The mink farm raider turned FBI informant, Justin Samuel, has appeared on a video promoting the latest update of the Firefox browser. According to Peter Young, who was implicated by Samuel’s testimony, “In August I wrote about the curious micro-trend of Animal Liberation Front informants going into the computer security field. Darren Thurston, who implicated several people in Animal Liberation Front and Earth Liberation Front arsons, is now a computer security consultant. Justin Samuel, on his UC-Berkeley graduate student profile, posts several articles he authored on computer security before surfacing on the Mozilla Firefox 4 team.” Samuel’s work with Firefox throws into question activist security and the credibility of Mozilla, the group that first innovated Firefox browser.
In other news, the animal rights group, Voice of the Voiceless, has obtained a recent copy of the reactionary newsletter, “Extremist Watch,” brought to you by the private investigation firm, Information Network Associates, which profiles animal rights activists and groups. Click here for more info.
Firefox and security are not words that fit as a pair in my book anymore !
I have well gone off Firefox after finding that the android version without any plugins is listening in to DLNA broacast messages from devices like XBoxes and Samsung Smart TVs and then making a UPNP request to the devices to recive XML data back from these devices.
In my case this not only includes the make and model of the TV but also the serial number and its not like my simple android device can steam to the TV or play XBox games.
I know Google pays Firefox $50m a year and they don’t do that without getting something in return as you can see if you type About:config into the URL and search for Google but I will not put up with Firefox hacking my local area network to then upload all the device data back to central server.
Shown below is both the request and reply I captured with some of the data replaced using XXX and I also had to tweak the HTML tags in the XML so it would post.
GET /smp_24_ hxxp/1.1
Host: X.X.X.40:7676
User-Agent: Mozilla/5.0 (Android; Tablet; rv:36.0) Gecko/36.0 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
hxxp/1.1 200 OK
CONTENT-LANGUAGE: UTF-8
CONTENT-TYPE: text/xml; charset=”utf-8″
CONTENT-LENGTH: 1167
Date: Thu, 01 Jan 1970 03:59:18 GMT
connection: close
Application-URL: hxxp://X.XX.40:80/ws/app/
SERVER: SHP, UPnP/1.0, Samsung UPnP SDK/1.0
[?xml version=”1.0″?][root xmlns=’urn:schemas-upnp-org:device-1-0′ xmlns:sec=’hxxp://www.sec.co.kr/dlna’ xmlns:dlna=’urn:schemas-dlna-org:device-1-0′] [specVersion] [major]1[/major] [minor]0[/minor] [/specVersion] [device] [deviceType]urn:dial-multiscreen-org:device:dialreceiver:1[/deviceType] [friendlyName][TV]Samsung50[/friendlyName] [manufacturer]Samsung Electronics[/manufacturer] [manufacturerURL]hxxp://www.samsung.com/sec[/manufacturerURL] [modelDescription]Samsung TV NS[/modelDescription] [modelName]XXX9200[/modelName] [modelNumber]1.0[/modelNumber] [modelURL]hxxp://www.samsung.com/sec[/modelURL] [serialNumber]XXXXXXXXXX[/serialNumber] [UDN]uuid:0dbXXXXXXXXXXXX[/UDN] [sec:deviceID]XXXXXXOMKVUK[/sec:deviceID] [sec:ProductCap]Resolution:1280X720,Y2013[/sec:ProductCap] [serviceList] [service] [serviceType]urn:dial-multiscreen-org:service:dial:1[/serviceType] [serviceId]urn:dial-multiscreen-org:serviceId:dial[/serviceId] [controlURL]/smp_26_[/controlURL] [eventSubURL]/smp_27_[/eventSubURL] [SCPDURL]/smp_25_[/SCPDURL] [/service] [/serviceList] [/device][/root]