NewsBot Posted August 31, 2011 Share Posted August 31, 2011 Firefox (referred to as Fx) is an open source browser developed by Mozilla. The second most popular browser worldwide, Firefox features a customizable user interface that allows you to enhance it using custom themes and Personas. Personas change the appearance of the user interface without rearranging the elements. Themes however, can completely change the UI ranging from the types of buttons to the color sceme used. Add-ons allow you to customize Firefox to your liking to make a more enjoyable web surfing experience. Some examples of popular add-ons that you can use to customize Firefox are AdBlock Plus, DownThemAll!, TabMixPlus and many more. Firefox has tabbed browsing, bookmarks, a built in session manager, private browsing, personas, themes, add-ons and more. Firefox does not use ActiveX which helps make it a more secure browser. Firefox does make use of many plugins to enhance your web experience. From Shockwave, Flash, Quicktime and more; your browsing experience reaches new levels with the Firefox browser. Downloads: Firefox 6.0.1 | All builds View: Release Notes Homepage: Mozilla Firefox View the full article Quote Link to comment Share on other sites More sharing options...
James_A Posted August 31, 2011 Share Posted August 31, 2011 The reason Firefox was updated is because of the revelation that the Dutch Certification Authority, DigiNotar, has been hacked and has issued dozens of false SSL security certificates, including a global (wildcard) certificate for Google that is actually being used in the Middle East DigiNotar have therefore been removed as a trusted Root Authority in the Mozilla root certificate store. This affects everything Mozilla, including all branches of Firefox (release, Beta and Aurora) as well as ThunderBird. DigiNotar has also been removed as a trusted Root Authority by Microsoft, since this affects every current version of Windows, too. Quote Link to comment Share on other sites More sharing options...
James_A Posted September 1, 2011 Share Posted September 1, 2011 ... issued dozens of false SSL security certificates, including a global (wildcard) certificate for Google ... Turns out that the official estimate (according to DigiNotar) is, to put it mildy, an understatement. Several hundred false security certificates is nearer the truth. (Google has banned about 250 in its Chrome browser). This makes ComodoGate look like a minor incident, in comparison. . Quote Link to comment Share on other sites More sharing options...
James_A Posted September 5, 2011 Share Posted September 5, 2011 Firefox 6.0.2 will be released tomorrow, for the same reason that 6.0.1 was released. DigiNotar-gate is increasingly looking like a total Internet Security meltdown. . Quote Link to comment Share on other sites More sharing options...
Eldmannen Posted September 7, 2011 Share Posted September 7, 2011 The guy who hacked DigiNotar is awesome. People who cant even secure their own servers should not be trusted for security on other servers. They should not issue security certificates if they can't secure their own servers. Too bad they weren't revoked earlier. You would expect a security company relied on by millions of users for their security to keep their software up-to-date and secure their own servers. DigiNotar have been revoked from all web browsers, so now they're going out of business. Quote Link to comment Share on other sites More sharing options...
James_A Posted September 9, 2011 Share Posted September 9, 2011 They should not issue security certificates if they can't secure their own servers. Too bad they weren't revoked earlier. There is a public report available on just how bad DigiNotar were: Fox-IT DigiNotar Certificate Authority breach “Operation Black Tulip” Interim Report (PDF file, 407 KB) They weren't revoked earlier, because they never told anybody that they had been hacked. They are now being investigated by the Dutch Public Prosecutor for possible negligence. Of course, Apple have not responded to any of this so iPhones, iPads, iMacs, MacBooks -- everything Apple -- are all still vulnerable. . Quote Link to comment Share on other sites More sharing options...
Eldmannen Posted September 9, 2011 Share Posted September 9, 2011 They should not issue security certificates if they can't secure their own servers. Too bad they weren't revoked earlier. There is a public report available on just how bad DigiNotar were: Fox-IT DigiNotar Certificate Authority breach “Operation Black Tulip” Interim Report (PDF file, 407 KB) They weren't revoked earlier, because they never told anybody that they had been hacked. They are now being investigated by the Dutch Public Prosecutor for possible negligence. Of course, Apple have not responded to any of this so iPhones, iPads, iMacs, MacBooks -- everything Apple -- are all still vulnerable. . Thanks for the link! Horrible security fail. They ought to be prosecuted for negligence. Should have up-to-date software, two-factor authentication, secure remote logging, stronger passwords, security software, etc. I think the hacker is cool. He claims to work alone. This guy so far single-handely broke into at least 2 certificate authorities (he claims many more). If he did it alone, just imagine what intelligence agencies (FBI, NSA, Mossad, GRU, NSB, etc) could do and probably already have done. http://pastebin.com/u/ComodoHacker He boats about his skills He claims what he done is revenge because the dutch traded 40 dutch for 8000 muslims with the bosnians who then massacred 8000 people. Thanks to him, the Internet will get more secure. Now that DigiNotar got all their certificates revoked, and two CA have been publically hacked, other CA will be scared that they're next, and they will secure their servers/network/services. Mozilla asked CAs to audit themselves. Security researchers will be focusing on alternatives to CAs and new ways to secure CAs. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.