Language Selection

English French German Italian Portuguese Spanish

Firefox devs mull dumping Java to stop BEAST attacks

Filed under
Moz/FF

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.

Rest here




gotta be a joke

firefox is so full of memory leaks that calling anything else insecure sounds more like m$ calling everyone less secure.

I am using firefox less and less. Chrome runs circles around it AND it is more stable. Even konwueror with wenkit renderer is better than firefox.

The last good firefox release was 3.6 - it has been downhill since then. The mozilla "developers" have gotten fatter after making 100s of millions of dollars from google ads. They don't care anymore- they are corrupt, like RH and their minions.

FF 3.6

Agreed. I've gotten so fed up with the mess that Firefox has become, that I've actually gone BACK to 3.6 on all of my machines.

I don't think that's going to be a good long-term solution, but I don't know what to do in the meantime.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Why open source could be IBM's key to future success in the cloud

Do those same developers need IBM? Developers certainly benefit from IBM's investments in open source, but it's not as clear that those same developers have much to gain from IBM's cloud. Google, for example, has done a stellar job open sourcing code like TensorFlow and Kubernetes that feeds naturally into running related workloads on Google Cloud Platform. Aside from touting its Java bonafides, however, IBM has yet to demonstrate that developers get significant benefits for modern workloads on its cloud. That's IBM's big challenge: Translating its open source expertise into real, differentiated value for developers on its cloud. Read more

Top 8 Debian-Based Distros

Most people tend to forget that despite Ubuntu's success over the years, it's still just a distro based on another distro - Debian. Debian on its own, however, isn't really well suited for newer users...hence the explosion of distros based on Debian over the recent years. There are lot of great choices for Linux users. Which one is best for you? Read more

Compact, rugged IoT gateway offers dual GbE with PoE

Inforce has launched a $250 “Inforce 6320” IoT gateway that runs Linux on a quad -A53 Snapdragon 410, and offers WiFi, BT, GPS, HDMI, USB, -30 to 85°C support, and dual GbE ports with PoE. Inforce Computing’s $250 Inforce 6320 is a compact (170 x 95 x 42mm) IoT gateway that runs Ubuntu Core (Snappy) and Debian on Qualcomm’s Snapdragon 410E. Inforce promises “periodic upstream kernel based BSP releases [that] include in-depth documentation along with a host of royalty-free software.” The Debian BSP includes LXDE, drivers for all available interfaces, as and access to the Inforce TechWeb tech support services. Read more

Today in Techrights