Personal computing discussed

Moderator: Dposcorp

 
chuckula
Gold subscriber
Gerbil Jedi
Topic Author
Posts: 1614
Joined: Wed Jan 23, 2008 9:18 pm
Location: Probably where I don't belong.

Firefox Hacked with Rogue Plugin... by its own developers

Fri Dec 15, 2017 8:37 pm

So this little snafu is blowing up right now.
Apparently Mozilla snuck in an unwanted browser extension into Firefox that's essentially a bad marketing gimmick for a TV show called "Mr. Robot" .

It is not going over well and Mozilla's explanation that it's OK because Mr. Robot the TV show promotes privacy isn't exactly flying either.

I expect it to be fixed soon, but sometimes it's important to know what *not* to put in your product can be just as important as what gets thrown in.
4770K @ 4.7 GHz; 32GB DDR3-2133; GTX-1080; 512GB 840 Pro (2x); Fractal Define XL-R2; NZXT Kraken-X60
--Many thanks to the TR Forum for advice in getting it built.
 
uni-mitation
Gerbil First Class
Posts: 119
Joined: Mon Feb 04, 2013 1:28 am

Re: Firefox Hacked with Rogue Plugin... by its own developers

Fri Dec 15, 2017 9:47 pm

chuckula wrote:
So this little snafu is blowing up right now.
Apparently Mozilla snuck in an unwanted browser extension into Firefox that's essentially a bad marketing gimmick for a TV show called "Mr. Robot" .

It is not going over well and Mozilla's explanation that it's OK because Mr. Robot the TV show promotes privacy isn't exactly flying either.

I expect it to be fixed soon, but sometimes it's important to know what *not* to put in your product can be just as important as what gets thrown in.


Mozilla is just the kid trying too hard to be cool when they should just realize that they have one mission. I only continue to use FF because it is the only browser that has an independent robust certificate revocation checking system regardless of OS it runs on. In my list of priorities for browsers: Security>Privacy>other useless gimmicks. This is one of those gimmicks. Google Chrome is just a product optimized by defaults to track your habits, and I don't put much stock on other competitors, for now, anyways. I care for a browser that will refuse to load a page with a revoked certificate, not one that renders it .001 seconds faster. Try your browser and see if they will fail hard to load this page with a revoked certifcate. If the page loads, I would strongly advise you to reconsider your choice of browser or make changes. This is a ridiculous state of affairs. Of what point is revoking certificates due to whatever vulnerability if your browser loads a revoked certificate?

/rant/sorry to hijack this thread->I just could not help myself

uni-mitation

source
 
DrDominodog51
Gerbil Elite
Posts: 682
Joined: Sat Jan 17, 2015 12:23 pm
Location: Silicon Valley

Re: Firefox Hacked with Rogue Plugin... by its own developers

Fri Dec 15, 2017 10:33 pm

*sighs*

I've already been gradually getting more and more annoyed with Mozilla as of late. Integrating a 3rd party service (Pocket) pissed me off quite a bit and don't like the new GUI either, but this is over the line. Time to switch back to Midori I guess.
Celeron G3920 @ 4.7 GHz, Maximus VIII Impact, 8 GB of 4000 MHz 19-21-21-41 Samsung E-Die
 
mudcore
Gerbil
Posts: 49
Joined: Mon Sep 11, 2017 3:16 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Fri Dec 15, 2017 10:54 pm

uni-mitation wrote:
chuckula wrote:
So this little snafu is blowing up right now.
Apparently Mozilla snuck in an unwanted browser extension into Firefox that's essentially a bad marketing gimmick for a TV show called "Mr. Robot" .

It is not going over well and Mozilla's explanation that it's OK because Mr. Robot the TV show promotes privacy isn't exactly flying either.

I expect it to be fixed soon, but sometimes it's important to know what *not* to put in your product can be just as important as what gets thrown in.


Mozilla is just the kid trying too hard to be cool when they should just realize that they have one mission. I only continue to use FF because it is the only browser that has an independent robust certificate revocation checking system regardless of OS it runs on. In my list of priorities for browsers: Security>Privacy>other useless gimmicks. This is one of those gimmicks. Google Chrome is just a product optimized by defaults to track your habits, and I don't put much stock on other competitors, for now, anyways. I care for a browser that will refuse to load a page with a revoked certificate, not one that renders it .001 seconds faster. Try your browser and see if they will fail hard to load this page with a revoked certifcate. If the page loads, I would strongly advise you to reconsider your choice of browser or make changes. This is a ridiculous state of affairs. Of what point is revoking certificates due to whatever vulnerability if your browser loads a revoked certificate?

/rant/sorry to hijack this thread->I just could not help myself

uni-mitation

source


Firefox, Chrome, Brave, and Edge all showed the revocation error and refused to load unless told to ignore. Am I missing something?
 
curtisb
Gerbil XP
Posts: 404
Joined: Tue Mar 30, 2010 11:27 pm
Location: Oklahoma

Re: Firefox Hacked with Rogue Plugin... by its own developers

Fri Dec 15, 2017 11:03 pm

uni-mitation wrote:
Try your browser and see if they will fail hard to load this page with a revoked certifcate.


It doesn't load on Edge, IE11, or Chrome...as it shouldn't. There's nothing special about Firefox here; no modern browser is going to open that.
ASUS MAXIMUS VIII HERO | Intel Core i7-6700 | Asus STRIX GTX 970 4GB | 4 x Corsair LPX 8GB | 2 x Crucial MX200 500GB | 2 x Hitachi Deskstar 4TB | Phanteks Eclipse | Seasonic X-850 | Dell UP2516D
 
Welch
Grand Gerbil Poohbah
Posts: 3472
Joined: Thu Nov 04, 2004 5:45 pm
Location: Alaska
Contact:

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 1:08 am

Confirmed doesn't load on any of the usual browsers here.

I too have been a fan of FF since beta... but I've mostly switched to Chrome because it doesn't crap out as much as FF has on me lately and the profiles haven't corrupted, ect. It was a REALLY sad day that I switched to Chrome a few months ago but now that I've kicked the can down the road, I haven't really missed it. FF has been making some bad choices and the number of old school users who have abandoned ship is evident of those decision.
"I think there is a world market for maybe five computers."
Thomas Watson, chairman of IBM, 1943

R5 1600x|ROG Strix B350-F|CM 240 Lite|16GB G.Skill 3200|MSI 7850 2GB|500gb 850 EVO|Corsair 400R|Seasonic X Series 850w Gold|Corsair M95 / K90
 
DancinJack
Grand Gerbil Poohbah
Posts: 3381
Joined: Sat Nov 25, 2006 3:21 pm
Location: Kansas

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 2:49 am

/shrug

I think this is really dumb and they shouldn't have done it, but I have pretty impressed with Firefox lately. The newer versions have been great. I also HATED that glassy, curved UI they had for a few years. I mean, I realllllllllllllllly hated it. I don't mind the new UI, but Chrome still remains my primary browser for a host of other reasons. I do really enjoy the dev edition of FF though and have been using it as a secondary browser on my Windows machine since they introduced Quantum.
i7 6700K - Z170 - 16GiB DDR4 - GTX 1080 - 512GB SSD - 256GB SSD - 500GB SSD - 3TB HDD- 27" IPS G-sync - Win10 Pro x64 - Ubuntu/Mint x64 :: 2015 13" rMBP Sierra :: Canon EOS 80D/Sony RX100
 
NovusBogus
Silver subscriber
Graphmaster Gerbil
Posts: 1223
Joined: Sun Jan 06, 2013 12:37 am

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 4:08 am

So their position is basically that the best way to complain about the global surveillance cabal is to demonstrate that their technology is (potentially) part of the problem? Not sure if serious, must be one of those 'marketing person' things...

Anyway, I got bored with FF about four years ago. It's been going downhill ever since 3.5...lame UI, poor performance, dodgy addons, nerfed customization and arrogant decisions. Getting most of their money from Google doesn't exactly inspire trust in their status as an independent alternative to the corporate monoliths, either. Pale Moon is a decent fork, but it's dated and probably has some submarine security holes. Vivaldi and Opera are okay, but they both use Chromium so unless you need their oddball features you're not getting anything versus vanilla Chrome. Hmm...I like the Midori idea, I might look into using that. It does come in a Windows flavor.
 
curtisb
Gerbil XP
Posts: 404
Joined: Tue Mar 30, 2010 11:27 pm
Location: Oklahoma

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 5:29 am

NovusBogus wrote:
arrogant decisions


You mean like refusing to create an enterprise build with Group Policy support? Or even to create an MSI version of the installer so it's easier to deploy in an enterprise environment?

They've at least finally provided some instructions on deploying it, but native Group Policy support is still nowhere to be found. Both the MSI installer and native Group Policy support have been requests for over a decade. There was an extension, but it doesn't work with Quantum (as of right now...not sure if it's even actively being maintained).

There is always the FrontMotion release that is available in both an MSI and has support for Group Policy, but it's usually a version or so behind.
ASUS MAXIMUS VIII HERO | Intel Core i7-6700 | Asus STRIX GTX 970 4GB | 4 x Corsair LPX 8GB | 2 x Crucial MX200 500GB | 2 x Hitachi Deskstar 4TB | Phanteks Eclipse | Seasonic X-850 | Dell UP2516D
 
Bonusbartus
Gerbil
Posts: 58
Joined: Tue Dec 04, 2007 8:06 am
Location: Eindhoven, Netherlands

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 5:45 am

NovusBogus wrote:
Anyway, I got bored with FF about four years ago. It's been going downhill ever since 3.5...lame UI, poor performance, dodgy addons, nerfed customization and arrogant decisions. Getting most of their money from Google doesn't exactly inspire trust in their status as an independent alternative to the corporate monoliths, either. Pale Moon is a decent fork, but it's dated and probably has some submarine security holes.


This^^
Though I am using Palemoon (the x64 build( as my primary browser for years now, and it isn't dated at all, they keep updating it, and keep patching security holes. That they forked from firefox and stick to the same UI doesn't mean it is dated. The only problem with it is that since FF quantum a lot of plugins don't work anymore, and some sites are still (yes google for one) keep checking the UserAgent to check if a browser is either FF or Chrome...
Here are the latest release notes:
http://www.palemoon.org/releasenotes.shtml
 
just brew it!
Gold subscriber
Administrator
Posts: 50347
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 6:02 am

I switched to Chrome several years ago and haven't looked back. Yeah, there are privacy concerns; but Google knows pretty much everything anyway.

I keep FF around too, but rarely use it. On my laptop, Chrome is configured to use an encrypted SOCKS proxy by default. So I use Firefox to deal with WiFi networks that have EULA pages you need to click through, since that allows me to get connected without changing Chrome's network settings. Once the WiFi connection is established, it's back to Chrome.
Nostalgia isn't what it used to be.
 
lithven
Gerbil In Training
Posts: 2
Joined: Wed Feb 25, 2004 8:30 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 12:06 pm

curtisb wrote:
uni-mitation wrote:
Try your browser and see if they will fail hard to load this page with a revoked certifcate.


It doesn't load on Edge, IE11, or Chrome...as it shouldn't. There's nothing special about Firefox here; no modern browser is going to open that.

The page loads for me using Chrome on Android (latest version of both).
 
CScottG
Graphmaster Gerbil
Posts: 1069
Joined: Fri Dec 01, 2006 9:53 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 1:15 pm

just brew it! wrote:
I switched to Chrome several years ago and haven't looked back. Yeah, there are privacy concerns; but Google knows pretty much everything anyway.


Yup. If you are straight-up using Google for your searches then what's the point of not using Chrome (..most of the time)? Well, other than the abysmal memory handling. :oops:


For those rare times that you need a "stab" at privacy with searches (well, other than your ISP is collecting anyway), there is the aggregation search from etools.ch in conjunction with HTTPS. Of course you'll need a TOR, I2P or VPN for to circumvent your ISP's data collection.
 
just brew it!
Gold subscriber
Administrator
Posts: 50347
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 1:53 pm

CScottG wrote:
Yup. If you are straight-up using Google for your searches then what's the point of not using Chrome (..most of the time)? Well, other than the abysmal memory handling. :oops:

At least memory was cheap when I put my last build together. 32GB FTW! :lol:

CScottG wrote:
For those rare times that you need a "stab" at privacy with searches (well, other than your ISP is collecting anyway), there is the aggregation search from etools.ch in conjunction with HTTPS. Of course you'll need a TOR, I2P or VPN for to circumvent your ISP's data collection.

I run my own Cloud-based SOCKS proxy for when I'm on the road; I could use that from home too if I was that paranoid. It tends to introduce some lag/stutter though, so I don't bother with it at home.
Nostalgia isn't what it used to be.
 
Chrispy_
Gold subscriber
Maximum Gerbil
Posts: 4190
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 2:23 pm

Chrome is my daily driver for sheer convenience, given that I'm heavily invested in the Google ecosystem.

I have been using Firefox since 0.81 and I still have FF for secure/private browsing and when I need to make use of extensions (I don't burden Chrome with any extensions other than ABP)

I'm stuck at release 56 because the new version breaks all the useful extensions and, IMO, ruins Firefox's ecosystem and raison d'être.
Last edited by Chrispy_ on Sat Dec 16, 2017 2:26 pm, edited 1 time in total.
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.
 
JustAnEngineer
Gold subscriber
Gerbil God
Posts: 17843
Joined: Sat Jan 26, 2002 7:00 pm
Location: The Heart of Dixie

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 2:25 pm

Developers of the most useful FireFox plug-ins have developed versions compatible with the new engine. The new version is noticeably faster than the old one (release 56 and older).
i7-8700K, H100i v2, RoG Strix Z370-G Gaming, 16 GiB, RX Vega64, 960Pro SSD, 5TB HDD, Define Mini-C, SS-660XP2, C32HG70, RK-9000BR, MX518
 
Chrispy_
Gold subscriber
Maximum Gerbil
Posts: 4190
Joined: Fri Apr 09, 2004 3:49 pm
Location: Europe, most frequently London.

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 2:28 pm

JustAnEngineer wrote:
Developers of the most useful FireFox plug-ins to me have developed versions compatible with the new engine. The new version is noticeably faster than the old one (release 56 and older).


FTFY.

I would be giving more than half of my extensions and cannot find suitable replacements for most of them.
Congratulations, you've noticed that this year's signature is based on outdated internet memes; CLICK HERE NOW to experience this unforgettable phenomenon. This sentence is just filler and as irrelevant as my signature.
 
puppetworx
Gerbil Elite
Posts: 705
Joined: Tue Dec 02, 2008 5:16 am

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 6:10 pm

Why compromise integrity for a PR stunt? Oh right, this is Mozilla we're talking about.

I use Brave or Vivaldi in a virtual machine for regular browsing, they've made huge progress in the last year, but for banking, emails and purchases I use Edge - I don't fully trust the smaller browsers to handle that. I dropped Chrome and Firefox years ago when they became resource hogging and slovenly. I like browsers to be lightweight, unfortunately they all seem to go the way of Netscape Navigator over time.
Intel Core i5-4670K | AMD RX 480 8GB | Asus Z87-A | Kingston HyperX Savage 16GB 2400MHz CL11 | Samsung 840 120GB | Thermalright Macho | Lancool PC-K59
 
CScottG
Graphmaster Gerbil
Posts: 1069
Joined: Fri Dec 01, 2006 9:53 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 7:08 pm

puppetworx wrote:
..I use Brave or Vivaldi in a virtual machine for regular browsing, they've made huge progress in the last year,


Yeah. YEAH! :D

puppetworx wrote:
..but for banking, emails and purchases I use Edge - I don't fully trust the smaller browsers to handle that.


..err, WTF? :o

For Banking, *sensitive* emails, purchases:

https://www.qubes-os.org/

..note that Qubes should be installed on "bare metal" considering it's based on a Hypervisor and specifically relies on security measures between OS-browsers under that condition (IOMMU segmentation). Moreover, each activity should be segmented between OS-Browsers. This would include different OS-Browsers for each credit card and transactions utilizing that specific credit card.

https://www.qubes-os.org/doc/installati ... -usb-drive

Note the requirements for Qubes 4.:

https://www.qubes-os.org/doc/system-requirements/

Particularly Intel VT-d or AMD-vi (enabled in the bios with a CPU that can use them), if the system has these functions then it has the preceding Intel VT-x or AMD equivalent.
 
bthylafh
Grand Gerbil Poohbah
Posts: 3963
Joined: Mon Dec 29, 2003 11:55 pm
Location: Southwest Missouri, USA

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 16, 2017 8:37 pm

Qubes is probably overkill unless you think you've got a motivated and capable enemy specifically targeting you *and* you're willing to deal with the extra workload, IMO, but it's pretty neat nonetheless. I've played with v3.x a bit on an old Ivy Bridge laptop and I've thought about setting up a dual-boot between it and Win10 on my new Coffee Lake rig, which has VT-d support for extra network security.
Hakkaa päälle!
i7-8700K|Asus Z-370 Pro|32GB DDR4|Asus Radeon RX-580|Samsung 960 EVO 1TB|1988 Model M||Logitech MX 518 & F310|Samsung C24FG70|Dell 2209WA|ATH-M50x
 
Kougar
Minister of Gerbil Affairs
Posts: 2243
Joined: Tue Dec 02, 2008 2:12 am
Location: Texas

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sun Dec 17, 2017 8:09 am

That is all kinds of stupid. FF is not a young company anymore, they can't get away with that. If Google can't get away pulling a stunt like that, then FF should have known how it would go. Nevermind that imitating nefarious extensions is all kinds of stupid in its own right.

just brew it! wrote:
I switched to Chrome several years ago and haven't looked back. Yeah, there are privacy concerns; but Google knows pretty much everything anyway..


Especially if using Gmail as well as Google.

I still use Chrome as my mainstream browser after Opera sold out. Vivaldi is nice, but it has some CPU usage issues and crashes that prevent me from fully switching. Also, maybe it's just a personal peeve but I find it highly irritating Vivaldi only gives update notifications AFTER I've closed the window full of tabs. Then it re-opens them if I actually follow through with the update.

Now that I have a smartphone, the cross-platform ease with Android will probably keep me using Chrome in the near future anyway.
 
puppetworx
Gerbil Elite
Posts: 705
Joined: Tue Dec 02, 2008 5:16 am

Re: Firefox Hacked with Rogue Plugin... by its own developers

Mon Dec 18, 2017 1:37 pm

CScottG wrote:
https://www.qubes-os.org/


Interesting! For me switching to Qubes is a little too inconvenient but good to know about nonetheless, I may have a use for it in the future. Just now I could create a dedicated VM for sensitive tasks without any inconvenience, I think that would give me a little more security and be a reasonable middleground.
Intel Core i5-4670K | AMD RX 480 8GB | Asus Z87-A | Kingston HyperX Savage 16GB 2400MHz CL11 | Samsung 840 120GB | Thermalright Macho | Lancool PC-K59
 
CScottG
Graphmaster Gerbil
Posts: 1069
Joined: Fri Dec 01, 2006 9:53 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Tue Dec 19, 2017 1:33 pm

puppetworx wrote:
..Just now I could create a dedicated VM for sensitive tasks without any inconvenience, I think that would give me a little more security and be a reasonable middleground.



That's good.

Best practice is mostly down to segmenting/partitioning your activities and not being "on-line" much before or after doing that activity from that VM (..and VM's should be based on Linux 64 bit distro's of choice).

Ex. A different email address for each credit card and a different VM for making purchases for each particular credit card. Your Banking email should also be on a different VM with it's own email address. "Refresh" credit cards at least annually (or sooner if a breach is suspected) and create new addresses and update your purchase sites with that info. from your credit card purchase VM.

IN PARTICULAR: make sure that you use each VM from a clean state (..in Virtualbox it's a snapshot of the VM with the application/browser open as if you were intending to use it for the first time). Open from that "snapshot"; ALWAYS open from that "snapshot" and close it soon after you are done using it (with no "save"). This should mitigate most risks.
 
just brew it!
Gold subscriber
Administrator
Posts: 50347
Joined: Tue Aug 20, 2002 10:51 pm
Location: Somewhere, having a beer

Re: Firefox Hacked with Rogue Plugin... by its own developers

Tue Dec 19, 2017 1:37 pm

Well that's some Grade A paranoia there. But I'm not gonna say you're wrong. If there's anything the past few years have taught me, sometimes the paranoid people are right.
Nostalgia isn't what it used to be.
 
CScottG
Graphmaster Gerbil
Posts: 1069
Joined: Fri Dec 01, 2006 9:53 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Tue Dec 19, 2017 2:28 pm

just brew it! wrote:
Well that's some Grade A paranoia there. But I'm not gonna say you're wrong. If there's anything the past few years have taught me, sometimes the paranoid people are right.



..sadly born from experience. :oops: (..though fortunately not entirely my own.)

It really sounds more complicated than it is though. Once it's setup properly you just leave Virtualbox open all the time and then "spin-up" the virtual machine you want to use, and certain machines like general browsing and general email are open all the time (..so in Windows 10 you just go down to the Virtualbox tab and their mini windows are "open" ready to be "maximised" to the desktop for use). It also has the nicety of limiting RAM- usage, though the downside is that with more machines open your general RAM-use goes way up. (..and it's important to use a distro that doesn't require a great deal of RAM. I think I used Puppy for my mother's setup and was around half a gig per machine, so at any given time she's using a little more than a gig. just for those VM.s.)

The credit card "refresh" is a bit annoying. Not so much from the credit card company, more from having to update each purchase website/account. I really need to find someway to sort of automate that process (..and I haven't looked into it at all). :oops:
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26740
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Firefox Hacked with Rogue Plugin... by its own developers

Tue Dec 19, 2017 2:34 pm

just brew it! wrote:
Well that's some Grade A paranoia there. But I'm not gonna say you're wrong. If there's anything the past few years have taught me, sometimes the paranoid people are right.

Especially since card hacks are VERY rarely MitM between a purchaser's home computer and the credit card server. The VAST majority of card compromises happen at third-party card processing companies. Places where large amounts of card data are handled by companies that are not owned by regulated financial institutions are nice juicy targets for card thieves.

[/day job]
Death is a side effect of birth.
 
curtisb
Gerbil XP
Posts: 404
Joined: Tue Mar 30, 2010 11:27 pm
Location: Oklahoma

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 23, 2017 2:25 pm

Captain Ned wrote:
Especially since card hacks are VERY rarely MitM between a purchaser's home computer and the credit card server.


^This. Attackers aren't going after what you're doing at home. That's a waste of time to try to hack hundreds of thousands of individuals instead of just going directly for weak spots in a merchant's system. Even refreshing your cards annually isn't doing that much. Every new debit card (from multiple banks) I've received for the last few years has had the same number with just a different expiration date and three-digit CVV number. Even our work credit cards were that way...and I won't say which bank issues them, but it's one of the big ones.

With regards to protecting your personal data...create as many email addresses as you want. You're still coming from the same external IP address. I can guarantee you they're putting that information together in their metrics and still know exactly who is browsing what. Your search and shopping habits are going to be different from someone else in your household. Amazon, Google, Microsoft, etc....they all pay people to figure this stuff out because, whether we like it or not, ad revenue is what keeps everything going these days.
ASUS MAXIMUS VIII HERO | Intel Core i7-6700 | Asus STRIX GTX 970 4GB | 4 x Corsair LPX 8GB | 2 x Crucial MX200 500GB | 2 x Hitachi Deskstar 4TB | Phanteks Eclipse | Seasonic X-850 | Dell UP2516D
 
Captain Ned
Gold subscriber
Global Moderator
Posts: 26740
Joined: Wed Jan 16, 2002 7:00 pm
Location: Vermont, USA

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sat Dec 23, 2017 5:32 pm

curtisb wrote:
Every new debit card (from multiple banks) I've received for the last few years has had the same number with just a different expiration date and three-digit CVV number. Even our work credit cards were that way...and I won't say which bank issues them, but it's one of the big ones.

You're not giving anything away. The first 6 digits of a credit card number are what's called the BIN number and identify the issuer. Same issuer, same BIN. Here's a detailed explanation of what means what in a credit card number. While it's from 2011, the underlying standards haven't changed.

http://www.dirigodev.com/blog/ecommerce ... rd-number/

[/Day Job]
Death is a side effect of birth.
 
mcarson09
Gerbil
Posts: 31
Joined: Sat Aug 01, 2015 5:34 pm

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sun Dec 24, 2017 2:48 am

It wasn't hacked. You allowed them to install it by allowing Firefox to install and run Studies.

https://support.mozilla.org/en-US/questions/1194583
Ignorance is not an excuse.
 
Redocbew
Gold subscriber
Graphmaster Gerbil
Posts: 1469
Joined: Sat Mar 15, 2014 11:44 am

Re: Firefox Hacked with Rogue Plugin... by its own developers

Sun Dec 24, 2017 12:38 pm

Firefox gained its popularity by avoiding exactly these kind of stunts. Even if IE wasn't so poorly behaved it was still backed by the megacorp while Mozilla was very much the underdog. That alone would have caused some people to take notice, but the software they provided was actually good as well. Now they're acting like the megacorp without actually being one, and they don't seem to care much about the software its self.
Do not meddle in the affairs of archers, for they are subtle and you won't hear them coming.

Who is online

Users browsing this forum: No registered users and 9 guests