An Interest In:
Web News this Week
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
December 13, 2019 03:02 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LbAGhrNvdh4/mozilla-to-force-all-add-on-devs-to-use-2fa-to-prevent-supply-chain-attacks
Mozilla To Force All Add-on Devs To Use 2FA To Prevent Supply-Chain Attacks
Mozilla announced this week that all developers of Firefox add-ons must enable a two-factor authentication (2FA) solution for their account. From a report: "Starting in early 2020, extension developers will be required to have 2FA enabled on AMO [the Mozilla Add-Ons portal]," said Caitlin Neiman, Add-ons Community Manager at Mozilla. "This is intended to help prevent malicious actors from taking control of legitimate add-ons and their users," Neiman added. When this happens, hackers can use the developers' compromised accounts to ship tainted add-on updates to Firefox users. Since Firefox add-ons have a pretty privileged position inside the browser, an attacker can use a compromised add-on to steal passwords, authentication/session cookies, spy on a user's browsing habits, or redirect users to phishing pages or malware download sites. These types of incidents are usually referred to as supply-chain attacks.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/LbAGhrNvdh4/mozilla-to-force-all-add-on-devs-to-use-2fa-to-prevent-supply-chain-attacks
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot