Jul 9, 2019

Mozilla thwarts alleged spy's bid to guard web security

Joe Uchill

Mozilla, the creator of the Firefox web browser, has denied a request from a United Arab Emirates firm — accused of assisting that nation's global cyber espionage operations — to issue security certificates to websites without the supervision of a more trusted group.

Why it matters: Web certificates are a key part of encrypting traffic to and from websites. A malicious group issuing those certificates could snoop on data to the sites it serves.

Context: Jenna McLaughlin of the The Intercept along with Christopher Bing and Joel Schectman of Reuters wrote explosive reports about Dark Matter, the UAE outfit tied to cyber espionage.

  • As those reports were published, Mozilla was considering a request from Dark Matter to be included in Mozilla's list of root certificate authorities — which would give Dark Matter the ability issue certificates.

Details: Since the Reuters report in January, Mozilla has been accepting developer comments on whether it should stop trusting certificates issued to Dark Matter by root certificate authorities, known as intermediate certificates.

  • Ultimately Mozilla "made the decision to revoke trust in Dark Matter’s intermediate certificates and to deny the pending inclusion request," Mozilla said in a statement
  • "We are confident this is the right decision, but it was not made lightly," the statement continued.

Go deeper

Ina Fried

Kazakhstan's internet censorship move

Illustration: Rebecca Zisser/Axios

The government of Kazakhstan has started intercepting all of the secure HTTPS traffic within its borders.

Why it matters: The move is yet another example of the Balkanization of the once-global internet, as different countries seek to monitor or restrict what citizens can see. Authorities in China, Russia and other parts of Asia and Africa have all considered or imposed restrictions on their citizens' internet access.

Go deeperArrowJul 19, 2019
Joe Uchill

Broker sells near-real-time browsing info from unsuspecting victims

At least 8 browser extensions sold extremely sensitive data about their users to a data broker, who then sold access to that data in real time to unknown buyers, according to a report from researcher Sam Jadali.

Why it matters: The broker sold a continuously updated list of what sites users visited, including page titles, location and computer information about the user. That data, viewed in near real time, can severely hamper user privacy and security.

Go deeperArrowJul 19, 2019
Axios

New squeeze for Facebook, Amazon

Big Tech got squeezed from both sides of the Atlantic on Wednesday.

What's happening: The EU will investigate how Amazon creates products that compete with offerings from outside merchants on its site. "Brussels is also poised to conclude a four-year probe into US chipmaker Qualcomm by fining the company for abuse of dominant position." Meanwhile, Republicans and Democrats on Capitol Hill have found common ground: Big Tech is too powerful and needs to be knocked down a peg.

Go deeperArrowJul 17, 2019