New Firefox offers MITM protection via public key pinning
Posted on 03 September 2014.
Mozilla has released the latest version of Firefox (v32) for Windows, Mac, Linux, and Android, and the new browser sports some notable security improvements.

For one, the new version has public key pinning support enabled.

"Public Key Pinning is a mechanism for sites to specify which certificate authorities have issued valid certs for that site, and for user-agents to reject TLS connections to those sites if the certificate is not issued by a known-good CA. Public key pinning prevents man-in-the-middle attacks due to rogue CAs not on the site's list," the company explained, and added that the fact that Firefox didn't have support for it enabled is why they didn't detect the rogue SSL certificates created after the DigiNotar attack.

For now, the list of pinned sites include Twitter' and some of its subdomains, and Mozilla's own sites. Future versions will pin additional Twitter online assets, Google's, Dropbox, Firefox accounts and the TOR website.

Secondly, the company has removed some 1024-bit root certificates from its trust list (digital certificates that use 1024-bit RSA keys are no longer considered safe), and thirdly, three critical, two high and one moderate security vulnerability have been fixed.

This latest version also has other performance improvements, a list of which you can check out here.









Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //