Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Firefox Security The Internet

Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach (bleepingcomputer.com) 64

An anonymous reader writes: Mozilla engineers are working on a notifications system for Firefox that shows a security warning to users visiting sites that have suffered data breaches. The notifications system will use data provided by Have I Been Pwned?, a website that indexes public data breaches and allows users to search and see if their details have been compromised in any of these incidents. Work on this project has only recently started. The code to show these warnings is not even in the Firefox codebase but managed separately as an add-on available (on GitHub). The alert also includes an input field. In the add-ons current version this field doesn't do anything, but we presume it's there to allow users to search and see if their data was exposed during that site's security breach. Troy Hunt, Have I Been Pwned's author has confirmed his official collaboration with Mozilla on this feature.
This discussion has been archived. No new comments can be posted.

Firefox Will Warn Users When Visiting Sites That Suffered a Data Breach

Comments Filter:
  • Yes! (Score:5, Insightful)

    by Anonymous Coward on Thursday November 23, 2017 @10:06AM (#55610359)

    Finally, a feature that makes me want to use Firefox.

    Except how useful is this given that it's going to warn me about every single site I visit?

    • Odds are, at least with the legs companies, if they suffered a data breach, theyâ(TM)ve cracked down on security and fixed as many of the problems as they can find. The real danger is with the companies who havenâ(TM)t suffered a data breach (that they know of) since their problems havenâ(TM)t been addressed.
    • Finally, a feature that makes me want to use Firefox.

      Except how useful is this given that it's going to warn me about every single site I visit?

      Look on the bright side, at least you'll get a giggle out of seeing a warning banner with an announcement that reads something like this 'Warning: This organisation was hacked by the Russian intelligence services due to the utterly inadequate security measures employed by this organisation.' every time you visit gop.org and democrats.org.

    • by Anonymous Coward

      Except how useful is this given that it's going to warn me about every single site I visit?

      From the fine article it seems like the focus is on prompting people to change their password when a site has been compromised.

      But I think there could be a much greater value. I think part of the problem is that users just don't know how shitty websites are at protecting their personal data. When there is a major breach it is big news... for 15 minutes and then some other news story captures the spotlight and everybody forgets.

      Putting a big bright sign right on the website itself whenever people use it wi

    • Re:Yes! (Score:4, Interesting)

      by AmiMoJo ( 196126 ) <mojo@@@world3...net> on Thursday November 23, 2017 @10:45AM (#55610559) Homepage Journal

      I wonder if it might give people a false sense of security. Just because a site isn't flagged up doesn't mean it hasn't been hacked or is secure.

      • by arth1 ( 260657 )

        People want theatre. Not real security, with the inconvenience that entails.

        Anyhow, I don't think this will happen, or if it does, it won't survive for long.
        There are plenty of big companies that would sue the living shat out of the Mozilla Foundation if they do this, calling it anti-competitive. If the warning is perceived to make even a single potential customer leave the web site, they'll call in their army of lawyers and pull strings on the politicos they bought.

  • So now, Firefox will be tracking and harvesting the sites I visit? Wow, Mozilla really is turning Firefox into a Chrome clone.
  • by Gaygirlie ( 1657131 ) <gaygirlieNO@SPAMhotmail.com> on Thursday November 23, 2017 @10:33AM (#55610491) Homepage

    Hmm, I don't think that's going to work. I mean, in this day and age, it'd be easier to maintain a list of sites that haven't suffered such!

  • When Mozilla starts annotating sites you visit, I wonder how long until they copy Google and automatically show totally unbiased and neutral "fact checkers" when you visit an offensive website? They already have their own ministry of truth initiative after all: https://blog.mozilla.org/blog/2017/08/08/mozilla-information-trust-initiative-building-movement-fight-misinformation-online/

  • You may know that some websites use scripts to record everything from a session, every keystroke and mouse move. And they don't feel oblidged to inform you that they are doing this.

    https://freedom-to-tinker.com/... [freedom-to-tinker.com]
  • It just throws up a warning icon and leaves it there regardless of what site I visit.

    ANY site you allow to run client-side scripts should be assumed to be logging your activity. Any site you give personal information to should be assumed to be either selling it or at imminent risk of having it stolen. Or both.

    That's not even paranoia, that's just common bloody sense; it's what financial self interest on the part of content providers and hackers leads to.

  • They -HATE- having to report such incidents as it is and only do so because they have to.

    Nothing like a glaring spotlight on your front door that says " Your personal information isn't safe with us " to help your customers feel at ease.

    Maybe the List of Shame will motivate corporate folks to secure their networks and quit treating their IT / Network Security as an expense instead of an investment.

    Maybe.

    But I doubt it.

    They'll just whine to Congress about how unfair it is that they're getting picked on and ho

  • Has anyone checked out Have I been Pwnd? ?

    They are obviously collecting email and IP addresses

  • Every site I'd ever visit would light up like a Christmas tree with warnings. I'll give it two weeks before those annoying auto add ons block these warnings.
  • by Spinlock_1977 ( 777598 ) <Spinlock_1977@yah[ ]com ['oo.' in gap]> on Thursday November 23, 2017 @11:55AM (#55610947) Journal

    Nice try, but I want a plug-in that warns me a website is GOING to be breached, rather than 'it already has been breached'. Can someone code that up please?

    • by AmiMoJo ( 196126 )
      bool IsSiteVulnerableToBeingHacked(char *url) {
          return true;   // accurate to 1 decimal place
      }
  • Will I receive a warning every time I perform a search in Firefox's default search field? That will get annoying fast.
    Google Employees Hit by Sabre Breach - http://www.securityweek.com/go... [securityweek.com]


    What about submitting a Firefox bug? They've been breached too.
    Mozilla admits bug-tracker breach led to attacks against Firefox users - https://www.computerworld.com/... [computerworld.com]
  • So this is going to be like all the "...known to the state of California to cause cancer and birth defects." warnings which are present of every hotel, store, and most products sold in California. While warning about data breaches may be a good sounding idea, in practice this will turn into "this is a brand new company" indicator, i.e. "no warning about data breach means they are brand new to the internet"

    A better idea would be to provide details about time, size and handling of every known breach (how quic

The world is coming to an end. Please log off.

Working...