Joined: 24 Aug 2004
Location: Crossing the Cauchy horizon
Do you really audit addons when you install them?
I audited them by use. That is, I have a temporary browser which I proxy and run the new add-on for a while to monitor the outgoing data stream and watch for anything new and/or unusual. After a few days, if I was satisfied, then I would install the same code into my awesome FF3.6.28. Then I never update them. And whenever I've checked back later there has not been any new "Feature" that I have wanted so I wasn't missing anything by keeping the old code.
I don't have many add-ons so it is not a greatly onerous task actually.
If you want to load a crypto miner on 1,000+ websites you don't attack 1,000+ websites, you attack the 1 website that they all load content from. In this case it turned out that Text Help, an assistive technology provider, had been compromised and one of their hosted script files changed.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You can attach files in this forum You can download files in this forum