[ad_1]
As part of its efforts to make Firefox users safer when browsing the Web, Mozilla launches Firefox Monitor to inform users if they have been hacked. By integrating Firefox Monitor with the Web Service Have I Pwned (HIBP), Mozilla browser users can quickly check if they have been hacked by entering their email address. Mozilla is currently trying the Firefox Monitor service and will be inviting 250,000 of the more than 500 million Firefox users to test the service next week. After the test period, Mozilla expects the service to be deployed on all Firefox users.
"We have decided to address a growing need for account security by developing Firefox Monitor, a security tool for everyone, but offering additional features for Firefox users," Mozilla wrote in a blog detailing the service. . "Visitors to the Firefox Monitor website will be able to verify (by entering an email address) if their accounts have been included in known data breaches, with details about the sites and other sources of violations and the types of personal data exposed in each violation. "
The service monitors the web to see if your email is part of a data dump, and if it does, Firefox Monitor will send an alert to your inbox. To protect your email address when you visit Firefox Monitor to find out if you are a victim of a data breach, Mozilla claims that your information is anonymous and that the service never sends your full email address to a third party outside Mozilla. Email searches are done using hash prefixes to secure your information.
"When searching for a HIBP password, the client SHA-1 the ax then takes the first five characters and sends it to the API," wrote HIBP's creator and researcher safely Troy Hunt on his blog. In response, a collection of hashes is returned that matches this prefix (477 on average) .looking for the hash prefix sent to the service, I have no idea what the password is. to be any of these 477 or it could be something totally different, I do not know … Of course, I could always speculate on the basis of the prevalence of each password, but it would never be anything more than that – speculation. "
In addition to alerting users if their data breaches, Mozilla indicated that it was also evaluating a service to notify you if your personal data was also compromised. Part of Mozilla's security strategy is to integrate the HIBP service with Firefox Lockbox, a password manager that automatically fills in the usernames and passwords of websites you visit on Firefox. In the future, Firefox Monitor will be able to check your stored Lockbox connections against the HIBP database to give you a more detailed overview of the services, passwords, user names, and accounts that have been compromised in a data breach or an attack.
Mozilla recommends that users download the latest Firefox Quantum browser to prepare for the launch of Firefox Monitor.
In addition to working with Mozilla for Firefox Monitor, Hunt is also working with the 1Password Password Manager to allow HIBP searches directly into the Watchtower function of 1Password.
Source link
