Bleeping Computer: Mozilla Halts Firefox 65 Rollout Due to Insecure Certificate Errors

Bleeping Computer: Mozilla Halts Firefox 65 Rollout Due to Insecure Certificate Errors. “Mozilla has halted the automatic updates to Firefox 65 as users are unable to browse web sites due to certificate errors. These errors are being caused by conflicts between various antivirus program’s HTTPS scanning and Firefox 65.”

ZDNet: Firefox will soon warn users of software that performs MitM attacks

ZDNet: Firefox will soon warn users of software that performs MitM attacks. “The Firefox browser will soon come with a new security feature that will detect and then warn users when a third-party app is performing a Man-in-the-Middle (MitM) attack by hijacking the user’s HTTPS traffic.”

TechCrunch: These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown

TechCrunch: These are all the federal HTTPS websites that’ll expire soon because of the US government shutdown . “During the government shutdown, security experts noticed several federal websites were throwing back browser errors because the TLS certificate, which lights up your browser with ‘HTTPS’ or flashes a padlock, had expired on many domains. And because so many federal workers have been sent home on unpaid leave — or worse, working without pay but trying to fill in for most of their furloughed department — expired certificates aren’t getting renewed. Renewing certificates doesn’t take much time or effort — sometimes just a click of a mouse. But some do cost money, and during a government shutdown, there isn’t any. Depending on the security level, most websites will kick back browser errors. Some won’t let you in at all until the expired certificate is renewed.”

Krebs on Security: Half of all Phishing Sites Now Have the Padlock

Krebs on Security: Half of all Phishing Sites Now Have the Padlock. “Maybe you were once advised to ‘look for the padlock’ as a means of telling legitimate e-commerce sites from phishing or malware traps. Unfortunately, this has never been more useless advice. New research indicates that half of all phishing scams are now hosted on Web sites whose Internet address includes the padlock and begins with “https://”.”

CNET: Chrome’s HTTP warning seeks to cut web surveillance, tampering

CNET: Chrome’s HTTP warning seeks to cut web surveillance, tampering. “The Hypertext Transfer Protocol lets your web browser fetch a web page from the server that hosts it. HTTP has had a good run, but it has a problem: It doesn’t protect communications with encryption that blocks eavesdropping and tampering. That’s why Google, Mozilla and other tech industry allies have been pushing websites everywhere to switch to the secure version, called HTTPS. And it’s why, starting with the release of Chrome 68 on Tuesday, Google’s browser will warn you whenever it loads an unencrypted HTTP website.”

Gizmodo: Firefox May Soon Start Publicly Shaming Sites With Crappy Security

Gizmodo: Firefox May Soon Start Publicly Shaming Sites With Crappy Security. “In the constant battle to ensure your privacy online, there are some precautions you can take to protect yourself, such as avoiding clicking random links and using different passwords for every site. But other measures require some help from the websites you visit, and based on a hidden option found in the latest Firefox beta, Mozilla may start publicly shaming websites that are still clinging on to HTTP.”

Engadget: The EFF wants to make email servers more secure

Engadget: The EFF wants to make email servers more secure. “The Electronic Frontier Foundation (EFF) launched HTTPS-encryption initiative Let’s Encrypt two years ago with Mozilla and Cisco. Now it’s turning its attention to email servers with a new project called STARTTLS Everywhere, which aims to help server admins run STARTTLS emails servers properly. Because according to the EFF, most aren’t.”