By Nicole Henderson, March 28, 2011
A screenshot of Mozilla's add-on website
(WEB HOST INDUSTRY REVIEW) -- Open-source organization Mozilla (www.mozilla.org) regrets keeping mum about stolen SSL certificates last week, according to a report Friday by Computerworld. Hackers stole certificates from some of the Internet's largest sites, including Google, Skype, Microsoft, Yahoo and its own add-on website.
Late last year, a database of 44,000 inactive Mozilla usernames and passwords was publicly disclosed by Mozilla.
According to the report, on March 15 attackers used a valid username and password to acquire nine SSL certificates from a Comodo certificate reseller.
The certificates were for Microsoft's Hotmail, Google's GMail, Skype, Yahoo Mail and Mozilla's Firefox add-on site.
Comodo came out with the news of the breach on March 23, but Mozilla was informed sometime between March 15 and March 23, according to the report. None of the browsers went public with the hack until March 22.
Computerworld says Google patched Chrome on March 17, but Mozilla and Microsoft issued updates to Firefox and Windows on March 22 and March 23, respectively.
"In hindsight, while it was made in good faith, this was the wrong decision. We should have informed Web users more quickly about the threat and the potential mitigations as well as their side-effects," Mozilla said in the report.
It was suspected that the Iranian government was involved in the attack and theft, and "speculated that the certificates were stolen to set up fake sites where authorities could identify activists and monitor their email and other digital communications," according to the report.
"By keeping this quiet for eight days, Comodo and others put lives at risk," Jacob Appelbaum, researcher at the University of Washington's Security and Privacy Research Lab said in a statement. "[Iranian activists] were completely unable to protect themselves during that time. Users should have had this information sooner."
"This was a gigantic failure on Mozilla's part," Appelbaum told Computerworld last week. "They believe disclosure will harm users. That's bogus."
Article Source http://www.thewhir.com/web-hosting-news/032811_Mozilla_Regrets_Silence_Over_Stolen_SSL_Certificates permits to repubish here
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
Click Most Updated Discount Coupon Codes & My Personal Web Hosting Recommendations if you are interested in those.
Stay Tuned!
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
If you are Newbie/Dummie like myself,please visit "Web Hosting & Domains - Tips & Reviews For Dummies Like You & Myself" http://tipswebhostingdomains.blogspot.com/
Pages
1. Click Subscription of Mr.Chris Farrell Membership $4.95 7 day Trial For Newbies/Dummies - Not Criminal IM Coach/Mentor.
2. Click DirecTV For US Satellite TV Subscription. Also Dish Network Call Now Toll Free : 877-287-3983 for an Obligation Free Chat.
3. Click 100DayLoans.com for cash advance payday loan 100 days repayment,SUBJEST to your State Laws Also Credit Reports and Scores
4. CLICK Coupon Codes & My Web Hosting Reviews/Recommendation
____ ______
2. Click DirecTV For US Satellite TV Subscription. Also Dish Network Call Now Toll Free : 877-287-3983 for an Obligation Free Chat.
3. Click 100DayLoans.com for cash advance payday loan 100 days repayment,SUBJEST to your State Laws Also Credit Reports and Scores
4. CLICK Coupon Codes & My Web Hosting Reviews/Recommendation
____ ______