[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 05/08/10 12:48, Rhia Knowles wrote: > > It was enabled for me by default too. Yes, that is the default but what does it actually do? Firefox geo location always prompt before geo location information is sent remotely. So I don't think it being enabled is an issue. The only reason to disable it permanently is to avoid being prompted if you know you'll never want to reveal your location to any website - which seems unlikely. If you don't have a wireless card all it is going to do is send your IP address and a cookie, which the remote end could get without this service anyway. The actual exploit is documented here, and has nothing to do with Firefox Geo Location other than using the same database from Google. http://samy.pl/mapxss/ The specific attack only works with a specific router from Verizon, and some of us have extra firefox plug-ins to try and minimize the risks from XSS attacks. One also has to wonder how much more "vulnerable" one is to having one's computer location identified. I'm really not that worried, as any one who does a comprehensive check on my IP address will discover. So does Mozilla needs to do anything? No. If one is really worried about this sort of attack, then changing your wireless routers settings, and MAC address is probably the way to go. Google won't be refreshing the database the hard way frequently, although they may be refining it based on usage. Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq