The not-for-profit foundation behind the Firefox browser has admitted a serious data leak, exposing developers’ contacts and encrypted passwords
Members of Mozilla’s developer community have been alerted about an accidental leak of email addresses and encrypted passwords, after the failure of a “data sanitisation” process the organisation was carrying out.
Mozilla, which is most famous for its Firefox web browser, co-ordinates the development of a number of open-source software projects through the Mozilla Developer Network.
“Starting on about 23 June, for a period of 30 days,” the organisation warned developers, “a data sanitisation process … had been failing, resulting in the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users on a publicly accessible server.”
The passwords were stored as salted hashes, an encryption process which renders it computationally impossible to retrieve the original password in a readable format, and Mozilla says that, by themselves, they “cannot be used to authenticate with the MDN website today”.
But it adds that “it is possible that some MDN users could have reused their original MDN passwords on other non-Mozilla websites or authentication systems”.
Stormy Peters, the company’s director of developer relations, says that “as soon as we learned of [the leak], the database dump file was removed from the server immediately, and the process that generates the dump was disabled to prevent further disclosure.
“While we have not been able to detect malicious activity on that server, we cannot be sure there wasn’t any such access.”
I understand the pressure to support commercial video – but the browser makers can do more to defend free and open software
Future versions of the open-source Firefox browser will include closed-source digital rights management (DRM) from Adobe, the Mozilla project’s chief technology officer, Andreas Gal, announced on Wednesday.
The purpose is to support commercial video streams. But this is a radical, disheartening development in the history of the organisation, long held out as a beacon for the open, free spirit of the web as a tool for liberation.
As Gal’s blogpost makes clear, this move was done without much enthusiasm, out of a fear that Firefox (Mozilla’s flagship product and by far the most popular free/open browser in the world) was being sidelined by Apple, Google and Microsoft’s inclusion of proprietary technology to support Netflix and other DRM-encumbered videos in their browsers.
In my long-running discussions with Mozilla’s most senior management over this issue, they’ve been clear in their belief that their userbase – and relevance to the internet – will dwindle unless they add support for viewing Hollywood movies in their browser. Not just Hollywood; the BBC has been one of the major “rights holder” voices calling for the addition of DRM to the web.
Jay Sullivan, directivo de Mozilla, que ha presentado el primer “smartphone” en el mundo con plataforma abierta, lidera la peticion de cierre del sistema de espionaje destapado por Snowden.
Amaya Quincoces Riesco/EFE MADRID 05/07/2013 11:50 Actualizado: 05/07/2013 14:28
Jay Sullivan, directivo de Mozilla.MOZILLAEU/FLICKR
Internet es un potente motor de creatividad y creación de riqueza “de valor incalculable” que suscita un excesivo interés de Estados y empresas, y eso pone bajo la lupa su originario “espíritu libre”, ha dicho en una entrevista a Efefuturo el directivo de Mozilla Jay Sullivan.
Internet debe mantenerse “firme” frente a posibles controles por “entidades con poder”, para extender sus ventajas al conjunto de la sociedad, tal como defiende Mozilla, una organización sin ánimo de lucro en favor de una web abierta.
Incensed at revelations of U.S. government surveillance programs, Mozilla, the Electronic Frontier Foundation, the American Civil Liberties Union, Reddit, and others have launched an effort calledStopWatching.Us to marshal opposition to the secret programs.
La Fundación Mozilla, creadora del navegador Firefox, estaría planeando asociarse con varios fabricantes de celulares para lanzar un teléfono inteligente a menos de 50 dólares (alrededor de 25 mil pesos chilenos) para países emergentes, según una entrevista con uno de sus responsables publicada en The Wall Street Journal este lunes.