Is Firefox Serious About Blocking the Java Plugin?
By on September 30th, 2011

Firefox is the second most popular web-browser and it has held this title for too long. Projected figures show that it is going to  lose the title in December. However, an ongoing discussion by Mozilla might accelerate the fact. The discussion is on whether Firefox should allow the Java plugin, which is used for almost all  transactions  (not just online banking transactions) across the world.
java-plugin
A new attack has been identified that decrypts web-traffic and can dig through sensitive and personal information being sent over a transaction. The attack has been termed as  the BEAST (Browser Exploit Against SSL/TLS) attack  and it has been demonstrated successfully in a proof-of-concept hack.

Dan Goodin from The Register  talks about the BEAST exploit:

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the  secure sockets layer technology  that serves as the internet’s foundation of trust. Although versions 1.1 and 1.2 of TLS aren’t susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he’s visiting.

The Public Key Infrastructure has three core services to take care of- Authentication, Integrity and Confidentiality. Authentication makes sure that the people at either end of the transaction are indeed who they claim to be. Integrity ensures that the data being transmitted is sent and received in the same form without alteration. Confidentiality deals with hiding the data from prying eyes, making the data  comprehensible  only to the people at either end. The BEAST attack goes after confidentiality and breaks it successfully.

The bug  689661 on Bugzilla at Mozilla lists out a favorite solution of blacklisting all versions of the Java plugin. This will affect all corporate businesses (ones that are transaction based) and some regular features of services that explicitly rely on the Java plugin, ones like Facebook video chat.

Currently, the only web-browser that is attempting to secure against this attack (without removing Java support) is Google Chrome.

(Image source)

Tags: ,
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
  • http://meena-tech.blogspot.com/ Meena bassem

    really ,disable the java plugin? well, i guess chrome will be more popular then

  • Philani Dlamini

    We have Chrome, Mozilla deuchebags

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN