Gnome weather extension as malware?
Robert Moskowitz
rgm at htt-consult.com
Wed Apr 30 14:54:23 UTC 2014
On 04/30/2014 10:44 AM, Steven Stern wrote:
> On 04/30/2014 09:29 AM, Robert Moskowitz wrote:
>> Is anyone running the Gnome weather extension? I have disabled it and
>> my system is running better. Or rather FIrefox is working 'right' again.
>>
>> This extension gets its weather information from the Norway weather
>> service, and you can't change this. I had noticed that many places I
>> was going to in Firefox took a long time to reply. It was as if Firefox
>> was hanging, and other Firefox windows were not responding either.
>>
>> I finally fired up wireshark and I was seeing that requests for things
>> like apis.google.com (or some such) was being routed through a .no site
>> (by reverse lookup on IP address). Perhaps this extension was altering
>> Firefox's proxy settings.
>>
>> I don't have the time or resources to do a serious review, but I am
>> pointing this out and perhaps others may have noticed this as well. Or
>> are suffering and not knowing it. This may be accidental or really
>> actually malicious; just don't know.
>>
>>
> I just fired up Wireshark and set it to monitor all HTTP traffic from my
> machine to any address. I'm not seeing anything untoward with respect to
> the Weather extension, although I wonder if it's necessary for it to
> check in every 15 seconds.
Maybe that was all I was seeing.
> FWIW, I'm not using any extensions from the
> repo; I've installed them all directly from the Gnome extensions site.
I also installed from the Gnomes extensions site.
>
> There are no slowdowns with either Chrome or Firefox.
>
I will keep monitoring the situation and see if any slowdowns develop.
Then maybe turn the extension back on (maybe check if there have been
any updates?).
More information about the users
mailing list