IE8 Sees The Light | Main | New Add-ons Site Is Awsome

March 8, 2008

Trusting 3rd Party Programs

Interesting little story about 3rd party password stealing.

What was interesting to me was that my own Gmail Notifier was accused of stealing passwords early on. It turned out the person actually downloaded the extension from another site and not my own (back when there was no addons.mozilla.org) and had his account "hacked".

Luckily, we have addons.mozilla.org now for a central location to get extensions. Hopefully the extension reviewers are doing a good job filtering out evil extensions :)

Of course, it is easier for us as most extensions are pure xml/js and that makes auditing much easier.


Posted by doron at March 8, 2008 6:37 PM

Trackback Pings

TrackBack URL for this entry:
http://weblogs.mozillazine.org/mt/track.cgi/12440

Comments

whereas having more extension provided at AMo is a good thing. The issue still comes from the fact that many addons are not signed/certified, and so users are used to install unsigned addons. So they may not be careful when installing addons from third parties sites

Posted by: FACORAT Fabrice at March 9, 2008 11:45 AM

I gotta agree with Fabrice.

It should state more clearly, when you're downloading an unsigned addon.

I've found several guides to sign extensions (google: firefox sign extension xpi), but I haven't found it easy or free for that matter.

If AMO could have the service, so once your extension is accepted, they would sign it (if requested by author). It must be possible to automate this process.

Posted by: hansen at March 13, 2008 4:54 PM

Hi Doron,
Firstly thank you for gmail notifier! :)
Secondly -sorry for the off-topic but I wasn't able to find any contact form- is it possible to somehow retrieve the date of the messages from gmail and then to notify you or NOT depending of a timestamp that will keep track of the last time the user clicked the gmail notifier icon? If yes then it could be a nice and greatly appreciated addition to gmail notifier, i.e. to be notified of NEW unread messages only. Ty in advance for your reply.

Posted by: Sensi at October 16, 2008 11:13 AM

Post a comment




Remember Me?