Jump to content
Sign in to follow this  
Cesario

Chrome extensions compromised leading to the Mega.nz app stealing passwords

Recommended Posts

"Unfortunately, Google decided to disallow publisher signatures on Chrome extensions and is now relying solely on signing them automatically after upload to the Chrome webstore, which removes an important barrier to external compromise. MEGAsync and our Firefox extension are signed and hosted by us and could therefore not have fallen victim to this attack vector. While our mobile apps are hosted by Apple/Google/Microsoft, they are cryptographically signed by us and therefore immune as well."

 

GG Google, you opened up the ability for this to happen... topkek.

 

td;lr of this article is: stick with FireFox where extensions are more secure.

 

@Moodkiller

Share this post


Link to post
Share on other sites

I guess this is just a thing to watch out for now...

 

CCleaner and now a Chrome Extension. Hackers getting into the respective servers and replacing the release with a malicious one...

 

Fortunately, I don't use the extension, I always use the site or megatools on my seedbox.

  • Sad 1

Share this post


Link to post
Share on other sites
29 minutes ago, RyanEsau said:

I guess this is just a thing to watch out for now...

 

CCleaner and now a Chrome Extension. Hackers getting into the respective servers and replacing the release with a malicious one...

 

Fortunately, I don't use the extension, I always use the site or megatools on my seedbox.

Thing is, this isn't a MEGA issue. This is a security issue with Chrome, one that Google created knowingly as I quoted above. Essentially absolutely every extension under Chrome could fall for attack vector.

 

Just one more thing in a long list of reasons why FireFox is and has always been the superior option.

  • Like 2

Share this post


Link to post
Share on other sites
1 hour ago, Koby said:

Thing is, this isn't a MEGA issue. This is a security issue with Chrome, one that Google created knowingly as I quoted above. Essentially absolutely every extension under Chrome could fall for attack vector.

 

Just one more thing in a long list of reasons why FireFox is and has always been the superior option.

 

Didn't mean to imply it as a MEGA issue. I just was pointing out that this seems to be a thing to watch out for now -- hackers getting their grubby hands into servers and replacing a release with one with some keylogger or whatever added into it. So then anyone that updates gets affected and is vulnerable until the company (or host in this case, Google) catches and resolves it.

Share this post


Link to post
Share on other sites
5 hours ago, Koby said:

Thing is, this isn't a MEGA issue. This is a security issue with Chrome, one that Google created knowingly as I quoted above. Essentially absolutely every extension under Chrome could fall for attack vector.

 

Just one more thing in a long list of reasons why FireFox is and has always been the superior option.

On an unrelated note, as much as I always would love to advocate for the free-er and thus superior option, I wonder how long Firefox will really last under the helm of Mozilla. They use proprietary blobs in Quantum which makes it difficult to remove and revise in forked browsers (or some just outright refusing to adopt Quantum due to the adoption of Rust and the complexity of said implementation), they force install addons without consent which so far have been alarming in nature whereas not even Chrome would dare attempt to do, and they explore new ideas every month to implement history tracking, feed recommendations and even OS-side snooping for advertisements (thankfully most ideas were shutdown) and lastly (not Mozilla's fault) Google services not working correctly or slower on Quantum, but that's expected from competition and scummy. 

I'm personally waiting for Brave to release to 1.0 next year and will move from Firefox for good. It's the best of both worlds with a monitored addon store, privacy-centric first, completely de-Googled Chromium and you can even support your favourite sites and content creators with BAT if you wish to. Until then, I seriously hope Mozilla doesn't go and pull a wild 360 for the better of everyone ☺️

Share this post


Link to post
Share on other sites

@Cesario @Koby The topic title heavily implies MEGA is somehow directly involved. I would strongly suggest changing it - just because ZDNet writes it doesn't mean we should here.

On 9/12/2018 at 10:13 AM, Ka44tsUU said:

On an unrelated note, as much as I always would love to advocate for the free-er and thus superior option, I wonder how long Firefox will really last under the helm of Mozilla. They use proprietary blobs in Quantum which makes it difficult to remove and revise in forked browsers (or some just outright refusing to adopt Quantum due to the adoption of Rust and the complexity of said implementation), they force install addons without consent which so far have been alarming in nature whereas not even Chrome would dare attempt to do, and they explore new ideas every month to implement history tracking, feed recommendations and even OS-side snooping for advertisements (thankfully most ideas were shutdown) and lastly (not Mozilla's fault) Google services not working correctly or slower on Quantum, but that's expected from competition and scummy. 

I'm personally waiting for Brave to release to 1.0 next year and will move from Firefox for good. It's the best of both worlds with a monitored addon store, privacy-centric first, completely de-Googled Chromium and you can even support your favourite sites and content creators with BAT if you wish to. Until then, I seriously hope Mozilla doesn't go and pull a wild 360 for the better of everyone ☺️

Please stop reading and spreading awful anti-Firefox propaganda. It is essentially pro-Chrome brainwashing at this point because even if you don't use Chrome it is the only real alternative for the general public.

 

Firefox was virtually unusable pre-Quantum because it had fallen so far behind the competition - whatever Quantum's minor technical faults, it leapfrogged every other browser with version 57, and hasn't looked back. Even with the Google services issue, it's often still faster on those sites than Chrome because it's faster overall!

 

As for the privacy silliness - sure Mozilla has done a few questionable things, but the problem is that Firefox is incredibly dependent on Google for revenue which is very obviously a bad thing. So Mozilla does look for other revenue opportunities, while trying to ensure that users always have the opportunity to disable and/or opt out of any such "features" (sometimes opt in depending on severity).

 

Complaining about when Mozilla goes too far is absolutely valid, but the vast majority of these complaints imply that there are better alternatives, when all of them - including the Firefox forks - are much worse for a variety of reasons. (You may want to read up on Brave before you make a mistake switching browsers, by the way.)

Edited by mcmxcixmm

Share this post


Link to post
Share on other sites

@mcmxcixmm I never implied 'anti-Firefox propaganda' (lmfao) in this post, I am anti-Mozilla for sure, as you already know who takes rather large donations and subsidiaries from Google and friends whom would like to spread an ideology in the years to come, as do many organisations of this stature. I run and will continue to use GNU Icecat Quantum for the years to come because I feel it's the best open source has to offer that provides total freedom for its users. As of today, Brave has finally released a beta build of the degoogled-chromium browser but I'm not feeling it yet really, and as more pressing days pass, it seems less and less relevant as a bastion of freedom and more monetary gain as always, so I do concede with your sentiment and retract my statement about it. This still doesn't mean that Mozilla isn't halting from beginning to turn to a darker leaf and I seriously hope they don't, for the better of everyone.

 

22/10/2018 EDIT: 
Oh no, Mozilla just partnered up with ProtonVPN to provide their services easily within the system 😥

Edited by Ka44tsUU
News

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×