Language Selection

English French German Italian Portuguese Spanish

Mozilla pulls tracking trigger for Firefox 22

Filed under
Moz/FF




More in Tux Machines

Leftovers: Software

today's howtos

Leftovers: OSS

Security Leftovers

  • Secure Server Deployments in Hostile Territory, Part II
    There are a few other general security practices I put in place. First, as I mentioned before, because each host has a certificate signed by an internal trusted CA for Puppet, we take advantage of those certs to require TLS for all network communications between hosts. Given that you are sharing a network with other EC2 hosts, you want to make sure nobody can read your traffic as it goes over this network. In addition, the use of TLS helps us avoid man-in-the-middle attacks.
  • Hackers Can Disable a Sniper Rifle—Or Change Its Target
    At the Black Hat hacker conference in two weeks, security researchers Runa Sandvik and Michael Auger plan to present the results of a year of work hacking a pair of $13,000 TrackingPoint self-aiming rifles. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software. Their tricks can change variables in the scope’s calculations that make the rifle inexplicably miss its target, permanently disable the scope’s computer, or even prevent the gun from firing. In a demonstration for WIRED (shown in the video above), the researchers were able to dial in their changes to the scope’s targeting system so precisely that they could cause a bullet to hit a bullseye of the hacker’s choosing rather than the one chosen by the shooter.
  • Get root on an OS X 10.10 Mac: The exploit is so trivial it fits in a tweet
    Yosemite, aka version 10.10, is the latest stable release of the Mac operating system, so a lot of people are affected by this vulnerability. The security bug can be exploited by a logged-in attacker or malware on the computer to gain total unauthorized control of the Mac. It is documented here by iOS and OS X guru Stefan Esser. It's all possible thanks to an environment variable called DYLD_PRINT_TO_FILE that was added in Yosemite. It specifies where in the file system a component of the operating system called the dynamic linker can log error messages. If the environment variable is abused with a privileged program, an attacker can modify arbitrary files owned by the powerful user account root – files like the one that lists user accounts that are allowed administrator privileges.