Connect with us

Bugs

Mozilla Recalls New Features Due to Fatal Security Bug

Published

on

Firefox 37 was released on March 31st, but less than a week later, on April 3rd, Mozilla was forced to release a patch that disabled many new features it had instituted.

Opportunistic Encryption

firefox1Mozilla had attempted to implement a security function called opportunistic encryption, which makes it difficult for hackers to monitor client-side communications when accessing servers that do not have their own native encryption. A little less than 60% of the top one million websites online do not use SSL by default. Many argue that they have no need to, as they are simply displaying information, not collecting anything sensitive. But unencrypted connections make it easier for attackers to compromise clients using the websites, and opportunistic encryption is an effort to mitigate this risk.

The Firefox bug was discovered by one of Mozilla’s security researchers, Muneaki Nishimura, and in the report the foundation issued, they described it as a pretty serious problem:

If an Alt-Svc header is specified in the HTTP/2 response, SSL certificate verification can be bypassed for the specified alternate server. As a result of this, warnings of invalid SSL certificates will not be displayed and an attacker could potentially impersonate another site through a man-in-the-middle (MTIM), replacing the original certificate with their own.

Testament to the Community

Software development is a risky business, especially when you’re producing one of the world’s most popular web browsers. A mistake like this could have led to serious, unnecessary breaches to user privacy, and could have spelled the end of the Mozilla Foundation as an entity taken seriously. It is a testament to the community that it took less than four days for the flaw to be discovered. It is well-documented that bugs in the production code of much larger organizations, such as Microsoft, have persisted for years without a patch, or worse, releases patches that actually break security even further.

Also read: No Browser is Secure: All Major Browsers Hacked at 2015 Pwn2Own Contest

Further Auditing in Order

Perhaps the past few updates haven’t been fully audited, you may be thinking. And you may be right. Luckily, if you’re a security researcher, you’ve got an opportunity to make some money by finding vulnerabilities and exploits. Just go here, the bounty program, and make up to $3,000 per flaw that you find.

Not the First Major Mozilla Flaw

Like all good software, Mozilla has had its share of bumps in the road. Notably, in 2012, a javascript vulnerability enabled the attacker to escalate to administrator privileges on affected machines. Like the opportunistic encryption bug described here, it didn’t last long.

Images from Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

5 stars on average, based on 2 rated postsP. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link




Feedback or Requests?

1 Comment

1 Comment

  1. Gotone Gotoneofthesetoo

    April 13, 2015 at 9:08 pm

    Firefox has sucked for at least 2 years-unexpected crashes/resource hogging. WHY can’t the fumduckers TEST their POS code adequately before pushing the latest release on us? In this piece their own researcher found the problem 4 days after release-why not test more thoroughly PRIOR to release?? I’ve emailed repeatedly and never receive even a canned courtesy response, so eff ’em. Gone back to Opera [which I abandoned ~ 4 years ago because THEY had gotten bloated and buggy back then. So far their newest release is performing very well. If only they all didn’t think that bigger is better/new “features”= improvement. PATCH THE HOLES, DON’T REBUILD THE WHOLE HIGHWAY EVERY 3 MONTHS.

You must be logged in to post a comment Login

Leave a Reply

Altcoins

Monero Price Analysis: XMR/USD Slips Below Crucial Daily Support Ahead of System Update

Published

on

  • Monero’s navitve token XMR is forced to breach a key area of support by the market bears.
  • XMR/USD was being support by an ascending trend line, running from 14th August.
  • The Monero foundation is scheduled for a routine network upgrade.

Monero Network Update

The Monero foundation is scheduled to update its network on 18th October, as a result this will be bringing a new hard fork to its token. They have been making it a routine process now, hard forking every six months. Their focus being on the likes of increased ring-size for more privacy, with large transactions and tweaking their proof of work algorithm.

In terms of this upgrade, the goal is to enhance efficiency and make some adjustments to the current proof of work algorithm. Ultimately, to make it resistant and curb the threat of ASIC mining. Developers at Monero will be implementing the new Bulletproofs protocol. This will see greater privacy, lower fees and faster verification. It will reduce transaction size by an estimated 80%.

Technical Review – Daily Chart

XMR/USD daily chart

XMR/USD slipped out to the downside from an ascending trend line. As a result, the market bears managed to push for a breach and daily close below on 7th October. The support had been running since 14th August, where the price hit a low of $76.739.  A retest has been seen and pressure is now gradually mounting on Monero’s XMR. In terms of support, the 50DMA has provided some initial comfort for now. Furthermore, the next major downside support is observed in a chunky demand area. This is seen tracking from $86 down to $76. Resistance will now be eyed at $116.550 area, underneath the breached ascending trend line. In proximity to the 100DMA, which may cause some difficulty for the bulls. Elsewhere, further to the north, resistance can be seen within the $125.000 territory. Finally, heavy supply is tracking from $140 up to $150.

Technical Review – 4-hour Chart

XMR/USD 4-hour chart

Despite the above-mentioned daily breakout from the supporting trend line, there is still some hope for XMR/USD in the near-term, because from looking at the 4-hour chart view, the price has been moving within a range-bound block. This narrowing area has been running since 26th September. Fortunately for the price, a fresh wave of selling pressure has been prevented for now.  The lower part of the mentioned range has proven to see some near-term support. Therefore, the protection has been observed from around $112 to the high $111 territory. Although, a breach of this area could see a fast fall back down to sub $100, last traded below here on 12th September. While further downside pressure could force a retreat back down to a firm demand zone. Eyes would be on $86-77 range for buying.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
2 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 52 votes, average: 3.50 out of 5 (2 votes, average: 3.50 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 33 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Altcoins

Monero Price Analysis: XMR/USD Bulls Cooking Up Big Potential Moves

Published

on

  • XMR/USD price action surprisingly this week has been generally muted.
  • Current price behavior looks more favorable to see upside surprises, rather than any heavy selling pressure.

The Monero price this trading week has been somewhat muted. This comes as quite a surprise given the recent updates from the foundation. The foundation introduced the Maleware Workgroup, a huge step in efforts to protect the Monero community. Elsewhere, the foundation was also finally able to patch the ongoing ‘burning bug’ issue, which was proving to be a big problem. Full details of both developments posted in previous Monero article.

Near-term Analysis (60-Minute Chart)

XMR/USD 60-minute chart

Looking at the 60-minute chart for XMR/USD, it is very much clear to see how tight the trading range is. The vast majority of price action, aside from a couple of spikes here and there, has been swinging between $117 down to $111. This behavior has been observed since the bull run seen on 19th September, which was then paired after 23rd September fall.

Daily Chart View

XMR/USD daily chart

Price action is being supported by an ascending trend line on the daily chart. This has been running from 13th August, proving its strength. XMR/USD is currently stuck in between the 100DMA ($116.795), which is seen above, and the 50DMA ($110.877) below.  The price has seen a bounce on several occasions in September, off the trend line.

Next Move for Monero

The above-mentioned tracking ascending trend line is going to be vital in Monero’s recovery. Market bulls will need comfort, in case of another failed break down of above chunky supply area. This is seen tracking from $140-$150. There were several occasions in July and one in September, where the bulls failed to break this down. On each time the price has come into contact with this territory, it has been hit pretty hard by the sellers.

XMR/USD daily view

A breakout to the upside from the mentioned supply, could see a fast move towards $170, where some resistance can be seen. The price most recently found difficulty within this area at the early part of June. Enough bullish momentum should see it clear this territory, with $200 being reclaimed to the upside. XMR/USD was last trading above $200 back on 21st May.

Looking to the downside, a breach in the ascending trend line to the downside, could be catastrophic. Sellers would likely pile in with a high amount of volatility, sending the price down to sub-$100. The next chunky demand area is seen down within the $90-75 range. XMR/USD traded within this zone on 14th August, where the market managed receive a firm bounce.

Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.5 stars on average, based on 33 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets.




Feedback or Requests?

Continue Reading

Bitcoin

Bitcoin Network Faced One-Two Punch of Inflation and DoS Threats

Published

on

Bitcoin Core has emerged seemingly unscathed from a major vulnerability that threatened to shut down parts of the network in a denial-of-service (DoS) attack. But apparently, the bug was even worse than originally thought. According to a Bitcoin Core Full Disclosure Report, the issue included an “inflation vulnerability,” one in which if seized upon could have bolstered the supply of bitcoin beyond the famous 21 million coin ceiling. By pouring more coins into the supply, the hackers would have diminished the value of the circulating bitcoins.

The decision to expose only the lesser extreme part of the bug to the public was deliberate. According to the report:

“In order to encourage rapid upgrades, the decision was made to immediately patch and disclose the less serious Denial of Service vulnerability, concurrently with reaching out to miners, businesses, and other affected systems while delaying publication of the full issue to give times for systems to upgrade. On September 20th a post in a public forum reported the full impact and although it was quickly retracted the claim was further circulated.”

Double-Edged Sword

The strategy was a success and the bug is no longer a threat, as evidenced by more than 50% of the bitcoin mining hashrate having been upgraded to the patched nodes with no known attempts to “exploit this vulnerability.”

Here’s what we know, according to the report –

“A developer by the title earlz independently discovered and reported the vulnerability to the Bitcoin Core security contact email.”

Meanwhile, on social media, a contributor identified as a Bitcoin Cash developer who goes by the handle “Awemany” was cheered on Reddit for discovering and reporting the bug and cementing their place in “bitcoin’s history book.” Awemany in a blog post pointed to bitcoin developer Matt Corallo, whose 2016 pull request in an attempt to accelerate validation times led to what Awemany characterized as “one of the most catastrophic bugs in Bitcoin ever.”

The bottom line is that the bug was discovered and the threat has been lifted. It’s both a reminder of the risks associated with the consensus mechanism and a demonstration of good faith among the decision makers.

While it’s mostly the future of ETH that has been contemplated of late, given the plummeting of the No. 2 cryptocurrency’s value this year along with the confidence of investors, bitcoin has its own issues. In an exclusive interview with CCN, Sheffield Clark, who is at the helm of bitcoin ATM maker Coinsource, pointed to potentially “stagnant” mainstream adoption of bitcoin amid a lack of regulatory framework to help resolve issues like extreme volatility.

Featured image courtesy of Shutterstock.

Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink.

Rate this post:

Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way.
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...

4.6 stars on average, based on 69 rated postsGerelyn has been covering ICOs and the cryptocurrency market since mid-2017. She's also reported on fintech more broadly in addition to asset management, having previously specialized in institutional investing. She owns some BTC and ETH.




Feedback or Requests?

Continue Reading

Recent Comments

Recent Posts

A part of CCN

Hacked.com is Neutral and Unbiased

Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com.

Trending