Delivery-Date: Tue, 30 Sep 2014 09:55:52 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 008121E0AF7;
	Tue, 30 Sep 2014 09:55:50 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 19DD62E056;
	Tue, 30 Sep 2014 13:55:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id DF0232DF22
 for <tor-talk@lists.torproject.org>; Tue, 30 Sep 2014 13:55:42 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id fc73r0M5fMKF for <tor-talk@lists.torproject.org>;
 Tue, 30 Sep 2014 13:55:42 +0000 (UTC)
X-Greylist: delayed 672 seconds by postgrey-1.34 at eugeni;
 Tue, 30 Sep 2014 13:55:42 UTC
Received: from d.mail.sonic.net (d.mail.sonic.net [64.142.111.50])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id A8E7C2CED4
 for <tor-talk@lists.torproject.org>; Tue, 30 Sep 2014 13:55:42 +0000 (UTC)
Received: from [172.16.55.3] (wifi.ceu.hu [193.225.200.92] (may be forged))
 (authenticated bits=0)
 by d.mail.sonic.net (8.14.9/8.14.9) with ESMTP id s8UDiLpv001743
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT)
 for <tor-talk@lists.torproject.org>; Tue, 30 Sep 2014 06:44:24 -0700
Message-ID: <542AB3B5.3030207@aspirationtech.org>
Date: Tue, 30 Sep 2014 06:44:21 -0700
From: Allen Gunn <gunner@aspirationtech.org>
Organization: Aspiration
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <mailman.23.1412078402.24140.tor-talk@lists.torproject.org>
 <BLU180-W39BCBA7FCF511267C3C312B1BB0@phx.gbl>
In-Reply-To: <BLU180-W39BCBA7FCF511267C3C312B1BB0@phx.gbl>
X-Sonic-CAuth: UmFuZG9tSVY/hj1qMvNMI8MxiuqQm2fLGnHLFpRALh8DRpoXMiolqzAlATBdSrMtbe+gccN8u2sdNPcPhIPs4+fkVVlWeL12
X-Sonic-ID: C;knIu4qdI5BGVMHyTE+W37Q== M;wkhZ46dI5BGVMHyTE+W37Q==
X-Sonic-Spam-Details: 0.0/5.0 by cerberusd
Subject: Re: [tor-talk] McAfee warns of vulnerability in Mozilla encryption
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mozilla's own advisory is here:

https://www.mozilla.org/security/announce/2014/mfsa2014-73.html

On 09/30/2014 05:25 AM, raiogam mestri wrote:
> McAfee has issued a warning to all the users who use the Mozilla
> Firefox browser - and others who share his software encryption.
> According to security firm, a serious spoofing vulnerability
> signature in Mozilla NSS cryptographic library can allow malicious
> people to create tools that can harm consumers with relative ease.
>  In addition to the Firefox browser, Mozilla NSS library can also
> be found in the Thunderbird, Seamonkey and even competitor in
> Google Chrome. Nicknamed "berserk", the vulnerability allows
> attackers to falsify signatures and divert authentication for sites
> that use SSL / TLS - which means that even websites like "https"
> can be forged with the malicious drivers. Despite the dangers of
> vulnerability, a package of updates for Firefox was released
> shortly after the issuance of the alert and is responsible for
> neutralization of problems. How Google also uses the encryption
> library in question, it is recommended that users of Google Chrome
> and Chrome OS also install the updates. 
> 

- -- 

Allen Gunn
Executive Director, Aspiration
+1.415.216.7252
www.aspirationtech.org

Aspiration: "Better Tools for a Better World"

Read our Manifesto: http://aspirationtech.org/publications/manifesto

Follow us:
Facebook: www.facebook.com/aspirationtech
Twitter:  www.twitter.com/aspirationtech

- --
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQEcBAEBAgAGBQJUKrO1AAoJENVj9yFHsyq3vysH/j0CBpC70kLBx6aPHMBzyD8H
D7AXuZZhGiTpGzzlW1dBhE2x/HqMSmnujVPsdBMF4VM8iicB7ca/3rtSn99Gw9Of
kkD8ioNLP5Nnl4Nxysgj57SbBKBiVT/y1DSKhj57RdGn0DOgKue0wFZSculDdk+J
BDQwQLQsyUHQdACSTptg1rzRS4lSc6AvA83FOLdUcxtIHExW3bNOG/XsOz6OT5U2
NpmTi/CYcvaOsbqU+ZjL1jBp55BlTV1Vcf64ZiX8F3pCSuSAm7bgwPwryu8t54Kb
2o7mkxR1KBRKjheB7GdFWA0fiG1cQzrYHqFCdmZfvZ4AhhI7P+4vXLfbfSY8SRI=
=oHT+
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

