Language Selection

English French German Italian Portuguese Spanish

Firefox devs mull dumping Java to stop BEAST attacks

Filed under
Moz/FF

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.

Rest here




gotta be a joke

firefox is so full of memory leaks that calling anything else insecure sounds more like m$ calling everyone less secure.

I am using firefox less and less. Chrome runs circles around it AND it is more stable. Even konwueror with wenkit renderer is better than firefox.

The last good firefox release was 3.6 - it has been downhill since then. The mozilla "developers" have gotten fatter after making 100s of millions of dollars from google ads. They don't care anymore- they are corrupt, like RH and their minions.

FF 3.6

Agreed. I've gotten so fed up with the mess that Firefox has become, that I've actually gone BACK to 3.6 on all of my machines.

I don't think that's going to be a good long-term solution, but I don't know what to do in the meantime.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Latest Nvidia Shield player runs Android TV on Tegra X1

Nvidia’s $199 STB version of Nvidia Shield runs Android TV on a Tegra X1, and boasts 4K video, 50 optimized games, and game streaming from a “Grid” service. The 2015 set-top box version of the Nvidia Shield follows two earlier models, including 2013’s original handheld Shield game console, now called the Nvidia Shield Portable, which was based on the Nvidia Tegra 4 system-on-chip. Last year, the chip designer-cum-hardware developer released an Nvidia Shield Tablet built around a more powerful Tegra K1 SoC with Kepler graphics, and featuring new stylus and WiFi Direct gaming controller. Read more Also: NVIDIA 346.47 Linux Drivers Launched with Support for New GPUs

​Companies really want Linux-savvy employees and they want them now

According to the Linux Foundation and tech job company Dice, in the 2015 Linux Jobs Report, "Nearly all hiring managers are looking to recruit Linux professionals." While programmers and Linux system administrators are in high demand, your chances of landing a great job are greater if you have cloud, security, and/or software defined networking (SDN) skills. In particular, "42 percent of hiring managers say experience with or knowledge of OpenStack and CloudStack are having a big impact on their Linux hiring decisions" while "49 percent of Linux professionals believe open cloud will be the biggest growth area for Linux in 2015." Read more

Ubuntu 15.04 Flavors Beta 1 Available to Download

Ubuntu 15.04 flavors have a first beta version, it now available to download and install for testing. In this release, There are only available images for Kubuntu, Lubuntu, Ubuntu Gnome, Ubuntu Kylin, Ubuntu MATE, Xubuntu and ubuntu cloud. Read more

Mozilla's *Really* Important News: Thunderbird Lives

So why does that matter? After all, there are lots of ways of accessing email, so why should we care whether Thunderbird has been semi-abandoned or not? As I wrote at the end of 2013, the world has changed dramatically in the wake of Edward Snowden's leaks about massive surveillance of our online activities. That makes using encryption crucial, and that, in its turn, gives Thunderbird a renewed importance, because it is currently one of the most popular ways for using GNU Privacy Guard, the free software version of the core PGP technology, via Enigmail. Indeed, it's fascinating to see from the Thunderbird blog post on "Active Daily Installations" that privacy-loving Germany headed the list with 1.7 million out of a total of 9.3 million (UK could only manage a rather feeble 254,000.) Read more