Big Data. Big Decisions
 InformationWeek
Special Coverage Series

Commentary

Keith Ferrell

Keith Ferrell


See more from this author

Mozilla Sniffer Firefox Add-On Steals Passwords

Mozilla Sniffer, a little-used and now disabled Firefox add-on, turns out be a log-in thief and has been disabled by Mozilla. Additionally the Firefox-maker disabled earlier versions of CoolPreviews, another, more popular add-on which carried vulnerabilities that could enable remote takeovers. Time to take a long look at your company's browser add-ons policy.

By Keith Ferrell InformationWeek
July 16, 2010 01:15 PM

Mozilla Sniffer, a little-used and now disabled Firefox add-on, turns out be a log-in thief and has been disabled by Mozilla. Additionally the Firefox-maker disabled earlier versions of CoolPreviews, another, more popular add-on which carried vulnerabilities that could enable remote takeovers. Time to take a long look at your company's browser add-ons policy.A Firefox add-on, Mozilla Sniffer (you'd think the name would have been a warning in itself) has been revealed to be a log-in thief, grabbing Web site log-ins and sending the info to its makers.

The add-on has been disabled by Mozilla, according to a blog post, which recommends that anyone who installed Mozilla Sniffer should immediately change their passwords.

Mozilla reports that the Sniffer add-on was "downloaded approximately 1,800 times since its submission and currently reports 334 active daily users."

Far more popular is the CoolPreviews add-on, version 3.01 of which held a vulnerability that could alow re4mote takeover of the user's computer. Mozilla disabled CoolPreviews 3.01 (and all earlier versions) and now has posted a version of CoolPreviews that has had the vulnerability eliminated.

The repaired version can be found at addons.mozilla.org Mozilla recommends that all CoolPreviews users upgrade to the latest version immediately.

How familiar are you, or your security personnel, with the add-ons your employees have added to their browsers? How confident are you that all of those add-ons have been reviewed for security and approved by the browser's developer?

As Mozilla pointed out in its security blog, unreviewed add-ons have "been previously identified as an attack vector for hackers." That's an understatement, to say the least, which is why it's good to know that Mozilla is reviewing its criteria for posting add-ons to its site. (The Mozilla Sniffer password thief remained on the add-on site for a month before being disabled.)

Might be a good idea for you to review the security policy surrounding which browser add-ons (and for that matter, which browser) your employees can add to your systems.

Don't Miss: 5 Web Security Practices For SMBs

, join the conversation


Related Reading

News

Commentary

Most Popular

On the Web

Slideshow

Video

More Insights

White Papers

More >>

Webcasts

More >>


Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

BYTE encourages readers to engage in spirited, healthy debate, including taking us to task. However, BYTE moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. BYTE further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.

Follow InformationWeek

By The Numbers

What Are Your Primary Concerns About Using Big Data Software?

Base: 417 respondents at organizations using or planning to deploy data analytics, BI or statistical analysis software
Data: InformationWeek 2013 Analytics, Business Intelligence and Information Management Survey of 541 business technology professionals, October 2012

What Do You Think?

What's your attitude about SQL analysis on top of Hadoop?
We want fast, standard SQL analysis capabilities on Hadoop ASAP
Hadoop is for unstructured data; SQL is for relational databases
We'll give SQL on Hadoop a try, but relational DBs will remain the mainstay
Given strong SQL support on Hadoop, we'd nix the data warehouse
We're not interested in Hadoop
No opinion



Related Content

From Our Sponsor

Five Big Data Challenges and How to Overcome Them with Visual Analytics

Five Big Data Challenges and How to Overcome Them with Visual Analytics

Business leaders often need a visual snapshot of data to quickly grasp and use it. This paper identifies five challenges in presenting data and how visual analytics can resolve them. Solutions are suggested to overcome the challenges of: speed, data clarity, data quality, displaying meaningful results, and dealing with outliers.

Game-Changing Analytics: How IT Executives Can Use Analytics to Create Innovation and Business Success

Game-Changing Analytics: How IT Executives Can Use Analytics to Create Innovation and Business Success

Today's competitive advantage requires a deeper understanding of your business, your market and your customers. As an IT executive, you can drive that knowledge transformation. In this white paper, learn how to make decisions as a strategic business leader and three steps to begin an analytics initiative within your enterprise.

Data Visualization Techniques: From Basics to Big Data with SAS Visual Analytics

Data Visualization Techniques: From Basics to Big Data with SAS Visual Analytics

High-performance data visualization turns sophisticated analyses into meaningful graphics, leading to faster and smarter decision making. In this white paper, learn how visual analytics can transform big data, with additional features such as real-time functionality, mobile compatibility, robust applications for technical groups and accessibility for nontechnical users.

Big Data: Lessons from the Leaders

Big Data: Lessons from the Leaders

Financial performance, competitive advantage, operational efficiency, strategic decision making - every business goal can extract value from big data, and the time for doubt or inaction has long passed. In this Economist Intelligence Unit report, in-depth interviews with data pioneers reveal the link between the effective use of big data and the bottom line among other results.

Decision-Driven Data Management: A Strategy for Better Decisions with Better Data

Decision-Driven Data Management: A Strategy for Better Decisions with Better Data

Which came first, the data or the decision? This white paper makes the case for having a decision in mind, then tailoring big data's volume, variety and velocity to achieve business results such as overcoming customer dissatisfaction or creating well-informed strategies in real time.

Informationweek Reports

Research: The Big Data Management Challenge

Research: The Big Data Management Challenge

The challenge of big data is real, but most organizations don't differentiate 'big data' from traditional data, and nearly 90% of respondents to our survey use conventional databases as the primary means of handling data. We'll help you understand what constitutes big data (it's not just size) and the numerous management challenges it poses.