Firefox

(get it in RSS or Atom)

SellHack browser plugin ceases squeezing LinkedIn for hidden email addresses

SellHack logo

The free extension promised to "hack" LinkedIn profiles to get at what should be users' tucked-away, private email addresses. Much to LinkedIn's chagrin, it was doing just that (albeit spottily) until it got LinkedIn's cease and desist order, took the plugin offline and pledged to shape it into something that passes terms of service muster.

Firefox 28.0 takes on the PWN2OWN attacks already

ff-held-250

Firefox 28.0 was released on 18 March 2014, just five days after four exploitable bugs in the browser were disclosed at the PWN2OWN competition.

Paul Ducklin looks at what was fixed...

Browsers pwned, Korean megabreach, hackers phoiled, and Chet Chat turns 4! [VIDEO]

2014-03-15-pwned-250

Which browser plugin withstood PWN2OWN? How big was the latest South Korean megabreach? What happens when hackers attack phishers?

Find out in 60 Second Security...

Firefox 27 is out - Tuesday's second non-Patch-Tuesday update

ff27-250

Even though yesterday wasn't a Patch Tuesday, we ended up with two major browser-related updates: an unscheduled Adobe Flash patch, and an expected one: the update from Firefox 26 to Firefox 27.

Paul Ducklin takes a quick look...

SSCC 133 - Prize unicorns, Android malware, 2FA, Attack reports and Vote For Us! [PODCAST]

sscc-133-thumb-250

Chet and Duck review the week's news in their informed and entertainingly serious style, discussing the prizes on offer at this year's PWN2OWN competition, talking about a new twist in Android malware, and reviewing the latest attack reports from Yahoo and Target...

PWN2OWN 2014 - Find the "exploit unicorn" and win $150,000

unicorn-250

It's called PWN2OWN because if you successfully pwn, or hack into, the competition laptop, you own it *literally* - you get to take it home with you.

But there's also $645,000 in cash up for grabs, including a Grand Prize for finding, wait for it, an "exploit unicorn"...

Firefox 25.0.1 - the security update that wasn't?

fff-250

Firefox just pushed out a minor browser update, bumping its version number from 25.0 to 25.0.1.

Paul Ducklin saw Mozilla's advice that this was "a security and stability update", and went looking for the security fixes...

Microsoft leads the way, setting new cryptographic defaults

ts-cracked-250

Microsoft is upping its game with regards to cryptographic standards. By discontinuing support for the older, weak RC4 cipher and putting Certificate Authorities on note to migrate to SHA-2, it seems to be leading the way to be ready for the future, rather than reacting.

Patch Tuesday November 2013 - Microsoft, Adobe and Google

Patch Tuesday

November's Patch Tuesday includes updates not just from Microsoft, but Adobe and Google as well. Critical patches for Internet Explorer, Chrome and Adobe Flash Player lead the way this month.

SSCC 122 - Facebook hoax, Microsoft 0-day, Android hole and Firefox going forward [PODCAST]

sscc-122-175-250

What a coincidence! A Facebook hoax claming that images can infect your computer...and then a Microsoft zero-day that uses images to infect your computer.

Chet and Duck talk you through the latest news...

Lightbeam shines a light on which websites you're really visiting

Lightbeam

Do you really know where your browser goes when you type a URI into its address bar? Do you realise that that your browser not only accesses the site you intended but may also have visited 3rd party websites running connected services? Mozilla's Lightbeam shows you what's going on.

Firefox moves up to Version 25, fixes a bunch of memory mismanagement problems

A brief reminder for Firefox users: version 25 is out.

As usual, there are some new and tweaked features, plus a fair number of security fixes.

Paul Ducklin takes a quick look...

Copying fingerprints, Firefox trusted, Facebook not, Yahoo recycles - 60 Sec Security [VIDEO]

2013-09-28-60ss-thumb-250

How do you copy fingerprints? Which is the most trustworthy browser? Who will use Facebook for payments? How long does an email address live?

Satisfy your curiosity with this week's 60 Second Security!

Firefox burns Chrome in our trustworthy browser poll

Chrome burns

About a month ago I asked Naked Security readers: Which web browser do you trust? Your answer was emphatic: it's Firefox, and it accrued almost twice the number of votes of its nearest rival, Google Chrome.

Firefox 24 available now! 17 fixes, 7 critical

Firefox250

The Mozilla Foundation released Firefox, Thunderbird and SeaMonkey version 24.0, fixing 17 vulnerabilities.

PWN2OWN for mobile devices - $300,000 in prizes for stealing data, eavesdropping or making covert calls

zdi-250

There's $300,000 up for grabs at HP's Mobile Pwn2Own contest to be held in Tokyo in November 2013.

Paul Ducklin runs through the options of how to get your hands on the cash...

Which web browser do you trust? [Poll]

which-browser-do-you-trust

We no longer choose our web browsers based on bells and whistles. These days its all about privacy and security and we'd like to know which browser (and which vendor) you trust to be your companion on the web.

Monday review - the hot 24 stories of the week

dow-250

It's Monday again, so here's a quick way to get yourself up to date with everything we've written in the last seven days.

Chrome, Firefox display plain-text passwords with a few clicks

Chrome, Firefox display plain-text passwords with a few clicks

An ongoing catfight has boiled up regarding whether these are features or security fright-fests, particularly given that the nontechnical masses aren't liable to know that they can, for example, tell Google not to store passwords or set up a master password in Firefox.

Firefox 23.0 is out - fixes, features and just a tiny bit of frustration

ff-logo-250

Note to Firefox fans: 23.0 is out.

Paul Ducklin, a Firefox fan himself, looks at the many new fixes, one handy new security feature and a nagging frustration in the update...