Announcement

Collapse
No announcement yet.

Spread Firefox Site Hacked, Data Leaked

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hooper
    replied
    "News of the hack is a black eye for Mozilla, which prides itself on security when compared to Microsoft's Internet Explorer browser."

    I wonder if it occured to the writer that a browser software isn't placing their site online or configuring their root security? What the modules and addon's? Hmm. Couldn't be any other software could it? Seems like a bit of a retarded statement to me. MS has been cracked more times that than should be humanly possible, yet their negative publicity didn't keep people from using their hole infested softare. No it's not good, but it's not the end of the world either. I've had huge well known sites contact my credit card companies due to stolen identity. 3 times in fact. If you knew who all has had issue with intrusion with larger organizations, you would shocked. Unfortunately, the banks don't tell you who reports the stolen information.
    Last edited by Hooper; Fri 22 Jul '05, 9:49am.

    Leave a comment:


  • Zecherieh
    replied
    Originally posted by Wayne Luke
    It is related to volume, security analysis and provider. Torn in two directions about this though... Is the convenience worth the potential risks?
    When it comes to personal information (beyond what you could get in a phone book) - Security comes first, regardless of if you have 1 customer, or more than 1. Anything that you are handling that could cause damage to another if not handled correctly, you got to go security first, just to protect your own rear end, if nothing else.


    When it comes to stuff like browser security, I am gonna take my chances. I figured out a long time ago that what I save in in time and frustration through having a completely secure system, I lose ten fold in having in functionality. I would rather repair windows once a week, rather than use most of the security (though in the last six months I have gotten one hijack, and that I have no clue where it came from, only figured out that it sat around for three or four days before going insane with installations).

    For the most part though - even that security is easy - I just throw every "bad" url in my hosts file, and any "bad" files, I will use spyware/hijackware stuff to scan my computer - but I dont let them remove the stuff - cause to me thats dumb - you remove it, and it can just come right back, where as if you go and open it up in notepad, delete the contents, save it, and change its permissions so that nobody, not even yourself, can use it - you have just effectively blocked any hijack bs that uses something with that file name from every bothering you again.

    Leave a comment:


  • Dave#
    replied
    Originally posted by ManagerJosh
    Ouch, black eye for Firefox...let's all move back to IE now

    http://www.betanews.com/article/Spre...ked/1121448513
    Nore sure you should be laughing in light of your own problems

    Leave a comment:


  • Wayne Luke
    replied
    It is related to volume, security analysis and provider. Torn in two directions about this though... Is the convenience worth the potential risks?

    Leave a comment:


  • someuser190826
    replied
    Originally posted by Wayne Luke
    No... My current contract does not allow that.
    How do you go about getting a contract that does?

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by CeleronXT
    Are you storing credit card numbers?
    No... My current contract does not allow that.

    Leave a comment:


  • CeleronXT
    replied
    Originally posted by Wayne Luke
    Actually, on my personal retail site, I store my userdata on a separate machine for security purposes. Security trumps performance when you are working with ecommerce.
    Its an excellent idea, too. I just don't see it much.

    Are you storing credit card numbers?

    Leave a comment:


  • Wayne Luke
    replied
    Originally posted by CeleronXT
    Oh, and most people store userdata on the same server as the site. When they don't, its typically for performance reasons.
    Actually, on my personal retail site, I store my userdata on a separate machine for security purposes. Security trumps performance when you are working with ecommerce.

    Leave a comment:


  • CeleronXT
    replied
    Originally posted by Zecherieh
    Security is security - regardless of where it is at.
    It absolutely is not.

    Using your armored car example, the situation there would provide no reason for other banks to not purchase and use the same line of armored cars for their own banks, and that is all that matters when using this as an example for Firefox.

    Oh, and most people store userdata on the same server as the site. When they don't, its typically for performance reasons.
    Last edited by CeleronXT; Mon 18 Jul '05, 8:37am.

    Leave a comment:


  • tgillespie
    replied
    Originally posted by Zecherieh
    Security is security - regardless of where it is at.

    Yes, this is a black eye for Moz because it strikes right at their strength.

    If I have a big bank, and bring in a new fleet of armored cars, and tell you day after day after day how secure my cars are, how much care and time we spend making sure we are on top of everything, and damn they are safe.

    A couple months go by, then one day the Bank gets robbed. Which was really just an oversite cause the bank forgot to get a new security guard when the old one quit a week ago - and besides, that doesnt have anything do with the security of armored cars, yes they might get your money from the bank - but they are not getting it from our delivery system.

    (note: exploit that was attacked was already patched over a week before the attack.)


    I dont care much either way - since SP2 came out, IE is plenty secure for me, and I personally am going to stick with the browser that cares if a website made two years ago still works, along with worrying about the new stuff - but to say this is has nothing to do with their browser security, is hogwash - Moz is to big now to let anything for a second to slip through the cracks at any related sites. Not to mention that is shows a very very poor lack of judgement from everyone involved in the decision making processes at Moz - why the hell was all that user data stored on the actual server itself? Nobody with 1/10th of that amount of user info should do that, not on a the publicly accessable server - you use other servers, not accessable from the net, and only accessable through the local network by direct request for info on a specific individual.

    But yes, you are right, it has nothing to do with the browser code, just something to do those involved in making decisions on what/how/why the browser code should do whatever.

    Whats the difference?

    Leave a comment:


  • Zecherieh
    replied
    Security is security - regardless of where it is at.

    Yes, this is a black eye for Moz because it strikes right at their strength.

    If I have a big bank, and bring in a new fleet of armored cars, and tell you day after day after day how secure my cars are, how much care and time we spend making sure we are on top of everything, and damn they are safe.

    A couple months go by, then one day the Bank gets robbed. Which was really just an oversite cause the bank forgot to get a new security guard when the old one quit a week ago - and besides, that doesnt have anything do with the security of armored cars, yes they might get your money from the bank - but they are not getting it from our delivery system.

    (note: exploit that was attacked was already patched over a week before the attack.)


    I dont care much either way - since SP2 came out, IE is plenty secure for me, and I personally am going to stick with the browser that cares if a website made two years ago still works, along with worrying about the new stuff - but to say this is has nothing to do with their browser security, is hogwash - Moz is to big now to let anything for a second to slip through the cracks at any related sites. Not to mention that is shows a very very poor lack of judgement from everyone involved in the decision making processes at Moz - why the hell was all that user data stored on the actual server itself? Nobody with 1/10th of that amount of user info should do that, not on a the publicly accessable server - you use other servers, not accessable from the net, and only accessable through the local network by direct request for info on a specific individual.

    But yes, you are right, it has nothing to do with the browser code, just something to do those involved in making decisions on what/how/why the browser code should do whatever.

    Leave a comment:


  • Ace
    replied
    Hack, schmack. Not a good thing, but it doesn't stop FF being far superior to IE, for my needs anyway.

    Leave a comment:


  • CeleronXT
    replied
    Originally posted by Oblivion Knight
    Hmm.. Well Mozilla have now released Firefox 1.0.5, interesting timing.
    1.0.5 has been planned for a while.

    So I don't get how its interesting timing.

    Leave a comment:


  • Marco van Herwaarden
    replied
    Any browser is as secure as the user that is using it.

    Just my little remark on this subject.

    Leave a comment:


  • Guest's Avatar
    Guest replied
    Originally posted by Dean C
    There's a hell of a lot of difference between browser security and server security. What a stupid comment to write in an article.
    agrreed.

    Leave a comment:

Related Topics

Collapse

Working...
X