Hello, welcome to the Wednesday, September 26, 2018 edition of the Sandton and Storm Center's

Stormcast. My name is Johannes Ulrich, the time recording from Las Vegas, Nevada.

Mozilla apparently is attempting to distinguish itself as a more security-focused alternative

to some of the other browsers.

As part of this, Firefox has been rolling out some new security features,

either within the browser or as part of the Mozilla website.

The latest example is an integration with the Have I Been Pond web service.

Haffirbin Pond collects email addresses, passwords that are leaked at various breaches,

and offers a free API to query for your email address.

Now, Firefox, I've implemented this kind of interestingly using what

Hava BinPon called their range API. Instead of sending a hash of your email address back,

which of course could be linked to your email address by simply reversing the hash or

brute forcing it. They're just sending the first few digits of that hash to have I been powned.

And then a list of all the hashes that have been breached is returned, which then can be

compared to a hash of your email address locally.

So this way, not even have I been poned, knows that you query their database.

Mozilla also set up a service where you can actually give them your email address

and then have them periodically moderate for new preaches.

Essentially, it is just a front end for the have I been powned service.

So if you already signed up for it directly, no need to do so again via Mozilla.

Several password save tools, like for example one password, of course, have implemented similar features. Now sticking with browsers for another

story, Chrome 69 has gotten some bad press for how it preferentially treats Google

...