Depois de alguns anúncios relacionados com segurança nesta semana, a empresa por trás do famoso navegador web Mozilla Firefox anunciou que está a testar uma nova ferramenta de segurança chamada Firefox Monitor.
A empresa disse que esta ferramenta tem a capacidade de verificar se as contas dos utilizadores foram hackeadas. Essa notícia chegou aos media justamente quando a gigante tecnológica lançou o Firefox 61 para Windows, Mac, Linux e Android.
O teste do Firefox Monitor também vem logo após a parceria da Mozilla com o Cloudflare e o I Have Pwned (HIBP).
Semelhante à função existente do HIBP, fundada pelo investigador de segurança Troy Hunt, o Firefox Monitor permite que os utilizadores insiram os seus endereços de e-mail de forma a verificar se fazem parte das fugas de dados publicadas na Internet (e dark web) pelos hackers.
“In order to help keep personal information and accounts safe, we will be testing user interest in a security tool that lets users check if one of their accounts has been compromised in a data breach,” Peter Dolanjski, product manager for Firefox, said in a post. “We decided to address a growing need for account security by developing Firefox Monitor, a proposed security tool that is designed for everyone, but offers additional features for Firefox users.”
Os utilizadores do Firefox Monitor podem validar os websites ou fontes onde viram os seus dados expostos e também receber recomendações de segraunça sobre o que fazer em caso de violação de dados.
“This is major, because Firefox has an install base of hundreds of millions of people which significantly expands the audience that can be reached once this feature rolls out to the mainstream,” Hunt said in a blog post. “I’m really happy to see Firefox integrating with HIBP in this fashion, not just to get it in front of as many people as possible, but because I have a great deal of respect for their contributions to the technology community.”
Num nível mais técnico, o serviço Monitor do Firefox irá usar endpoints da API do HIBP – permitindo que os utilizadores preservem a sua privacidade enquanto verificam as contas comprometidas. Os endpoints da API foram criados e implementados pela Cloudflare como uma camada adicional de segurança para todos aqueles que “consomem” dados da API.
“This contribution allows for Pwned Passwords clients to use range queries to search for breached passwords, without having to disclose a complete unsalted password hash to the service,” said Cloudflare’s Junade Ali, in a post.
Mozilla said currently it is testing initial designs of the Firefox Monitor tool – but beginning next week, the company will invite approximately 250,000 users, mainly U.S.-based, to try it out.
“Once we’re satisfied with user testing, we will work on making the service available to all Firefox users,” said Dolanjski in the post. “Once a release schedule has been established, it will be announced in a follow-up blog post.”
A Mozilla também lançou o Firefox 61 para Windows, Mac, Linux e Android, com novos recursos de segurança.
A nova versão do Firefox irá bloquear álgumas chamadas ao protocolo inseguro File Transfer Protocol (FTP), a menos que o próprio documento seja um documento FTP.
“The fundamental underlying problem with FTP is that any data transferred will be unencrypted and hence sent across networks in plain text, allowing attackers to steal, spoof and even modify the data transmitted,” said Christoph Kerschbaumer, content security tech lead at Mozilla in a post.
“Following through to our intent to deprecate non-secure HTTP and aligning with Mozilla’s effort to improve adoption of HTTPS Firefox will block subresource loads, like images, scripts and iframes, relying on the insecure FTP protocol,” he continued.
A nova versão do Firefox também oferece suporte padrão para o último draft da especificação do protocolo TLS v 1.3.
The new version will support TLS 1.3, which succeeds the Secure Socks Layer (SSL) protocol as the new standard for enabling two networked applications or devices to exchange information privately. It was first drafted more than four years ago, in April 2014, by the Internet Engineering Task Force.
Mais informações no website oficial aqui.