In Earlier Post we Inform our readers about "Facebook track your cookies even after logout". Did you know that social networking sites like Facebook, Google+, and Twitter can track your visits to any web page that uses the familiar "Like", "Follow", or "+1" buttons, even if you do not actually click these buttons? If you care about privacy, you must have already installed privacy addons like Ghostery, Adblock Plus, but here’s a new addition to your privacy toolkit – Priv3.
Priv3 is different from addons like Ghostery. For example, Ghostery blocks social sharing buttons (+1, Like, Tweet buttons) and other social snippets (Facebook comments, Facebook connect) completely, so you may feel disconnected.
Priv3 protects your privacy by blocking trackers, but still shows social snippets like Facebook Comments, +1, like buttons so you don’t miss any content. Once you interact with the social snippet, it reloads the cookies and tracking starts again, so unless and until you interact with the snippet, the addon keeps blocking the trackers.
One thing which is too disappointing for me is that Priv3 is only available for Firefox, so all I can do is wait for a Chrome version of it. If you’re a Firefox user, check it out and also tell us what you think of it.
Download The Priv3 Firefox Extension
Firefox Java update ready to stop BEAST attacks
Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework.
Johnath, the alias for Firefox Director of Engineering Johnathan Nightingale, weighed in: “Yeah - this is a hard call. Killing Java means disabling user functionality like facebook video chat, as well as various java-based corporate apps (I feel like Citrix uses Java, for instance?)”
He went on to say that Firefox already has a mechanism for “soft-blocking” Java that allows users to re-enable the plugin from the browser's addons manager or in response to a dialogue box that appears in certain cases. “Click to play or domain-specific whitelisting will provide some measure of benefit, but I suspect that enough users will whitelist, e.g., facebook that even with those mechanisms (which don't currently exist!) in place, we'd have a lot of users potentially exposed to java weaknesses.”
In order to protect users from an attack that decrypts sensitive web traffic, Firefox developers are looking at an update that stops the browser from working with Oracle's Java. The move would stop Firefox from working with a number of very popular websites. The team is only holding off because of how much such a ban would hurt user experience.The Browser Exploit Against SSL/TLS has earned its BEAST acronym. By injecting JavaScript into an SSL session, it can recover secret information that’s transmitted to a predictable data-stream location. It took researchers Thai Duong and Juliano Rizzo were able to use BEAST to get an encrypted authentication cookie used to access a PayPal account in less than two minutes.
The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser.
The prospect of Firefox no longer working with Java could cause a variety of serious problems for users, particularly those in large corporations and government organizations that rely on the framework to make their browsers work with virtual private networks, intranet tools.
No comments:
Post a Comment