Firefox 4 should be treated as a member of the new breed in that regard,
and have 5 as its security update.
Actually, we are prolonging the security support for 4 and later, it's
not just a minimum of six months any more, now it's "forever", just that
the security updates always bring features and a new "version" as well. ;-)
I drafted a very short message (perhaps the first was too long?) and sent it to the four, once again from their own accounts: Really wasn't kidding about the insecurity thing. I won't send another message after this -- it's up to you to take your security seriously. You're at the [XYZ Street] Starbucks on an insecure connection, and absolutely anyone here can access your account with the right (free) tool.
Twenty minutes passed, and all four were still actively using Facebook.
runs an experiment with Firesheep
Having known about this problem
since 2003, a "fix" was applied in 2010 for firefox 4 which attempts to
identify credit card numbers in forms and not store them in the form
history. Great, now what about all the other data it is storing some of
which is just as sensitive as credit card numbers, if not more so ? If
credit card details get mis-used, liability is usually on the credit card
company, but not so for social security numbers, bank account numbers,
looks into Firefox's form data storage
Bitcoin raises untested legal concerns related to securities law, the Stamp
Payments Act, tax evasion, consumer protection and money laundering, among
others. And that's just in the U.S. While EFF is often the defender of
people ensnared in legal issues arising from new technologies, we try very
hard to keep EFF from becoming the actual subject of those fights or
issues. Since there is no caselaw on this topic, and the legal implications
are still very unclear, we worry that our acceptance of Bitcoins may move
us into the possible subject role.
stops accepting Bitcoin donations
Yesterday we made a code update at 1:54pm Pacific time that introduced a
bug affecting our authentication mechanism. We discovered this at 5:41pm
and a fix was live at 5:46pm. A very small number of users (much less than
1 percent) logged in during that period, some of whom could have logged
into an account without the correct password. As a precaution, we ended all
logged in sessions.
authentication for a few hours
to post comments)