News
Mozilla Signs Firefox Add-Ons
Mozilla developer Jorge Villalobos has announced that Mozilla is ready to implement its new program of digitally signing add-on extensions for the Firefox browser. The plan was originally announced back in February. Firefox developers have long taken pride in the extensive and powerful collection of add-on applications that users can easily add to their browser configuration. However, the Firefox team has become alarmed at the number of add-ons that are insecure – or sometimes even malware. According to the original announcement, "Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into web pages or even inject malicious scripts into social media sites."
To combat this misuse of the add-on ecosystem, Mozilla developed a new set of guidelines for add-on developers and implemented the signing process as a means for assuring users that the add-on has been properly vetted.
Mozilla will take a week to create signed versions of existing add-ons. For a transition period of two release cycles (approximately 12 weeks), non-signed add-ons will only trigger a warning in Firefox. After the transition period, release and beta versions of Firefox will not install unsigned extensions.
Weird Worm Burrows into Linux-Based Routers
Security researchers at ESET have released a lengthy report on the Moose malware, a worm that affects Linux-based home routers and embedded gadgets. Attackers appear to have assembled a large botnet of compromised devices through weak passwords.
According to the report, Moose does not install backdoors or rootkits. The goal of the attack appears to be social media fraud. Moose intercepts web cookies and uses them to hijack social media accounts. The schemers apparently deploy the botnet as a social media tool, auto-generating likes, views, and other popularity indicators for a price.
The Register quotes a report from the Rapid 7 security firm stating that 50,000 routers are infected with the Moose worm. Most of the attack traffic targets Twitter and Instagram.
US Government Requires HTTPS
The Obama White House has issued a memorandum telling all US government agencies they must use HTTPS for all websites and web communication. A summary document online, titled "The HTTPS-Only Standard" is a web-friendly version of the White House Office of Management and Budget memo M-15-13, "Policy to Require Secure Connections across Federal Websites and Web Services."
The document states the requirement that "all publicly accessible Federal websites and web services only provide service through a secure connection." According to the doc, Hypertext Transfer Protocol Secure (HTTPS) is the "strongest privacy and integrity protection currently available for public web connections," and it is therefore the protocol of choice for encrypted sessions.
Although many modern websites have adopted HTTPS as the standard web protocol, a vast number of sites still operate on un-encrypted, plain old HTTP. The US federal government has such a huge collection of sites that establishing HTTPS as a minimum standard for privacy could have a ripple effect through the rest of the web. The memo states the principle that "All browsing activity should be considered private and sensitive," which privacy advocates in the US and abroad will welcome.
Although this plan has reportedly been in the works for several months, the announcement might have been timed to appear proactive in the wake of reports about security breaches on government sites, such as the recent massive attack on the US Office of Personnel Management. The NSA scandals have also created a need for the White House to make a statement affirming a general right for privacy, although recent proceedings in the congress and courtroom indicate the administration isn't giving up on its interest in Internet surveillance.
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Juno Tab 3 Launches with Ubuntu 24.04
Anyone looking for a full-blown Linux tablet need look no further. Juno has released the Tab 3.
-
New KDE Slimbook Plasma Available for Preorder
Powered by an AMD Ryzen CPU, the latest KDE Slimbook laptop is powerful enough for local AI tasks.
-
Rhino Linux Announces Latest "Quick Update"
If you prefer your Linux distribution to be of the rolling type, Rhino Linux delivers a beautiful and reliable experience.
-
Plasma Desktop Will Soon Ask for Donations
The next iteration of Plasma has reached the soft feature freeze for the 6.2 version and includes a feature that could be divisive.
-
Linux Market Share Hits New High
For the first time, the Linux market share has reached a new high for desktops, and the trend looks like it will continue.
-
LibreOffice 24.8 Delivers New Features
LibreOffice is often considered the de facto standard office suite for the Linux operating system.
-
Deepin 23 Offers Wayland Support and New AI Tool
Deepin has been considered one of the most beautiful desktop operating systems for a long time and the arrival of version 23 has bolstered that reputation.
-
CachyOS Adds Support for System76's COSMIC Desktop
The August 2024 release of CachyOS includes support for the COSMIC desktop as well as some important bits for video.
-
Linux Foundation Adopts OMI to Foster Ethical LLMs
The Open Model Initiative hopes to create community LLMs that rival proprietary models but avoid restrictive licensing that limits usage.
-
Ubuntu 24.10 to Include the Latest Linux Kernel
Ubuntu users have grown accustomed to their favorite distribution shipping with a kernel that's not quite as up-to-date as other distros but that changes with 24.10.