Malicious hackers have exploited an unpatched vulnerability in the latest version of Firefox to attack people visiting the Nobel Peace Prize website, a Norway-based security firm said on Tuesday. Mozilla representatives confirmed a "critical vulnerability" in versions 3.5 and 3.6 of the open-source browser. It came several …
Well I am sure the Chinese are not happy with Norway for affecting their reality distortion view of a harmonious society (funny how the poor there liked Avatar so much due to empathy with the natives in the movie getting screwed by the rich). China and its 1 party government not accountable to the people again making IT busy work for the developed world.
waste of time
who gives a shit?
they awarded one to Al Gore (OK, jointly with IPCC) - so this is meaningless POS organisation
Norwegians (and Swedes to some extent) should hang their heads in shame at the political pawn it has become
DDOS for the FTW!
where are you Anonymous when we REALLY need you to do something REALLY useful? <sigh>
Apparently awarding one to President Bomborama just because he was either a community organizer or not Bush doesn't fit on your radar screen?
Obama got one for doing nothing. Trimble & Hume got one just for being typical politicians. This is one Nobel that isn't worth the paper it's written on, and anyone accepting it should be ashamed to do so.
Kissinger got one too...
...as did Teddy Roosevelt, Sadat and Begin, Arafat, Rabin and Peres. It reminds me of the redemption of Darth Vader at the end of Return of the Jedi - after whole careers spent using conflict as a tool, they managed a little peacemaking and got a Nobel for it.
The Chinese reaction isn't surprising: they weren't at all happy about the Dalai Lama getting his Peace Prize in 1989, nor was the Soviet Bloc about Lech Walesa '83, South Africa about Archbishop Tutu in '84, or the country formerly known as Burma about Aung San Suu Kyi in '91. To paraphrase Ogden Nash, you can't work against oppression unless you're prepared to piss off the oppressor.
No thanks PLA.
"or installing the NoScript extension"
Oh, okay... I can go back to sleep then...
A yellow smiley because it's yellow. Just sayin'
IT busy work?
Doesn't software normally get released with bugs, that may get exploited, and then get patched?
China 1 party system = definition of evil?
USA 2 party system = half as terrible!
Because "western civilization" is all about accountability to the people </hilarity>
Weren't the natives in Avatar getting screwed by capitalists? Heh so are the poor in China, I see your point ;-)
(pedants: what's the right tense for what happened / will happen / was going to happen in a movie about the future that I watched in the past?)
Maybe a dry run ?
Conspiracy theories with China are certainly interesting, but I'm thinking of a different scenario.
By hacking a site that is high-profile with a 0-day, the miscreants had to know that their attack would be quickly discovered.
I fear that they chose the site on purpose to evaluate what the reaction time would be, and what the damage would be.
Given that they chose to attack Firefox, I deduce two things : first, we will actually have a fix in the next 24 hours, instead of 24 months for IE. Second, Firefox is now important enough to be attacked on its own in a high-profile attack, instead of IE.
So Firefox and NoScript are the two things that really make the web safer.
Mixing data with executable content is bad for security
"In the end, once again NoScript proves invaluable."
Engage smug mode
A Windows executable? Okay then, my smugness is intact.
Double smug mode: defence in depth
As the article notes, this is a relatively rare occurrence, a critical 0day for Firefox. But it highlights an important security principle: defence in depth. In this case the vulnerability it either partially or totally mitigated by a number of other factors: (i) a secure OS like Linux; (ii) the ability to browse without your pants down (NoScript, AdBlock, etc.) and (iii) not using administrative logins for day to day usage.
Quick, blame Microsoft
Or am I being overly cynical of the forum members?
They made it!
You know your browser is popular when you get malware attacks directed at just the one browser
How did they hack the website?
But how did the perps manage to get their code placed on the Nobel Prize website?
Probably something like:
An exploit on the Nobel Prize website?
So no imminent danger to the actual computing community then, only the hoity-toity class.
Nobel prize for peace?
Let's have a look at the 3 most recent awardees...
Next year they'll just send it out in a randomly-selected Cheerios box I guess.
How long until someone reply the usual "Rewrite it yourself if you are not happy with it!"?
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Ofcom will not probe lesbian lizard snog in new Dr Who series
- Episode 9 BOFH: The current value of our IT ASSets? Minus eleventy-seven...
- Too slow with that iPhone refresh, Apple: Android is GOBBLING up US mobile market
- Kaspersky backpedals on "done nothing wrong, nothing to fear" company article