https://www.ghacks.net/2017/12/13/mozil ... festation/47 of the 60 add-ons on the first two pages are spam add-ons right now, only 13 are legitimate extensions for Firefox.
AMO WebExtensions.
- Frank Lion
- Posts: 21178
- Joined: April 23rd, 2004, 6:59 pm
- Location: ... The Exorcist....United Kingdom
- Contact:
AMO WebExtensions.
I see this AMO WebExtension stuff is going well -
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
.
- LIMPET235
- Moderator
- Posts: 39959
- Joined: October 19th, 2007, 1:53 am
- Location: The South Coast of N.S.W. Oz.
Re: AMO WebExtensions.
Yep.
It's all "clear sailing" from now on.
Ilike this comment though...
It's all "clear sailing" from now on.
I
Safeguards are in place that prioritize extensions that are uploaded, but the fact remains that extensions are made
available on AMO for a period of time before they are checked by a human.
[Ancient Amateur Astronomer.]
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
Win-10-H/64 bit/500G SSD/16 Gig Ram/450Watt PSU/350WattUPS/Firefox-115.0.2/T-bird-115.3.2./SnagIt-v10.0.1/MWP-7.12.125.
(Always choose the "Custom" Install.)
- Omega X
- Posts: 8225
- Joined: October 18th, 2007, 2:38 pm
- Location: A Parallel Dimension...
Re: AMO WebExtensions.
Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
-
- Posts: 4480
- Joined: March 19th, 2005, 10:51 am
Re: AMO WebExtensions.
a lot of illegal offers/downloads (films/series), online casino/gambling. phishing and hacking crap. modified extensions - same name, but ads in it.
but that is not all - a lot of crappy extensions, just another name for old coffee, copy&pasted code.
this automated review and signing really needs improvement. the illegal film stuff can hunt mozilla down.
but that is not all - a lot of crappy extensions, just another name for old coffee, copy&pasted code.
this automated review and signing really needs improvement. the illegal film stuff can hunt mozilla down.
- Aris
- Posts: 3248
- Joined: February 27th, 2011, 10:14 am
Re: AMO WebExtensions.
A while ago add-on developers got punished by a crappy false positives throwing add-ons validator on add-on upload. They got punished a second time by very long review times sometimes. In worst case a third punishment was declining add-on release to the public, if something was wrong or the reviewer did not understand either the code or what the add-on was for. (This happened twice with my add-ons in the last six years: one reviewer called used ids/classes being too "general", one reviewer refused to give a full review, because the add-on would not target many users -> not logic in that, I know).
I'm glad to see they finally threw all this overboard after a large amount of devs left add-on development for good just to make today's spammers happy.
It seems like there is no more code checking for suspicious stuff inside add-on validator (this shitty tool isn't even able to permit multiple add-on uploads using same add-on name). Apparently add-on reviewers don't check WEs and crappy/broken/faulty/scam add-osn can be released to the public automatically. WOW, just wow.
I'm glad to see they finally threw all this overboard after a large amount of devs left add-on development for good just to make today's spammers happy.
It seems like there is no more code checking for suspicious stuff inside add-on validator (this shitty tool isn't even able to permit multiple add-on uploads using same add-on name). Apparently add-on reviewers don't check WEs and crappy/broken/faulty/scam add-osn can be released to the public automatically. WOW, just wow.
- therube
- Posts: 21714
- Joined: March 10th, 2004, 9:59 pm
- Location: Maryland USA
Re: AMO WebExtensions.
But you're all missing the point.
Now when you install an extension, there is a disclaimer, "this addon is allowed to", so "we're covered".
And they're signed - for our protection.
Plus extensions are now far less useful, far less powerful, so there is no way they can be nefarious.
:happy:!
Now when you install an extension, there is a disclaimer, "this addon is allowed to", so "we're covered".
And they're signed - for our protection.
Plus extensions are now far less useful, far less powerful, so there is no way they can be nefarious.
:happy:!
Fire 750, bring back 250.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball CopyURL+ FetchTextURL FlashGot NoScript
- the-edmeister
- Posts: 32249
- Joined: February 25th, 2003, 12:51 am
- Location: Chicago, IL, USA
Re: AMO WebExtensions.
They are directly at fault! Mozilla Addons crew dropped their guard and allowed this to happen by ending manual screening of new WebExtensions too soon AND then not keeping an eye on that was "coming in the door". Anyone with half a brain would have at least been monitoring an increase in volume in new addon submissions and that wondered enough about the screwy and similar names of so many submissions, and then "slammed the door" until they figured out what was going on.Omega X wrote:Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
And what about automated screening? Has that ended, too? A simple tweak to the algorithm for just the check for duplicate extension names should have flagged the vast majority of that crap based upon the excess of punctuation marks, nonsensical words used, and similarity of names. Not that AMO hasn't been down that road before ...
A mind is a terrible thing to waste. Mine has wandered off and I'm out looking for it.
- Frank Lion
- Posts: 21178
- Joined: April 23rd, 2004, 6:59 pm
- Location: ... The Exorcist....United Kingdom
- Contact:
Re: AMO WebExtensions.
You didn't skim read this stuff, did you?Omega X wrote:Honestly, I won't totally fault Mozilla for this one. I've seen A LOT of bot spam elsewhere that looks similar to this all throughout comment systems and other public facing review sections where its easy to make an account.
I mean, you do know this about real live extensions being offered to the public for installation on their systems and not about bot spam on comment/review threads, right?
As for human reviews of extensions or lack of, here's a quiz -
#1. Have you noticed a huge reduction in the number of extensions lately?
#2. Guess what skills you need to analyse code as an AMO reviewer?
#3. Guess what percentage of AMO reviewers are/were also extension/theme developers themselves?
#4. If #1="true" then what happens to the total number of active extension developers and in turn to the total number of active AMO reviewers?
This AMO stuff is a pity, Jorge is OK as are the reviewers (mainly fellow devs anyway) and as a 'golden boy' my stuff always flies through review in hours. But, looking at the situation objectively, yeah, it's one almighty **** up.
As to who's to blame, well that's easy. It's bound to be entirely the fault of that rancid stoat, fligtar. The fact that he claims to no longer work for Mozilla cuts no ice with me, trust me on this, it's all his fault.
See? without any smilies you just don't know, do you?
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
.
- Omega X
- Posts: 8225
- Joined: October 18th, 2007, 2:38 pm
- Location: A Parallel Dimension...
Re: AMO WebExtensions.
I really don't care. I'm really tired of caring about Mozilla and its constituents. I'm more than happy to let them fall on their face. What I do know is that this type of attack is automated and is attacking more than just AMO.
- Frank Lion
- Posts: 21178
- Joined: April 23rd, 2004, 6:59 pm
- Location: ... The Exorcist....United Kingdom
- Contact:
Re: AMO WebExtensions.
https://blog.mozilla.org/addons/2018/01 ... zilla-org/
Hmm, sounds like AMO are getting a bit short of add-on reviewers. I wonder why that would be?
Hmm, sounds like AMO are getting a bit short of add-on reviewers. I wonder why that would be?
"The only thing necessary for the triumph of evil, is for good men to do nothing." - Edmund Burke (attrib.)
.
.