Vlákno názorů ke zprávičce Rozšíření pro službu Mega krade přihlašovací údaje a kryptoměny od D.A.Tiger - Me osobne na tom prislo velmi zajimave vyjadreni...
-
Me osobne na tom prislo velmi zajimave vyjadreni MEGA:
"We would like to apologise for this significant incident. MEGA uses strict release procedures with multi-party code review, robust build workflow and cryptographic signatures where possible," the blog post continued. "Unfortunately, Google decided to disallow publisher signatures on Chrome extensions and is now relying solely on signing them automatically after upload to the Chrome webstore, which removes an important barrier to external compromise. MEGAsync and our Firefox extension are signed and hosted by us and could therefore not have fallen victim to this attack vector. While our mobile apps are hosted by Apple/Google/Microsoft, they are cryptographically signed by us and therefore immune as well."
Nevim a nedokazu posoudit jestli to neni jen vymluva (rozsireni pro chrome nedelam), ale uz jen fakt, ze napadeny byl jen tento plugin navozuje otazku, jestli neni nahodou na vine google se spatne zabezpecenym repositarem tech pluginu. A v tomto kontextu se mi vybavuje cca 2 roky stara afera, kdy se primo z Google Play meli sirit appky s malwarem. Hmmmm....
-
Jano z vesnice (neregistrovaný)
Nejde o samotne extension ale o rozdieloch v sposobe ako sa pridavaju do "repozitarov" pre Firefox https://addons.mozilla.org/en-US/firefox/extensions/ a pre Chrome: https://addons.mozilla.org/en-US/firefox/extensions/
Do Chrome niekto podvrhol falosnu extension, do Mozilly nie pretoze maju lepsie nastavene procesy asi.
