What we think of thisfortnight’s top tech ne ws stories and rumours,
and how they affect you
Discussweb news atwww.facebook.com/webusermagazineNeed to Know29 May - 11 June 2019 9noted that somepe ople
joinedthissystempu rely to
get the upda te more quickly,
sothe compan y has saidit
willdelete any telemetry data
collected aroundthe outage
to honour users’preferences.
After all,you shouldn’ t have
to hand over data justto get
yourbrowser working again.What dowethink?
It’s annoying to have anby major developers
including Apple, Microsoft
andGoogle.What dowethink?
We tendto think of bugsas a
prob lem that plag ues
software , but hardware is
alsocapableof leaking data
andbe ing target edby
hackers. That said, there’s
usual ly littlethat users can
doabout it. The head linesMozilla apologises for Firefox add-on failureZombieload security flaw found in Intel chipsadd-on you dependon
suddenly stop working
without explanation,but
it’s goodthat Mozilla takes
the ti meto secure add-ons.
The certificate that expired
isusedto digi tally si gnal l
add-onsafter review by
Mozilla staff, to helpcutthe
numberof malici ous ones
target ing Firefox users.
Mozilla admitsthat this
usedto bea serious
prob lem,andwhil e it’s
annoying that the
certificate was allowed to
expire,it’s betterto suffer
the inconvenience of an
outage thanno t beab leto
trustextensionsat all.
Hopefully, the next
expiration data isnow in
Mozilla’s calendar , sothis
won’t happe n again.about Zombielo ad– and
the nameitself– sound
scary, but protectionis
generally a matterof
running upda tes asusual.
It’s more complex for
advancedusers who need
fullproc essorperformance
andar e therefore at risk
of being target edby
sophisticated hackers – but
it’s not something mostof
ushave to worry about.What happened?
Mozilla apologi sed after
users of it s Firefox browser
found their add-ons
stoppedworking andne w
onescouldn’tbeinstal led.
The compan y blamed an
expirin g securi tycertificate
(bit.ly/mozilla476), which
made it appearto Mozilla’s
systems that extensions
weren’t trustworthy or
secure. Mozilla pushedout
a quick fix to everyonein
its telemetry progr amme,
which allows for faster
upda tes;otherusers
receivedanupda te within
two days.How will it affectyou?
Suchanou tage is
prob lematic if you use a
browser-basedpasswordWhat happened?
Intel proc essorsha ve been
hit by yet anothersecuri ty
flaw, after Meltdownand
Spectre lastyearrevealed
that the chipsinour
computerswere aspron e
to vulnerab ilitiesas our
software. Uncovered by
Germanand Belgia n
universityresearchers,the
Zombielo adfl aw leaksdata
including browser histor y
andpasswords , aswellas
encryptionkeys.
The attackexploits– and
isnamedafter – a proc ess
calleda “zombielo ad”.
That’s whena proc essor
isn’t sure what to dowith
certain data , soit asksits
own microcodefor help,
which allows data to leak
beyondthe proc essthat’s
using it.manager, soit’s worth
ensuringyou can accessyour
login detailsvia othermeans,
ratherthanrelyingsolely on
a browser extension.
Firefox uses a variety of
methods to upda te, soso me
users got a fix more quickly
thanothers – notabl y those
who opted into the Studies
telemetry system, which
collectsdata to helpMozilla
develop the software. MozillaHow will it affectyou?
The vulnerab ilityisinIntel
proc essorsfrom
onward s,but the researchers
saidit may beonolder
systems,too.It affe cts
desktop PCs andlaptops,
including AppleMacs, aswell
ascloudservers.The
researchers admittedthey
don’tknow if hackersha ve
usedthe flaw yet.
Aswith many of th ese
major flaws,there isn’t much
that indi vidualus ers can do- thisis a prob lem for Intel to
fix going forward,andfor
software makersto mitigate
againstvia upda tes.For this
reason , the advice to manage
Zombielo adisthe same as
usual : keepyourop erating
systeman d othersoftware
upto date at all ti mes,and
downloadthe latestupda tes