Most Popular
| Top Stories | Commented | Featured |
Weekend Open Forum: Have you upgraded to Windows 7 yet? What is there to like/not? featured
Tech Tip of The Week: Turn Off your Display Using a Windows Shortcut and More featured
Netflix PS3 streaming arrives tomorrow
Dell's ultra-thin Adamo XPS to ship soon for $1,799
Windows 7 crushed Vista in early launch sales
Nvidia Tegra 2 to double performance, arrive next year?
TS Community
| User Gallery | Recent Discussion |
 sngx1275 by SNGX1275 |  34 Processes, 0% CPU by Fiziks |
 TechSpot at CES 2007 by Julio |  12-20-06_2052 by ambivolent |
TechSpot RSSInformation Technology
Malicious FireFox extension seeks to steal private data
FireFox users beware, a rogue extension dubbed “FormSpy” is out to steal private information. Disguising itself as the very legitimate NumberLinks extension, the malware will actively look for passwords and private information like credit card numbers, as well as monitoring things like FTP and email traffic for private data. Primarily, a user gets infected by this extension through a piece of 3rd party software called Downloader-AXM. While that particular piece of software only affects Windows users, the fact that malicious extensions exist goes to show that ultimately, no matter how much security a system has, the user still has to make up their mind as to what they allow on their machines. You can read McAfee's security response here.
Related Stories
User Comments (4)
Post a comment| DragonMaster on July 26, 2006 6:01 PM | Hopefully, NumberLinks doesn't look as something that is used by a lot of people. (Doesn't seem very useful) Just hoping Mozilla will do something about this -> Make extensions harder to install. They should include this before FFX2 is released.
|
| ThomasNews on July 27, 2006 2:18 AM | Making extensions harder to install for the End User isn't really the solution. The user needs to be more aware of what they are installing & not just blindly clicking Yes to prompts. The only thing I could imagine they would/could do is to valid an extension has been downloaded from Mozilla's secure extension sites/or some Extension whitelist.
|
| spike on July 27, 2006 8:57 AM | I suppose there could be some kind of encrypted signing system, where extentions have to be approved and signed by the Moz/FF community, and firefox will only accept extentions with that signing. It's not the best solution ideologically perhaps, but it works (for now, until the signing were to get cracked).
|
| DragonMaster on July 27, 2006 10:27 PM | The only thing is that an automated script can easily install a new extension just by copying files in the Mozilla folder w/o anyone noticing.
|
