Mozilla Delivers Security Tools, Previews Firefox 3 At Black Hat
Browser security has long been criticized as a flawed construct, but that hasn't stopped browsers from being the default interface for most of the Web's users.
In a bid to improve browser security, both within Firefox and among competing browsers, the Mozilla Foundation Thursday announced several open-source security testing tools, in addition to several security enhancements coming with Firefox 3, scheduled for availability by the end of the year.
"The FTP and HTTP protocol fuzzers act like fake servers that send bad data to sites," Snyder told InformationWeek.The HTTP fuzzer emulates an HTTP server to test how an HTTP client handles unexpected input. The FTP fuzzer likewise tests how an FTP client handles unexpected data.
Mozilla's presentation also included a look at some of the new security features for Firefox 3. Expect Firefox 3 to include new phishing and malware protection, extended validation certificates, improved password management, and a security user interface.
Knowing that Web users rarely look at the symbols and other information located around the perimeter of the browser page, also known as the chrome, Firefox 3 is designed to make sure that suspected Web forgeries aren't missed, "even though users don't look for them," Mozilla Project co-founder Mike Shaver said Thursday at Black Hat.
In some cases Firefox 3 will not only issue a warning that a site is unsafe, it will prevent the user from accessing that site, "so the users can't just ignore the warnings," Shaver said. "This feature is not without controversy of course."
Mozilla's Black Hat announcements follow the release earlier this week of Firefox 184.108.40.206, designed to fix vulnerabilities that could allow the Firefox browser to pass dangerous data to third-party applications like Microsoft's Internet Explorer. Mozilla's new workarounds and patches come just a few weeks after the organization delivered Firefox 220.127.116.11, which included patches for several other vulnerabilities.
The company is hoping this proactive approach to security will alleviate the need for such incremental browser updates.
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.