On 30/06/12 18:01, secguard...@yandex.com wrote:
** This proxy would strip the last octet out of IP addresses for pings
I'm not an expert here, but would that be sufficient for IPv6?
We should certainly make sure we do enough for IPv6. Although if Google
is using the IP address for
On 6/30/12 10:01 AM, secguard...@yandex.com wrote:
To clear things up completely: this is an addition to the existing
SafeBrowsing feature in Firefox. This feature augments what the current
one can detect, but will involve sending out URLs in pings.
Based on Moheeb's reply (in this thread),
On 6/29/12 5:06 PM, Sid Stamm wrote:
Based on Moheeb's reply (in this thread), I think we should move ahead
with implementing this for our windows users. It seems to me, and
please chime in if I'm out of line here, that we should:
1. Stand up a proxy that handles both pings and list updates.
[snip]
To clear things up completely: this is an addition to the existing
SafeBrowsing feature in Firefox. This feature augments what the current
one can detect, but will involve sending out URLs in pings.
Based on Moheeb's reply (in this thread), I think we should move ahead
with
On 06/11/2012 02:09 PM, Justin Dolske wrote:
On 6/11/12 3:11 AM, Henri Sivonen wrote:
About potential user backlash: even though both Microsoft and Google
have a feature like this in IE and Chrome, Mozilla who could still
face a user backlash from doing this sort of thing in Firefox. If
Sound good?
You didn't mention whether it would be opt-in or opt-out.
thanks
Dev
-Sid
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
If we proxy the requests, I would recommend opt out (on by default).
-Sid
On Jun 29, 2012, at 17:31, Devdatta Akhawe dev.akh...@gmail.com wrote:
Sound good?
You didn't mention whether it would be opt-in or opt-out.
thanks
Dev
-Sid
If we proxy the requests, I would recommend opt out (on by default).
One concern is that proxying (might) break user's
understanding/expectations. The user sees request to mozilla. ok but
it is actually a proxy to Google. It boils down to whether chopping
off the last octet is sufficient
On 6/29/2012 5:44 PM, Devdatta Akhawe wrote:
If we proxy the requests, I would recommend opt out (on by default).
Why not try implementing this as an add-on and see if anybody
uses it?
John Nagle
___
dev-security
Hi Sid,
Please find the answers inline.
thanks
Moheeb
On Tue, Jun 19, 2012 at 3:03 PM, Sid Stamm s...@mozilla.com wrote:
Thanks for the info, Moheeb!
On 06/15/2012 11:35 AM, moh...@google.com wrote:
Regarding the TLS bouncing idea.
As the reputation system derives features in part from
Thanks for the info, Moheeb!
On 06/15/2012 11:35 AM, moh...@google.com wrote:
Regarding the TLS bouncing idea.
As the reputation system derives features in part from the submitted
pings, it's important for us to be able to detect abusive reputation
requests. The source IP is a very
Am 11.06.2012 22:45, schrieb Sid Stamm:
On 06/11/2012 01:29 PM, Kevin Chadwick wrote:
On Mon, 11 Jun 2012 08:57:35 -0700
Sid Stamm wrote:
a) can be turned off
Absolutely. There will be a preference, and if the feature results in
direct connection to Google with the URL, hash and size, we
On 11/06/12 21:56, Justin Dolske wrote:
I'd note a slight concern from our own (Firefox) experience with similar
things in antivirus software, where new releases of Firefox are
sometimes blocked because whatever reputation scheme they're using is
too specific to just the filename/contents. But
On Mon, 11 Jun 2012 13:45:26 -0700
Sid Stamm wrote:
Can you elaborate here? I'm interested to hear your thoughts.
Leaving aside server/device security which may affect user security and
also completely anonymised data matching to connection details or
substitued user ids. An example being
Hi Sid,
On 08/06/12 23:02, Sid Stamm wrote:
== System Attributes ==
* List Size: roughly 300 domains and 100 app signers in whitelist (small)
Taking Google's whitelist daily and removing warnings for domains and
signers on the whitelist seems like a fairly obvious win. It reduces
warning
Sid Stamm s...@mozilla.com wrote:
On 06/09/2012 12:42 AM, da...@illsley.org wrote:
Sid Stamm sst...@mozilla.com wrote:
* List Size: roughly 300 domains and 100 app signers in whitelist (small)
* Average Chrome users download about 2 binaries per day.
* ~ 8% of files downloaded by users are
On Mon, 11 Jun 2012 08:57:35 -0700
Sid Stamm wrote:
One of my worries is that blacklists get big really fast and won't be as
feasible on mobile devices (cost of updating the lists, downloading and
storing them).
Is this the browsers domain especially with heavy criticism of bloated
browsers
On 06/11/2012 01:29 PM, Kevin Chadwick wrote:
On Mon, 11 Jun 2012 08:57:35 -0700
Sid Stamm wrote:
One of my worries is that blacklists get big really fast and won't be as
feasible on mobile devices (cost of updating the lists, downloading and
storing them).
Is this the browsers domain
On 6/8/12 3:02 PM, Sid Stamm wrote:
Everyone else: what do you think?
Without thinking about it too hard, it generally seems like something
worthy of looking at.
I'd note a slight concern from our own (Firefox) experience with similar
things in antivirus software, where new releases of
Proper OS security against malware is the way to go but of course the
average user is far off that at the moment. That will change.
http://www.h-online.com/security/news/item/Anti-virus-software-out-of-its-league-with-Stuxnet-and-Flame-1604467.html
___
Sid Stamm sst...@mozilla.com wrote:
Since sending URLs is the main difference between this and the rest of
Safe Browsing, we have to think about whether Firefox users will be
willing to trade some of their download history for the protection
offered by the system and a less in-your-face
On Fri, 08 Jun 2012 15:02:27 -0700
Sid Stamm wrote:
we have to think about whether Firefox users will be
willing to trade some of their download history for the protection
offered by the system and a less in-your-face download UI. I believe
they will.
I'm assuming there would be a disable
On 08/06/2012 18:02, Sid Stamm wrote:
binary-file reputation system based on a whitelist of binaries and
domains, and identifies benign executables as windows users attempt to
download them. Benign executables can bypass any are you sure UI,
making it less annoying to users.
But also a lot
Hi All,
I think we should implement a windows application reputation extension
to Safe Browsing -- to help detect malicious binaries users download and
for those we know are safe, stop prompting users.
== Background ==
Last year, Google started experimenting[0] with an extension to Safe
On 6/8/2012 3:02 PM, Sid Stamm wrote:
Hi All,
I think we should implement a windows application reputation extension
to Safe Browsing -- to help detect malicious binaries users download and
for those we know are safe, stop prompting users.
== Background ==
Last year, Google started
25 matches
Mail list logo