IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [plugins]

35 questions
2
votes
1 answer

Is possible to implement a Web Cryptography API custom provider?

I'm reading some basic info about Web Cryptography API and I'm wondering if is possible to implement some crypto provider (C/C++ library or something) with some extra algorithms or is mandatory to use the ones "embedded" with the web browser. I have…
RobertGG
  • 47
  • 4
2
votes
1 answer

How can I programatically keep track of number of certificate warnings in browser?

I want to keep a count of how many certificate warnings have been made in the browser over a period of several weeks. I also want to keep track of whether the user ignored these warnings and just clicked through them. Any ideas on how I could do…
Minaj
  • 1,536
  • 2
  • 14
  • 23
2
votes
1 answer

Plugins to increase security of Chrome?

What plugins are there for Chrome, that would increase security while browsing the web? For Firefox I have used NoScript, Flashblock, and AdBlock Plus, are there equivalents to these plugins for Chrome? Several plugins I have heard about are uMatrix…
Smiith
  • 157
  • 1
  • 1
  • 8
2
votes
4 answers

Plugin / extension security practices

What kind of common security practices do software developers apply when allowing extensions or plugins to be added to their software, like e.g. Firefox, Photoshop and GIMP do? It can be either on Windows or Linux or Mac. Example of scenarios: …
mnoq
  • 23
  • 2
2
votes
2 answers

What could a malicious website do if you don't update Adobe Flash?

If you click on "Activate Adobe Flash" when Firefox warns that "this plugin is vulnerable and should be updated", you can still use Adobe Flash. What could a website do to you if the "plugin is vulnerable"?
whatever489
  • 838
  • 3
  • 9
  • 21
1
vote
1 answer

Is drive-by-download possible with NoScript?

I am using and getting my friends to use NoScript, and the argument I usually have to use to convince them is "It prevent website to infect you without you downloading something (by yourself)". But now that I read a bit about malware, I m not so…
DrakaSAN
  • 113
  • 9
1
vote
0 answers

Question about the Perspectives add-on, is this dangerous?

When I visited Google and Facebook, and then clicked on the Perspectives add-on button to check the certificate information, I saw this:     What does this mean? Shouldn't it have more "graph" lines? Why just two? Is this secure? Do I have to worry…
user500468
  • 175
  • 1
  • 3
1
vote
0 answers

Isolating permissions available to browser JS via oauth and referer

This proposal concerns a strategy for isolating the permissions given to plugins in a plugin architecture. I'm looking for insight into whether this design can succeed in isolating those permissions. Access to the entire site is controlled via…
tasteslikelemons
  • 111
  • 3
1
vote
2 answers

Can plugins for text editors and IDEs be malicious?

I'm always a little cautious about plugins I install for text editors or browsers, but can they be dangerous and cause the text editor or browser to behave in a malicious way? For example, can a plugin for Atom or Firefox read files and delete…
user205297
1
vote
1 answer

Haunted Google Account?

Not to be dramatic but at my level of inexperience, the title is what I'm left with. Hoping smarter people can point me in the right direction, so here goes... A google account used in a school environment, on samsung chromebooks, has been…
Matt M
  • 13
  • 3
1
vote
1 answer

Why request and response calls in my burp suite python plugin come in such random order?

So I am trying to write this burp plugin using jython and python for burp suite. Now in the processHttpMessage body, I found before a proper execution of the entire method takes place for one request message, it starts executing for another request…
BoredToolBox
  • 57
  • 5
1
vote
1 answer

Making an encrypted SMS app (Android)

From my limited googling I've noticed that a lot of the mainstream encrypted messaging apps all are either (or a combination of!) closed-source, run through an uncontrolled third-party server, use a proprietary algorithm, or use out-dated…
Todd Schwine
  • 349
  • 1
  • 2
  • 5
1
vote
0 answers

How Skype Click to Call plugin is used to send spam?

My friend had Skype Click to Call plugin installed within browser on Mac OSX. And his Skype account started to send some automatic spam messages linking to lose weight websites (via goo.gl) without having actual virus/malware installed on his…
kenorb
  • 799
  • 4
  • 8
  • 27
0
votes
2 answers

Will Ad Block Plus block the ads that give someone Cryptowall 2.0?

Now I already know that making sure your browser plugins are either non-existent or up-to-date is one way of being on the safe side against ransomeware like Cryptowall 2.0; but since clicking ads are the way this thing is distributed, would ad-block…
leeand00
  • 1,297
  • 1
  • 13
  • 21
0
votes
1 answer

Ubuntu 12.04 server attacked using Wordpress vulnerability (plugin?)

Env Rackspace cloud server Wordpress 3.9.1 Ubuntu 12.04 Linux web.mydomain.com 3.2.0-67-virtual #101-Ubuntu SMP Tue Jul 15 17:58:37 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux History These may actually be part of the same issue, I have already…
zabumba
  • 161
  • 1
  • 8
1
2
3