Language Selection

English French German Italian Portuguese Spanish

Firefox devs mull dumping Java to stop BEAST attacks

Filed under
Moz/FF

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.

Rest here




gotta be a joke

firefox is so full of memory leaks that calling anything else insecure sounds more like m$ calling everyone less secure.

I am using firefox less and less. Chrome runs circles around it AND it is more stable. Even konwueror with wenkit renderer is better than firefox.

The last good firefox release was 3.6 - it has been downhill since then. The mozilla "developers" have gotten fatter after making 100s of millions of dollars from google ads. They don't care anymore- they are corrupt, like RH and their minions.

FF 3.6

Agreed. I've gotten so fed up with the mess that Firefox has become, that I've actually gone BACK to 3.6 on all of my machines.

I don't think that's going to be a good long-term solution, but I don't know what to do in the meantime.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

OpenSUSE 42.2 Alpha

Android/Chromebook

  • No more Android Wear watches says Samsung, Tizen all the way !
    Samsung has been getting pretty serious about its Smartwatches and has certainly excelled with its latest creation, the Tizen based Gear S2. The company has had a little dabble with Android wear in the past, with the Galaxy Gear Live, and since has been focusing on Tizen. According to a report from Fast Company stating that “no more Samsung Android Wear devices are in development or being planned.” This is according to a Samsung executive. The report goes further to say that Samsung executives are going with Tizen because it’s “far more battery-efficient than Android Wear” and “the standard OS on other Samsung products from TVs to refrigerators.”
  • Are games too easy to pirate on Android?
    It's long been known that game developers make much more money on iOS than they do on Google's Android platform. The most recent example of this is Monument Valley. The developers of the game posted an article on Medium with infographics that show that 73% of their revenue comes from iOS, while only 17% comes from Android.
  • Google Trust API Will Replace Your Passwords With A ‘Trust Score’
    In the wake of increasing security threats and password leaks, Google is working on Project Abacus that will introduce Trust API in Android devices. This API will calculate your Trust Score and use them to give you access to various services. This score will be calculated by using a variety of user patterns.
  • Monument Valley in Numbers: Year 2
  • And the winners of the Google Play Awards are…
  • Why are Chromebooks outselling Macs?
  • Fancy ChromiumOS, Ubuntu, And Android TV All-In-One System
    If you are looking for a mini PC that is capable of running ChromiumOS, Ubuntu LTS, and Android TV operating systems, you may be interested in a new mini desktop computer system that has been created by Dylan Callahan. The Fancy mini PC is a “handcrafted personal computer” that is now available to purchase price to $225 plus shipping and is powered by a Quad Core x86 2.0 Ghz processor supported by 4K AMD Radeon graphics that is supported by 4GB of DDR3 RAM.

Leftovers: OSS

  • Linksys Sees Value Open Source Market for WRT Wireless Routers
    The wireless router world remains safe for open source -- at least for users of certain Linksys Wi-Fi devices, which will still allow the installation of open source firmware like DD-WRT after new FCC rules take effect next week. Here's the back story: Last fall, the Federal Communications Commissions (FCC) introduced new regulations that required device manufacturers to ensure "that third parties are not able to reprogram the device to operate outside the parameters for which the device was certified." Those rules go into effect June 2.
  • Keynote: How Enterprises are Leveraging Open Source Analytics Platforms
    In this Keynote, Luciano Resende, Architect, Spark Technology Center at IBM, will showcase Open source Analytic platforms. Luciano will also discuss how they are being leveraged by different organizations to upend their competition, as well as enable new use cases.
  • Verizon’s Open Source Network Points Way For Enterprises
  • An open source toolbox for pure mathematics
    The field of pure mathematics has always depended on computers to make tables, prove theorems and explore new theories. Today, computer aided experiments and the use of databases relying on computer calculations are part of the pure mathematician's standard toolbox. In fact, these tools have become so important that some areas of mathematics are now completely dependent on them.
  • Asa Dotzler: My New Role @ Mozilla
    After a couple of years working on Mozilla’s mobile operating system project, I’m coming back to Firefox! I’ll be doing some familiar things and some new things. My official title is Product Manager, Firefox Roadmap and Community. What that means, first and foremost, is that I’ll be returning as our storyteller, making sure that we’re communicating regularly about where Firefox is heading, and that we’re fully engaged with Firefox users, fans, and contributors.

Big Data and Databases