June 27, 2018 at
In addition to the launch of Firefox 61, Mozilla has also announced some significant security improvements that are currently being developed. The biggest one will be a new Monitor feature that will allow this browser’s users to check if their email address has been a part of a hacking leak, as well as what to do in such situations.
Mozilla prepares a new anti-hacking tool
Mozilla continues to bring constant improvements to its Firefox browser, and the new one will allow users to check if they were hacked. The new tool, called Firefox Monitor, comes as the firm’s newest security feature, and it came just as the company has released the new Firefox 61. The new version of the browser is available for Linux, Mac, Android, and, of course, Windows.
The Monitor tool is currently still being tested, and it came as a result of Mozilla’s recent partnership with HIBP (Have I Been Pwned). The feature will work in a pretty similar way as HIBP itself and will allow users to enter their email address, which will then be compared with known data leaks. If the address matches the ones that were leaked after major hacking attacks, the users will receive a warning about it, with an advice on how to proceed.
According to a blog post by Firefox’s product manager, Peter Dolanjski, the new tool comes as Mozilla’s response to the increase in the need for better account security. Another plan that Mozilla is still considering includes a service that will notify users whenever a new breach that affects them happens.
Troy Hunt, the founder of HIBP, has commented on these plans and has said that they are a huge step. Firefox has hundreds of millions of users already, and the partnership will really require a significant expansion of HIBP’s part. He continued to add that he has a lot of respect for Mozilla because of their technological contributions, as well as the way the company treats its users.
How will all this work?
Many are wondering how will the tool actually work, and there might even be fear that the use of the tool might put their data in danger. This is not the case, and Mozilla states that all of the user information will be completely anonymized. The tool will never send the users’ full email address to a third party and will use hashing prefixes in order for the information to remain secure.
According to Hunt’s blog post, when someone uses HIBP, the client SHA-1 will hash their password, and only uses the first five characters, that are then sent to API. The tool will then return with the collection of hashes with the same five-letter prefix, which usually means around 477 different passwords. Nobody has a way of knowing which one of them is real, and it all comes down to speculation only. Basically, even the service will never have the complete password, which will ensure that the user’s info remains protected.
Right now, Mozilla is still testing the tool itself. However, the plan to include around 250,000 users (of 500 million) who are willing to help with the tests, starting next week. After conducting the tests and ensuring that the tool works properly, it will be available to all Firefox users