Language Selection

English French German Italian Portuguese Spanish

Can Mozilla be made more secure?

Filed under
Interviews
Moz/FF

Window Snyder has the somewhat offbeat title of "chief security something-or-other" at Mozilla, where she is responsible for overseeing efforts to boost the security of the company's open-source offerings, including the Firefox browser.

Snyder joined Mozilla in 2006 from Microsoft, where she was a security strategist who worked on the company's security-driven Windows XP Service Pack 2 update and other products.

In an interview, Snyder talked about the state of browser security today and how companies must work together.

What is the biggest threat to users today?

My big concern is still the individuals out there trying to lure users into malicious sites, whether they're posing as a bank or a site they're familiar with. These things are painful. Users really feel it. The attacks come in through e-mail; they come in through websites. It's these broad-based attacks.

Do you see phishing attacks escalating this year?

More Here




much ado about nothing

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Android Leftovers

Security: Updates, SOS Fund, IR, ME, and WPA

  • Security updates for Friday
  • Seeking SOS Fund Projects
    I’m spending some time over the next few days looking for the next round of projects which might benefit from an SOS Fund security audit.
  • Strong Incident Response Starts with Careful Preparation
    Through working every day with organizations’ incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, it’s too late to improve their foundational procedures.
  • The Intel Management Engine: an attack on computer users' freedom
    Over time, Intel imposed the Management Engine on all Intel computers, removed the ability for computer users and manufacturers to disable it, and extended its control over the computer to nearly 100%. It even has access to the main computer's memory.
  • What Is WPA3, and When Will I Get It On My Wi-Fi?
    WPA2 is a security standard that governs what happens when you connect to a closed Wi-Fi network using a password. WPA2 defines the protocol a router and Wi-Fi client devices use to perform the “handshake” that allows them to securely connect and how they communicate. Unlike the original WPA standard, WPA2 requires implementation of strong AES encryption that is much more difficult to crack. This encryption ensures that a Wi-Fi access point (like a router) and a Wi-Fi client (like a laptop or phone) can communicate wirelessly without their traffic being snooped on.

First Impressions: Asus Tinkerboard and Docker

The board's standard OS is TinkerOS - a Linux variant of Debian 9. I've also read that Android is available but that doesn't interest us here. While Android may use forms of containerisation under the hood it doesn't mix with Docker containers. Rather than trying TinkerOS I flashed Armbian's release of Ubuntu 16.04.03. The stable build on the download page contains a full desktop, but if you want to run the board headless (like I do) then you can find a smaller image on the "other downloads" link. I initially used the stable image but had to swap to the nightly build due to a missing kernel module for Kubernetes networking. Having looked this up on Google I found the nightly build contained the fix to turn on the missing module. Read more

today's howtos