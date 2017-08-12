Chrome Extension Developers Under a Barrage of Phishing Attacks (bleepingcomputer.com) 20
An anonymous reader quotes Bleeping Computer: Google's security team has sent out warnings via email to Chrome extension developers after many of them have been the targets of phishing attacks, some of which have been successful and resulted in crooks taking over extensions. These phishing attacks have come into the limelight this past week when phishers managed to compromise the developer accounts for two very popular Chrome extensions -- Copyfish and Web Developer. The phishers used access to these developer accounts to insert adware code inside the extensions and push out a malicious update that overlaid ads on top of web pages users were navigating.
According to new information obtained by Bleeping Computer, these attacks started over two months ago and had been silently going on without anyone noticing. All phishing emails contained the same lure -- someone posing as Google was informing extension developers that their add-on broke Chrome Web Store rules and needed to be updated. The extension developer was lured onto a site to view what was the problem and possibly update the extension. Before seeing the alert, the site asked extension developers to log in with their Google developer account, a natural step when accessing a secure backend.
Are they saying that even developers just click without looking?
And maybe someone clueless enough to fall for this kind of tricks (bogus phishing links) wouldn't be the best person to trust with your web security (the web extensions they write are probably full of exploitable bugs and flaws).
When I was a kid, I was taught to distrust phone calls from anyone I didn't recognize, even if they claimed they were from a business with which we had a relationship. After all, how do we know it's actually them, and not someone else posing as them to steal credit card info, account codes, or other private information? We'd listen to what they had to say, but unless they verified their identity in some way, we wouldn't give them any information. If we wanted to follow up or act on anything they said, we wo
So lately Firefox has been adding support for WebExtensions [mozilla.org] extensions, which is basically Chrome's extension model but for Firefox. As that page says, "Much of the specifics of the new API are similar to the Blink extension API". It's yet another case of Firefox's developers essentially cloning what Chrome did, even if Firefox's users don't want that at all.
Now we're hearing that Firefox 57 will only support support WebExtensions extensions [mozilla.org]. That will likely mean that a lot of extensions will break for a l
[...] push out a malicious update that overlaid ads on top of web pages users were navigating.
That would explain why the ads on Slashdot are overlaying the content.