Welcome Stranger to OCC!Login | Register

Firefox 32 Adds Public Key Pinning

Category: Software
Posted: 02:17PM

In an effort to prevent attacks that involve invalid SSL/TSL certificates, Firefox 32 has incorporated Public Key Pinning. According to Sid Stamm, the senior manager of security and privacy engineering at Mozilla, key pinning allows website operators to specify which Certificate Authorities are able to issue valid certificates. Within Firefox 32, a normal lock icon will be displayed if a certificate is able to be matched with a pinned certificate. If the certificate cannot be verified, Firefox will reject the connection with a pinning error. This provides an additional layer of security for Firefox users by preventing connections to illegitimate website, in which a hacker could intercept critical data.

The first stage of pinning roll-out includes protection for Mozilla sites and Twitter, while later Firefox versions will include protection for Google sites, Tor, Dropbox, and others.

Source: Mozilla Security Blog

Register as a member to subscribe comments.

This news has comment postings disabled because it is now archived.

© 2001-2018 Overclockers Club ® Privacy Policy
Elapsed: 0.1686751842   (xlweb1)