Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 5 of 5
    Like Tree1Likes
    • 1 Post By FelixTCat

    Mozilla warns Firefox fans its SHA-1 ban could bork their security

    This is a discussion on Mozilla warns Firefox fans its SHA-1 ban could bork their security within the General Computing and Internet forums, part of the Community channel category; Mozilla warns Firefox fans its SHA-1 ban could bork their security Protection mechanism screws other protection mechanisms. What a tangled ...

    1. #1
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Other ISP
      Router: Non-Sky Router
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,249
      Thanks
      848
      Thanked 2,242 Times in 2,105 Posts

      Mozilla warns Firefox fans its SHA-1 ban could bork their security

      Mozilla warns Firefox fans its SHA-1 ban could bork their security
      Protection mechanism screws other protection mechanisms. What a tangled web we weave


      Mozilla has warned Firefox users they may be cut off from more of the web than expected – now that the browser rejects new HTTPS certificates that use the weak SHA-1 algorithm.

      If you use Firefox with some antivirus products, or on a network fitted with a box that inspects traffic for malicious stuff, and visit a site that uses an old crummy SHA-1-signed SSL cert, the browser will refuse to access that website.

      Firefox rejects SHA-1-signed certificates issued since the end of 2015 because the hashing algorithm is problematic: an eavesdropper could tamper with the cert to spy on you, and you'd never know, for example.

      To be clear: Firefox is only supposed to snub new SHA-1 certificates, but it may end up rejecting older SHA-1 certs, too. All new certs are expected to use SHA-256 or better.

      "For Firefox users who are behind certain 'man-in-the-middle' devices (including some security scanners and antivirus products), this change removed their ability to access HTTPS web sites," explained security engineer Richard Barnes.

      "When a user tries to connect to an HTTPS site, the man-in-the-middle device sends Firefox a new SHA-1 certificate instead of the server’s real certificate. Since Firefox rejects new SHA-1 certificates, it can’t connect to the server."

      If this is a problem, don't panic: you can cut'n'paste about:config into your URL bar, hit enter, and change the value of “security.pki.sha1_enforcement_level” to 0 to make SHA-1 acceptable again. Bear in mind, though, that you're trading one security problem (the inability to filter malicious traffic) against another (the inability to securely verify the integrity of the HTTPS connection).

      If your security device is causing a problem, Barnes suggests updating the software to the latest iteration, since many vendors are also abandoning SHA-1. Microsoft, Google, and Facebook all moving away from SHA-1, and other tech outfits are rapidly following suit.

      It has long been known that SHA-1 hashes are theoretically open to attack; in October this was proved in dramatic style with just $75,000 of cloud compute resources. Now it's about as popular as a rattlesnake in a piñata.

      PlusNet Fibre since Jan 2021
      Previously Sky Fibre & Sky BB since 2010.


    2. Advertisement
    3. #2
      FelixTCat's Avatar
      FelixTCat is offline Sky User Member
      Exchange: Tilehurst
      Broadband ISP: BT Infinity 2
      Router: Non Sky Router
      Sky TV: Other
      Join Date
      Aug 2008
      Location
      Reading
      Posts
      924
      Thanks
      13
      Thanked 25 Times in 24 Posts

      Re: Mozilla warns Firefox fans its SHA-1 ban could bork their security

      And what's wrong with a rattlesnake in your piñata? It adds a little je ne sait quoi.

    4. #3
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Other ISP
      Router: Non-Sky Router
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,249
      Thanks
      848
      Thanked 2,242 Times in 2,105 Posts

      Re: Mozilla warns Firefox fans its SHA-1 ban could bork their security

      Quote Originally Posted by FelixTCat View Post
      And what's wrong with a rattlesnake in your piñata? It adds a little je ne sait quoi.
      Nothing at all.


      ...especially when you donate it to a local school and set up the video cameras for the party.

      PlusNet Fibre since Jan 2021
      Previously Sky Fibre & Sky BB since 2010.

    5. #4
      FelixTCat's Avatar
      FelixTCat is offline Sky User Member
      Exchange: Tilehurst
      Broadband ISP: BT Infinity 2
      Router: Non Sky Router
      Sky TV: Other
      Join Date
      Aug 2008
      Location
      Reading
      Posts
      924
      Thanks
      13
      Thanked 25 Times in 24 Posts

      Re: Mozilla warns Firefox fans its SHA-1 ban could bork their security

      Invite! I want an invite!
      Scubbie likes this.

    6. #5
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,254
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Mozilla warns Firefox fans its SHA-1 ban could bork their security

      I wonder if that is what happened when I tried to book my latest holiday. Got through all the choices until it came to paying via the https site. The message that came up was 'the secure server is unavailable'. I have booked with the company for several years without a problem. It did not occur to me that it could be the browser which was causing the problem. Managed to book by phone anyway and got it slightly cheaper.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      https://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2020. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION