Мобильный LiveInternet

Statement on DigiCert’s Proposed Purchase of Symantec’s CA rss_mozsec 31-10-2017 14:47

Mozilla’s Root Store Program has taken the position that trust is not automatically transferable between organizations. This is specifically stated in section 8 of our Root Store Policy v2.5, which details how Mozilla handles transfers of root certificates between organizations. & Continue reading

The post Statement on DigiCert’s Proposed Purchase of Symantecs CA appeared first on Mozilla Security Blog.

https://blog.mozilla.org/security/2017/10/31/statement-digicerts-proposed-purchase-symantec/

комментарии: 0 понравилось! вверх^ к полной версии

Firefox AddressSanitizer builds have been moved rss_mozsec 10-09-2016 02:28

This is a short announcement for all security researchers working on Firefox that use our pre-built AddressSanitzer (ASan) builds. Until recently, you could download these ASan builds from our FTP servers. Due to changes to our internal build infrastructure, these & Continue reading

https://blog.mozilla.org/security/2016/09/09/firefox-addresssanitizer-builds-have-been-moved/

комментарии: 0 понравилось! вверх^ к полной версии

Mitigating MIME Confusion Attacks in Firefox rss_mozsec 26-08-2016 12:44

Scanning the content of a file allows web browsers to detect the format of a file regardless of the specified Content-Type by the web server. For example, if Firefox requests script from a web server and that web server sends & Continue reading

https://blog.mozilla.org/security/2016/08/26/mitigating-mime-confusion-attacks-in-firefox/

комментарии: 0 понравилось! вверх^ к полной версии

MWoS 2015: Let’s Encrypt Automation Tooling rss_mozsec 08-08-2016 18:16

The Mozilla Winter of Security of 2015 has ended, and the participating teams of students are completing their projects. The Certificate Automation tooling for Lets Encrypt project wrapped up this month, having produced an experimental proof-of-concept patch for the Nginx & Continue reading

https://blog.mozilla.org/security/2016/08/08/mwos-2015-lets-encrypt-automation-tooling/

комментарии: 0 понравилось! вверх^ к полной версии

Announcing the 2016 edition of Mozilla Winter of Security rss_mozsec 01-08-2016 19:30

What security engineers do at Mozilla is critical not for just Firefox users, but for the whole Web. If you’ve ever used the OWASP Zed Attack Proxy, read our security guidelines on SSH and TLS or evaluated your website & Continue reading

https://blog.mozilla.org/security/2016/08/01/announcing-mwos-2016/

комментарии: 0 понравилось! вверх^ к полной версии

Enhancing Download Protection in Firefox rss_mozsec 01-08-2016 18:55

Protection against malicious downloads was added in Firefox 31 on Windows and in Firefox 39 on Mac and Linux. Thanks to Googles expansion of their Safe Browsing service, Firefox 48 now extends our existing protection to include two additional kinds & Continue reading

https://blog.mozilla.org/security/2016/08/01/enhancing-download-protection-in-firefox/

комментарии: 0 понравилось! вверх^ к полной версии

March 2016 CA Communication rss_mozsec 30-03-2016 01:52

Mozilla has sent a Communication to the Certification Authorities (CAs) who have root certificates included in Mozilla’s program. Mozilla’s CA Certificate Program governs inclusion of root certificates in Network Security Services (NSS), a set of open source libraries designed to & Continue reading

https://blog.mozilla.org/security/2016/03/29/march-2016-ca-communication/

комментарии: 0 понравилось! вверх^ к полной версии

Payment Processors Still Using Weak Crypto rss_mozsec 25-02-2016 03:20

Part of how Mozilla protects the Web is by participating in the governance of the Web PKI, the system of security certificates that allows websites to authenticate themselves to browsers. Together with the other browsers and stakeholders in the Web, & Continue reading

https://blog.mozilla.org/security/2016/02/24/payment-processors-still-using-weak-crypto/

комментарии: 0 понравилось! вверх^ к полной версии

Mozilla Winter of Security-2015 MozDef: Virtual Reality Interface rss_mozsec 05-02-2016 20:18

Mozilla runs Winter of Security (MWoS) every year to give folks an opportunity to contribute to ongoing security projects in flight. This year an ambitious group took on the task of creating a new visual interface in our SIEM overlay & Continue reading

https://blog.mozilla.org/security/2016/02/05/mozilla-winter-of-security-2015-mozdef-virtual-reality-interface/

комментарии: 0 понравилось! вверх^ к полной версии

Man-in-the-Middle Interfering with Increased Security rss_mozsec 07-01-2016 02:03

According to the plan we published earlier for deprecating SHA-1, on January 1, 2016, Firefox 43 began rejecting new certificates signed with the SHA-1 digest algorithm. For Firefox users with unfiltered access to the Internet, this change probably went unnoticed, & Continue reading

https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/

комментарии: 0 понравилось! вверх^ к полной версии

Improving Revocation: OCSP Must-Staple and Short-lived Certificates rss_mozsec 23-11-2015 17:50

Last year, we laid out a long-range plan for improving revocation support for Firefox. As of this week, weve completed most of the major elements of that plan. After adding OneCRL earlier this year, we have recently added support for & Continue reading

https://blog.mozilla.org/security/2015/11/23/improving-revocation-ocsp-must-staple-and-short-lived-certificates/

комментарии: 0 понравилось! вверх^ к полной версии

Updated Firefox Security Indicators rss_mozsec 03-11-2015 17:00

This article has been coauthored by Aislinn Grigas, Senior Interaction Designer, Firefox Desktop Over the past few months, Mozilla has been improving the user experience of our privacy and security features in Firefox. One specific initiative has focused on the & Continue reading

https://blog.mozilla.org/security/2015/11/03/updated-firefox-security-indicators-2/

комментарии: 0 понравилось! вверх^ к полной версии

Continuing to Phase Out SHA-1 Certificates rss_mozsec 20-10-2015 21:31

In our previous blog post about phasing out certificates with SHA-1 based signature algorithms, we said that we planned to take a few actions with regard to SHA-1 certificates: Add a security warning to the Web Console to remind developers & Continue reading

https://blog.mozilla.org/security/2015/10/20/continuing-to-phase-out-sha-1-certificates/

комментарии: 0 понравилось! вверх^ к полной версии

Deprecating the RC4 Cipher rss_mozsec 11-09-2015 20:08

As part of our commitment to protect the privacy of our users, Mozilla will disable the insecure RC4 cipher in Firefox in late January 2016, beginning with Firefox 44. Mozilla will be taking this action in coordination with the Chrome & Continue reading

https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/

комментарии: 0 понравилось! вверх^ к полной версии

Improving Security for Bugzilla rss_mozsec 04-09-2015 18:59

The Bugzilla bug tracker is a major part of how we accomplish our mission of openness at Mozilla. It’s a tool for coordinating among our many contributors, and a focal point for community interactions. While most information in Bugzilla is & Continue reading

https://blog.mozilla.org/security/2015/09/04/improving-security-for-bugzilla/

комментарии: 0 понравилось! вверх^ к полной версии

Expanded Malware Protection in Firefox rss_mozsec 11-08-2015 17:00

As part of our commitment to help Firefox users stay safe online, we have recently expanded the malware detection features in Firefox. Thanks to new developments in Googles Safe Browsing service we are now able to identify malware downloads in & Continue reading

https://blog.mozilla.org/security/2015/08/11/expanded-malware-protection-in-firefox/

комментарии: 0 понравилось! вверх^ к полной версии

Firefox exploit found in the wild rss_mozsec 07-08-2015 08:36

Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. & Continue reading

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

комментарии: 0 понравилось! вверх^ к полной версии

Mozilla Winter of Security is back! rss_mozsec 15-07-2015 22:18

Last year, we introduced the Mozilla Winter of Security (MWoS) to invite students to work on security projects with members of Mozilla’s security teams. Ten projects were proposed, and dozens of teams applied. A winter later, MWoS 2014 gave birth & Continue reading

https://blog.mozilla.org/security/2015/07/15/mozilla-winter-of-security-is-back/

комментарии: 0 понравилось! вверх^ к полной версии

Dharma rss_mozsec 29-06-2015 20:54

As soon as a developer at Mozilla starts integrating a new WebAPI feature, the Mozilla Security team begins working to help secure that API. Subtle programming mistakes in new code can introduce annoying crashes and even serious security vulnerabilities that & Continue reading

https://blog.mozilla.org/security/2015/06/29/dharma/

комментарии: 0 понравилось! вверх^ к полной версии

Changes to the Firefox Bug Bounty Program rss_mozsec 09-06-2015 21:53

The Bug Bounty Program is an important part of security here at Mozilla. This program has paid out close to 1.6 million dollars to date and we are very happy with the success of it. We have a great community & Continue reading

https://blog.mozilla.org/security/2015/06/09/upcoming-changes-to-the-firefox-bug-bounty-program/

комментарии: 0 понравилось! вверх^ к полной версии