SoylentNews is people
SoylentNews
from the random-plugin-included-for-free dept.
Submitted via IRC for SoyCow9228
Mozilla sneaked a browser plugin that promotes Mr. Robot into Firefox—and managed to piss off a bunch of its privacy-conscious users in the process.
The extension, called Looking Glass, is intended to promote an augmented reality game to "further your immersion into the Mr. Robot universe," according to Mozilla. It was automatically added to Firefox users' browsers this week with no explanation except the cryptic message, "MY REALITY IS JUST DIFFERENT THAN YOURS," prompting users to worry on Reddit that they'd been hit with spyware.
"I have no idea what it is or where it came from. I freaked out a bit and uninstalled it immediately," one user wrote on Reddit.
Without an explanation included with the extension, users were left digging around in the code for Looking Glass to find answers. Looking Glass was updated for some users today with a description that explains the connection to Mr. Robot and lets users know that the extension won't activate without explicit opt-in.
Mr. Robot is a TV series about hackers airing on USA Network.
Source: https://gizmodo.com/mozilla-slipped-a-mr-robot-promo-plugin-into-firefox-1821332254
(Score: 2, Informative) by Anonymous Coward on Monday December 18 2017, @12:53AM (2 children)
It's new to Windows
Security permissions has been baked in since Win NT 3.5. The coding standards on the other hand could be argued that they should be better. One of the NTs selling points was that it was DoD approved. That was before people starting punching holes through the network protocols they hung off the TCP ports (which was a clone of Novel).
NO one set it up the permissions correctly. I mean no one. Not even MS default setup did it much until 2000. The security permission stack in NT is actually pretty powerful. The posix style permission stack is simplistic by comparison. With many flags doing quadruple duty for different things. The NT permission stack is fairly fine grained. Which in many ways makes it harder and oddly enough more confusing to use. When I first learned about it I was like what the fuck is MS doing. This should be setup this way out of the box with some nice reading for every admin to do so they know about it.
Easiest way to 'secure' most windows computers? Install it. Have 1 admin user that install things. Then run everything else under standard user accounts. With each system process running in its own set of accounts. Pretty much the same way most unix boxes work.
The process sandboxing is new. But at this point is more of a process compile option than a configuration option (which it should be).
(Score: 0) by Anonymous Coward on Monday December 18 2017, @08:45AM (1 child)
And that's exactly what made Windows so insecure.
Yes, it can be secured very tightly, but you need to be Dave Cutler to understand it. Meanwhile, Unix permissions are so simple that they can be understood by anyone capable of handling a root password without nuking the entire system.
(Score: 0) by Anonymous Coward on Tuesday December 19 2017, @01:51AM
You can effectively mimic the posix style of permissions if you want in NT (they had to, to put in the OS/2 and posix subsystems). The permission system is much more powerful. The posix system is very powerful but has some creaky edge cases. I can effectively ban a particular user from seeing something even if they are in the right groups and permissions. Something a bit tougher to do in posix. NT has decent list of permissions both positive and negative. The ACL style is much more powerful. For 99% of everything both work very effectively in their default configurations. But get outside of those and NT's system is a better one.