OzHub, the Macquarie Telecom-led cloud computing alliance, has come down firmly on the side of Optus over the copyright controversy surrounding Optus TV Now, warning that any moves to change the law "risk branding Australia a global luddite state."
According to Symantec senior engineer Candid Wüest, the company has "recently observed an increase in malware that drops malicious BHOs, Firefox extensions, and even Opera user scripts... to maximize their impact on a user's machine."
One avenue that's taken is to drop the malicious extension directly into Firefox's components directory. This means it will be automatically loaded with the browser, but will not show up in the Add-ons window.
Consequently, users are unlikely to know that the extension has been added, or see a mechanism to remove it.
Wüest also noted that "all of the interesting information (such as credit card numbers or passwords) is usually entered through the browser, so it's a perfect playing field for attackers."
While access to the components directory will be denied in Firefox 3.6 (requiring the packaging of add-ons as XPI [cross platform installer] files and forcing them to appear in the Add-ons window), that won't rule out the possibility of malicious extensions - it will just make it harder to create a stealthy mal-extension.
Even if an extension does install in the conventional way, that doesn't mean it isn't malicious.
A paper [PDF, 1.4MB] co-authored by Wüest and Elia Florio of Italy's Data Protection Authority describes - among other things - a number of malicious extensions that carry out activities such as logging and forwarding all form submissions that include a password field, or forwarding all URLs visited.
David Frost
| SYDNEY– February 9, 2012. Gigamon®, the world leader in Traffic Visibility Fabric solutions, announced that it has expanded the breadth and s…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.