Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Surveillance firm asks Mozilla to be included in Firefox’s certificate whitelist

February 25, 2019
in Internet Security
Surveillance firm asks Mozilla to be included in Firefox’s certificate whitelist
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Mozilla’s security team has been caught between a rock and a hard place in regards to a recent request to add a known surveillance vendor to Firefox’s internal list of approved HTTPS certificate issuers.

The vendor is named DarkMatter, a cyber-security firm based in the United Arab Emirates that has been known to sell surveillance and hacking services to oppressive regimes in the Middle East [1, 2, 3].

You might also like

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

Cybercrime groups are selling their hacking skills. Some countries are buying

A few months back, DarkMatter filed a bug report asking that its own root certificates be added to the Firefox’s certificate store –which is an internal list of Certificate Authorities (CAs).

CAs are companies, organizations, and other entities that are approved to issue new TLS certificates –the mechanism that supports encrypted HTTPS communications.

Mozilla uses this certificate store to know what TLS certificates to trust when loading encrypted content inside Firefox and Thunderbird, similar to how Apple, Google, and Microsoft all use their own certificate stores to know what content to trust when loading encrypted content inside Safari, macOS, Chrome, Chrome OS, Edge, IE, Windows, and other of their products.

An organization that has a root certificate added in these root stores has the power to issue new certificates that are automatically trusted by these major companies and their respective browsers and operating systems. Antivirus products will also trust certificates that come from CAs whose root certificates are in a certificate store, trusting those applications as legitimate.

Currently, Mozilla is caught between a rock and a hard place because DarkMatter has a history of shady operations but also has a clean history as a CA, without any known abuses.

On one side Mozilla is pressured by organizations like the Electronic Frontier Foundation, Amnesty International, and The Intercept to decline DarkMatter’s request, while on the other side DarkMatter claims it never abused its TLS certificate issuance powers for anything bad, hence there’s no reason to treat it any differently from other CAs that have applied in the past.

Fears and paranoia are high because Mozilla’s list of trusted root certificates is also used by some Linux distros. Many fear that once approved on Mozilla’s certificate store list, DarkMatter may be able to issue TLS certificates that will be able to intercept internet traffic without triggering any errors on some Linux systems, usually deployed in data centers and at cloud service providers.

In Google Groups and Bugzilla discussions on its request, DarkMatter has denied any wrongdoing or any intention to do so.

The company has already been granted the ability to issue TLS certificates via an intermediary, a company called QuoVadis, now owned by DigiCert.

Those who are asking Mozilla to decline DarkMatter’s request of inclusion in the root certificate store were quick to seize on the fact that DarkMatter has already misissued a few TLS certificates already via QuoVadis. However, most seem technical errors, and the certificates don’t seem to have been abused for anything malicious.

“Given DarkMatter’s business interest in intercepting TLS communications adding them to the trusted root list seems like a very bad idea,” EFF’s Cooper Quintin said in the Google Groups discussions. “I would go so far as revoking their intermediate certificate as well, based on these revelations.”

Quintin expanded on his fears in a post on the EFF blog, reminding Mozilla that it went through a similar issue in 2009 with CNNIC, the Chinese government’s official CA. Mozilla approved CNNIC as a trusted root CA in Firefox in 2009, and the CA was caught misissuing certificates for Google domains in 2015, allowing threat actors to intercept traffic meant for Google sites –an event that got CNNIC banned inside most certificate root store lists.

According to Mozilla engineers who spoke with ZDNet on deep background and did not want to share their names because they were not authorized to speak on behalf of the organization, Mozilla is seriously considering the issue.

We were told that Mozilla was not aware of DarkMatter’s history at the time it applied to be included in its root store a few months back. A Reuters report published last month describing DarkMatter’s involvement in helping the Saudi government spy on dissidents turned a few heads at Mozilla.

The report sparked criticism of the surveillance vendor in the months-old Bugzilla bug report, which led Mozilla staff to seriously consider making an exception to its normal CA approval process and decline the inclusion request despite a lack of any evidence of abuse.

Mozilla has now opened a separate Google Groups discussion to gather more feedback from the community, most of which, at the time of writing, has been negative. We were told Mozilla would most likely use this criticism as a reason to decline DarkMatter’s request in an attempt to avoid bad press and another CNNIC incident.

“Mozilla’s Root Store Policy grants us the discretion to take actions based on the risk to people who use our products. Despite the lack of direct evidence of misissuance by DarkMatter, this may be a time when we should use our discretion to act in the interest of individuals who rely on our root store,” Mozilla said.

More browser coverage:

Credit: Source link

Previous Post

Data Anonymisation Software – Differences Between Static and Interactive Anonymisation

Next Post

Lisk Machine Learning Price Tops $0.0865 (LML)

Related Posts

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Next Post
Lisk Machine Learning (LML) Hits 24-Hour Trading Volume of $10,276.00

Lisk Machine Learning Price Tops $0.0865 (LML)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill
Internet Security

Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill

February 28, 2021
Top Master’s Programs In Machine Learning In The US
Machine Learning

Top Master’s Programs In Machine Learning In The US

February 28, 2021
TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit
Internet Security

TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit

February 28, 2021
Machine Learning as a Service (MLaaS) Market 2020 Emerging Trend and Advancement Outlook 2025
Machine Learning

Key Company Profile, Production Revenue, Product Picture and Specifications 2025

February 28, 2021
Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Privacy Commissioner asks for clarity on minister’s powers in Critical Infrastructure Bill February 28, 2021
  • Top Master’s Programs In Machine Learning In The US February 28, 2021
  • TikTok agrees to pay $92 million to settle teen privacy class-action lawsuit February 28, 2021
  • Key Company Profile, Production Revenue, Product Picture and Specifications 2025 February 28, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates