and manifest in the effective layered approach Microsoft has adopted. Similarly, and with equal clarity, the Internet evolved and the companies serving it have evolved with it - threats matured and so now have the methods used to deal with them. FOSS/OSS has one way and it has proven to be at least as porous as MS was pre 2004 - before the SDL and Trustworthy Computing Initiative first began to show some teeth. Four years later, Microsoft is exactly where they should be, leading from the front and setting a good example for all. Now... Moz/FF get back with MS and enabled securable objects, the UIPI and bake them into FF as your own version of Protected MODE - it alongside UAC and ASLR in x64 Vista simply work! And don't even get me started on the dated and overly simple read, write execute BS security in the *nix - it simply does not compare to the model found in Windows Vista - most especially x64 *Happy Mother's Day!* |
| #9 By 23603 (69.70.34.2) at Friday, May 09, 2008 02:52:04 PM |
|
@tgnb
2 years old article...come on.. You can do better then that. @latch Read my comment again blindy "you never exactly what you are downloading". I did not mentionned anything about viewing and recompiling. |
| #10 By 143 (65.221.158.226) at Friday, May 09, 2008 04:26:15 PM |
| You think that's bad wait when apps start running in FF. It will be like the old days when ActiveX first came out. |
| #11 By 7797 (72.229.133.104) at Friday, May 09, 2008 05:01:12 PM |
| @EQ23 I don't have to do better than that for the point i made! |
| #12 By 20505 (216.102.144.11) at Friday, May 09, 2008 08:06:56 PM |
|
Hey ya'll,
I'll give you one of my philosophies of life. At some point you must trust someone, otherwise you end up like Howard Hughes. So the question is... who do you really trust (the evening news? ms? your doctor? your mom?)? |
| #13 By 143 (74.129.194.180) at Saturday, May 10, 2008 02:18:12 PM |
|
@#12
Give me your credit card number and we'll talk about trust. ;) |
| #14 By 15406 (216.191.227.68) at Monday, May 12, 2008 08:34:18 AM |
|
#8: Yep, gotta love that MS security:
/awin/comments.asp?HeadlineIndex=43653&Group=1 /awin/comments.asp?HeadlineIndex=43672&Group=1 But I must agree with you. Having a web browser language pack infected by a Windows virus MUST mean that the entire security model for Unix and FOSS in general is completely invalid. Good thing that this kind of thing has never happened to Microsoft or you would have to judge them the same way, right? |
