[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] McAfee warns of vulnerability in Mozilla encryption

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
From: Allen Gunn <gunner@xxxxxxxxxxxxxxxxxx>
Date: Tue, 30 Sep 2014 06:44:21 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 30 Sep 2014 09:55:52 -0400
In-reply-to: <BLU180-W39BCBA7FCF511267C3C312B1BB0@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Organization: Aspiration
References: <mailman.23.1412078402.24140.tor-talk@xxxxxxxxxxxxxxxxxxxx> <BLU180-W39BCBA7FCF511267C3C312B1BB0@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mozilla's own advisory is here:

https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

On 09/30/2014 05:25 AM, raiogam mestri wrote:
> McAfee has issued a warning to all the users who use the Mozilla
> Firefox browser - and others who share his software encryption.
> According to security firm, a serious spoofing vulnerability
> signature in Mozilla NSS cryptographic library can allow malicious
> people to create tools that can harm consumers with relative ease.
>  In addition to the Firefox browser, Mozilla NSS library can also
> be found in the Thunderbird, Seamonkey and even competitor in
> Google Chrome. Nicknamed "berserk", the vulnerability allows
> attackers to falsify signatures and divert authentication for sites
> that use SSL / TLS - which means that even websites like "https"
> can be forged with the malicious drivers. Despite the dangers of
> vulnerability, a package of updates for Firefox was released
> shortly after the issuance of the alert and is responsible for
> neutralization of problems. How Google also uses the encryption
> library in question, it is recommended that users of Google Chrome
> and Chrome OS also install the updates. 
> 

- -- 

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Follow us:
Facebook: www.facebook.com/aspirationtech
Twitter:  www.twitter.com/aspirationtech

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJUKrO1AAoJENVj9yFHsyq3vysH/j0CBpC70kLBx6aPHMBzyD8H
D7AXuZZhGiTpGzzlW1dBhE2x/HqMSmnujVPsdBMF4VM8iicB7ca/3rtSn99Gw9Of
kkD8ioNLP5Nnl4Nxysgj57SbBKBiVT/y1DSKhj57RdGn0DOgKue0wFZSculDdk+J
BDQwQLQsyUHQdACSTptg1rzRS4lSc6AvA83FOLdUcxtIHExW3bNOG/XsOz6OT5U2
NpmTi/CYcvaOsbqU+ZjL1jBp55BlTV1Vcf64ZiX8F3pCSuSAm7bgwPwryu8t54Kb
2o7mkxR1KBRKjheB7GdFWA0fiG1cQzrYHqFCdmZfvZ4AhhI7P+4vXLfbfSY8SRI=
=oHT+
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] McAfee warns of vulnerability in Mozilla encryption
  - From: raiogam mestri

Prev by Author: [tor-talk] TorBirdy and Thunderbird chat
Next by Author: Re: [tor-talk] Copyright troll trying to shake down a Pirate Party member
Previous by thread: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
Next by thread: [tor-talk] Hidden Services - Access control.
Index(es):
- Author
- Thread