It looks like the database of 44,000 inactive addons.mozilla.org accounts has been mistakenly left on a public Mozilla server.
According to the official blog post, it affects accounts created prior to April 9th, 2009 that use older, md5-based password hashes. As of today, all the data is secured with SHA-512 password hash.
Impacted users were notified on December 27th and potential treat has been already removed.
Thomas Ford, the PR Manager of Opera Software has also raised some concerns about the recent NSS Labs Report results (where Opera scored 0%) and responded with the following statement (as from ConceivablyTech email).
We have some concerns with the results posted by NSS. First, we are unclear as to why they received no results. We use AVG and Yandex, among others, for our fraud protection solution. Both have performed well in our testing. It is odd that they received no results from our data providers.
The latter could indicate that what NSS Labs actually tests is the providers that Microsoft uses in IE. As such, the test almost becomes a QA test of Microsoft’s own system rather than a real test.
With the recent release of NSS Labs Security Research Report, Google has responded with the following statement:
These sponsored tests are limited in their sole focus on socially engineered malware, while excluding vulnerabilities in plug-ins or browsers themselves. Additionally, the testing methodology isn’t available in a way that can be independently verified. Google Chrome was built with security in mind from the beginning and emphasizes protection of users from drive-by downloads and plug-in vulnerabilities — for example, we recently introduced a new security sandbox for Flash Player.
As a reminder: Google Chrome 6 blocked 3.4% of all socially engineered malware, while IE9 – 99%.
Follows Internet Explorer.
Mozilla’s chief executive, Gary Kovacs while talking about Firefox 4 in Mountain View, California addressed user privacy issues and promised to deliver “Do Not Track” button in the first part of next year.
“The idea of ‘Do Not Track’ is interesting, but there doesn’t seem to be consensus on what ‘tracking’ really means, nor how new proposals could be implemented in a way that respects people’s current privacy controls,” said Google.
The Federal Trade Commission has also suggested adding such mechanism back in December.
Or so it seems.
NSS Labs tested 5 most popular web browsers to find out, which one of them offer the best protection against malware.
Tested web browsers
Google Chrome 6.0.472.63
Windows Internet Explorer 8 (build 8.0.7600.16385)
Windows Internet Explorer 9 pre-BETA (build 9.0.7930.16402)
Mozilla Firefox 3.6.10
Opera 10.62 (build 3500)
Safari 5.0.1 (7533.17.8)
Ad block reloaded.
The upcoming Internet Explorer 9 RC build (set for an early 2011 release) will include a couple of tracking protection features, Microsoft revealed earlier this week.
According to the official video, Tracking Protection will allow users to discover, who is tracking their activity, while Tracking Protection Lists provides them with a solution to easily block such sites from requesting their data.
Recent Federal Trade Commission (FTC) report might have an impact on Microsoft’s decision for such feature implementation.
Thanks, RamaSubbu SK.
From useful to dangerous.
It looks like Websockets aren’t so great after all (at least in the short term). According to Mozilla and Opera posts, both companies will be disabling support for such technology until serious security flaws are fixed.
Recently, Adam Barth has shared a security study findings that raised a red flag for the current state of Websockets protocol.