Update thy Firefox asap

This new version 6.0.1 that came out today is a security update due to this weeks news of yet another certificate authority hack, which makes us vulnerable to man im the middle attacks even when ussing ssl.

Chrome users should have an update as well.

Get updating!

 

Log in or Sign up to hide all adverts.

Opera has also indicated that it has a new update (too much of a coincidence?). Which is the browser I've had to switch to since the UnMHT extension shows signs of having been abandoned by its developer even before it was disabled by FireFox#6. The next major version of Chrome (#14) will finally have the capacity to open and "save as" MHTML files, so that is another option.

Firefox will be the only major browser without native MHTML support -- time to get off its butt and stop leaving it up to independent extension authors to provide that. Opera also has Notes, flashblocking, ad-blocking, inline dictionary/encyclopedia search, etc., as built-in features; along with a conventional addon site now where extensions like WOT can be downloaded. It can even be customized to produce a single omnibar similar to Chrome's by removing the Search bar (the remaining address bar already doubles as a search engine input).

 

Log in or Sign up to hide all adverts.

Did it. Thanks.

 

Log in or Sign up to hide all adverts.

i just deleted the cert

 

Technically, SSL can't protect you from man in the middle attacks unless diffy helmen is used :3.

 

Long story short, the SSL certification registrar got compromised some time back, allowing rogue manipulation of the cert's encoding for legitimate sites as well as rogue cert's.

I'm sure it's taken a while for them to analyse which certs algorithms had been compromised, to my knowledge most of the sites that attempted to exploit this had been shut down. The cert authority was/is just making sure that the problem is patched, after all such hacker groups that are responsible tend to keep some of the potential servers offlined just in case their initial ones get busted. (Throw in a botnet trying to manipulate the recreation of such servers or packet-rewrites and it's a whole lot of workload to fix)

 

that's what I said

 

There is one other point about SSL that most web developers might or might not understand. In the instance of some online web hosts they might offer SSL services, however they might offer an SSL proxy. This means having a third-party certified server proxying a standard HTTP protocol through the proxy into SSL and then to the end user.

This means that the actual website is only Half tunnelled, so if you can see the actual URL that the site is being proxied from you can access the website directly, completely bypassing any security that such a proxy might have offered.

It your HTTP site happens to use Apache as your webserver then it is possible to use a .htaccess or entry into the HTTP.conf file in regards to whether the webpage is viewed outside of a HTTPS connection or whether it's automatically redirected back through the proxy if accessed directly. However it's alot of work arounds which too when understood can still be underpinned via spoofing a proxy through a local network.

In any event my research concluded that some of the cheaper shopping carts using SSL online for small businesses are actually "Insecure and exploitable" since the SSL can be negated.

 

This is likely what forced the most recent update.

 

Firefox is now up to 6.0.2

 

Time to do it again: 7.0 already. Firefox is churning out the whole number updates as fast or faster than Chrome now. Surely these two will at least reconsider this tendency after they each get to 99.0 -- which will now be a lot sooner than FF originally planned years ago.

 

The one good thing (Firefox updating vs. Chrome) is that Firefox waits for you to ask while Chrome does it automatically (I've seen complaints about that).

 

Yep, nothing in the options of Chrome for giving one a choice, and surely not anything in chrome:flags either. Oddly enough, though, they seem so slow about doling them out that I can't recall ever receiving an automatic update. It's always been via clicking "About Chrome" that I found the manual update checker suddenly handing one out before the auto-method got around to it.

Should be less slacking accepting the 7.0 of Firefox, since this is the one that reduces memory usage and finally does something about the memory leak: http://betanews.com/2011/09/27/mozilla-releases-firefox-7-get-it-now/

It's disappointing that Chrome's 14.0 didn't deliver on mhtml file saving and reading, despite scores of tech sites and even Wikipedia reporting back in June that it was going to happen. Meanwhile, that other mhtml extension of Firefox's shows no sign of being abandoned like the former one. The extension authors of FF in general seem to have adapted to the new, hectic 6-week schedule this time around. Of the several addons we use, none were disabled this time around.