Language Selection

English French German Italian Portuguese Spanish

Firefox devs mull dumping Java to stop BEAST attacks

Filed under
Moz/FF

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.

Rest here




gotta be a joke

firefox is so full of memory leaks that calling anything else insecure sounds more like m$ calling everyone less secure.

I am using firefox less and less. Chrome runs circles around it AND it is more stable. Even konwueror with wenkit renderer is better than firefox.

The last good firefox release was 3.6 - it has been downhill since then. The mozilla "developers" have gotten fatter after making 100s of millions of dollars from google ads. They don't care anymore- they are corrupt, like RH and their minions.

FF 3.6

Agreed. I've gotten so fed up with the mess that Firefox has become, that I've actually gone BACK to 3.6 on all of my machines.

I don't think that's going to be a good long-term solution, but I don't know what to do in the meantime.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Five reasons to switch from Windows to Linux

Linux has been in the ascendancy ever since the open source operating system was released, and has been improved and refined over time so that a typical distribution is now a polished and complete package comprising virtually everything the user needs, whether for a server or personal system. Much of the web runs on Linux, and a great many smartphones, and numerous other systems, from the Raspberry Pi to the most powerful supercomputers. So is it time to switch from Windows to Linux? Here are five reasons why. Read more

today's leftovers

Leftovers: OSS and Sharing

Security Leftovers

  • Chrome vulnerability lets attackers steal movies from streaming services
    A significant security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.
  • Large botnet of CCTV devices knock the snot out of jewelry website
    Researchers have encountered a denial-of-service botnet that's made up of more than 25,000 Internet-connected closed circuit TV devices. The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack. The unnamed site was choking on an assault that delivered almost 35,000 HTTP requests per second, making it unreachable to legitimate users. When Sucuri used a network addressing and routing system known as Anycast to neutralize the attack, the assailants increased the number of HTTP requests to 50,000 per second.
  • Study finds Password Misuse in Hospitals a Steaming Hot Mess
    Hospitals are pretty hygienic places – except when it comes to passwords, it seems. That’s the conclusion of a recent study by researchers at Dartmouth College, the University of Pennsylvania and USC, which found that efforts to circumvent password protections are “endemic” in healthcare environments and mostly go unnoticed by hospital IT staff. The report describes what can only be described as wholesale abandonment of security best practices at hospitals and other clinical environments – with the bad behavior being driven by necessity rather than malice.
  • Why are hackers increasingly targeting the healthcare industry?
    Cyber-attacks in the healthcare environment are on the rise, with recent research suggesting that critical healthcare systems could be vulnerable to attack. In general, the healthcare industry is proving lucrative for cybercriminals because medical data can be used in multiple ways, for example fraud or identify theft. This personal data often contains information regarding a patient’s medical history, which could be used in targeted spear-phishing attacks.
  • Making the internet more secure
  • Beyond Monocultures
  • Dodging Raindrops Escaping the Public Cloud