at times i've pondered the question: to what extent are the attackers compromising the browser -- rather than the o/s -- to work their trade?
It would appear the answer is "yep" according to article pub in Info Week Nov 7
there was this
the question here is: to what extent does/can AppArmor prevent un-authorized modifications to Firefox or Chrome ?If you've got $3,931 burning a hole in your pocket, speak Russian, and want to invest in a crimeware toolkit, you're in luck. That's the price for the latest version of the Citadel malware, code-named Rain Edition (188.8.131.52), which includes all of the latest malware mod cons: advanced Firefox and Chrome data-stealing plug-ins, advanced Web injection techniques to modify code on targeted websites, and easier updating for Trojan files that have been used to infect PCs. The malware also sports an easy-to-use, browser-based interface for running the command-and-control (C&C) infrastructure that sends instructions to infected PCs in the botnet -- and retrieves stolen data -- as well as infection analytics.
I'm running the Firefox Profile by Jamie Strandboge of Canonical now.
My question is: does this prevent addition of un-authorized plug-ins and if so should i know how to check this in the profile ?
we would need to know -- what components would the hacker need to modify to add an un-authorized plug-in and -- how to we deny access in the AppArmor profile to prevent this