JeffreyBarke.net

This is an interesting (but older) piece of news: "Malware writers are taking advantage of a Firefox mechanism that allows extensions to be loaded invisibly to the user, Symantec has warned."

Candid Wüest, a senior engineer at Symantec, writes that malicious add-ons can be silently installed in the Firefox components directory. Any add-on in the components directory will automatically load with the browser and not show up in the add-ons window, meaning users will most likely not be aware that it has been added or see a way to remove the add-on.

Access to the components directory has been removed in Firefox 3.6, making it more difficult to create stealthy mal-extensions. To review all extensions actually installed in their browser, users can check the following directories.

On Windows:

• %UserProfile%\Application Data\Mozilla\ Firefox\Profiles\[RANDOM].default\extensions
• %ProgramFiles%\Mozilla Firefox\extensions

On Mac OS X:

• /Library/Application Support/Mozilla/Extensions
• ~/Library/Application Support/Firefox/Profiles/[RANDOM].default/extensions/

Each add-on will have its own subdirectory in the extensions directory. Since many add-ons are identified by a GUID instead of the add-on name, I started to compile a list of add-on GUIDs and names at http://jeffreybarke.net/2010/04/firefox-add-on-guid-guide/.

For a lot more good information about Firefox and malicious add-ons, check out "Firefox and Malware: When Browsers Attack" [PDF, 1.4 MB] by Wüest and Elia Floria. It describes "a number of malicious extensions that carry out activities such as logging and forwarding all form submissions that include a password field, or forwarding all URLs visited."

Sources and links to more information

Information originally from Haking9 Vol. 5, No. 2, pg. 8.

• Bugzilla@Mozilla: Bug 519357: Only load known components from app directory
• ID Theft Protect: Firefox blocks rogue add-ons apps
• iTWire: Beware Firefox mal-extensions, warns Symantec
• Mozilla Security Blog: Component Directory Lockdown – New in Firefox 3.6

There's an interesting tutorial on how to crack 64-bit and 128-bit WEP on many Wi-Fi access points and routers using Backtrack (a Linux Live distribution) on What's the w0rd? at http://thew0rd.com/2008/08/19/tutorial-cracking-wep-using-backtrack-3/.

The tutorial shows how to connect to an access point using WEP encryption when one doesn't know the key. This is done by attacking the Wi-Fi router, making it generate packets for the cracking effort and finally cracking the WEP key. The author concludes that using WEP is a bad idea and suggests using WPA2 encryption for wireless networks.

I found it surprising that in a new study authored by IBM, Apple was rated the number one software most vulnerable to attack, ahead of Microsoft!

I also found it curious that Webmonkey's post (where I read about the study) was titled "Apple, Microsoft Top List of Most Vulnerable Software," which, although true, implies that Microsoft is number two. This isn't true: Microsoft is number three, after Joomla!

Unfortunately, the report notes two worrisome trends:

• The number of vulnerabilities in our software is increasing.
• Attacks have largely shifted from operating systems to web applications, hence the inclusion of Joomla!, WordPress and Drupal.

Via Webmonkey. Read the entire report in PDF format.