Language Selection

English French German Italian Portuguese Spanish

Firefox devs mull dumping Java to stop BEAST attacks

Filed under
Moz/FF

Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.

The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account.

Rest here




gotta be a joke

firefox is so full of memory leaks that calling anything else insecure sounds more like m$ calling everyone less secure.

I am using firefox less and less. Chrome runs circles around it AND it is more stable. Even konwueror with wenkit renderer is better than firefox.

The last good firefox release was 3.6 - it has been downhill since then. The mozilla "developers" have gotten fatter after making 100s of millions of dollars from google ads. They don't care anymore- they are corrupt, like RH and their minions.

FF 3.6

Agreed. I've gotten so fed up with the mess that Firefox has become, that I've actually gone BACK to 3.6 on all of my machines.

I don't think that's going to be a good long-term solution, but I don't know what to do in the meantime.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Munich Linux councillor: 'We didn't propose a switch back to Windows'

ONE OF THE CITY COUNCILLORS behind the alleged "Bring Back Windows" letter to Munich City officials has told The INQUIRER that she has no desire to see the city migrate back to Microsoft. Munich spurned Windows for its own version of Linux, known as Limux, and recent reports suggested it is once again getting high-level calls to trash the experiment and get back to the old days. The story, which has been circulating for the past week or so, is based on a memo sent by two councillors from the city which appeared to request consideration of a return to Windows. Read more

LLVM 3.7.0 Officially Released

LLVM 3.7 along with sub-projects like Clang 3.7.0 have been officially released this afternoon. Hans Wennborg announced 3.7.0 a few minutes ago on the mailing list. "This release contains the work of the LLVM community over the past six months: full OpenMP 3.1 support (behind a flag), the On Request Compilation (ORC) JIT API, a new backend for Berkeley Packet Filter (BPF), Control Flow Integrity checking, as well as improved optimizations, new Clang warnings, many bug fixes, and more." Read more

Rugged module runs Linux on i.MX6 UltraLite SoC

F&S announced a COM that runs Linux on Freescale’s Cortex-A7 based i.MX6 UltraLite SoC, and offers dual Ethernet, WiFi, and an industrial temperature range. Since May, when Freescale unveiled its new, Cortex-A7 based i.MX6 UltraLite SoC, we’ve seen several announcements of computer-on-module products that incorporate the new, more power-efficient processor. These include two products from TechNexion — an EDM form-factor COM and a module fits in an Intel Edison socket — plus an SODIMM-style COM from iWave Systems. Now, F&S Elektronik Systeme has announced that it is adding an i.MX6 UltraLite-based “efus-A7UL” module to its “efus” COM family. Read more

How Ubuntu 15.04 Vivid Vervet Can Prove Useful for Enterprise WiFi

I personally recommend Ubuntu 15.04 but you may choose some other enterprise distro such as RHEL 7.1 or SUSE Linux Enterprise Server. That’s okay, but if you follow my recommendation and choose Vivid Vervet instead, the discussion above would help you. Read more