Mozilla Foundation engineers are working on one system ειδοποιήσεων για τον Firefox, το οποίο θα εμφανίζει προalerts security to users who visit websites that have suffered data breaches.
The alert system will use the data contained in the Have I Been Pwned, a website that includes all known data breaches, and has a search for users who want to see if there are personal information (name, password) on those violations.
Work on this project has recently started and the source code for the appearance of these warnings is not even included in the core Firefox code, but works separately as an add-on.
"[Breach Alerts] is an addon I'm going to use to prototype an upcoming Firefox feature that alerts users when their credentials may be involved in a data breach," said Mozilla engineer Nihanth Subramanya. description of the add-on.
The code of this add-on is available in GitHub and anyone who wants it can do a compile to get it to Firefox. Please note that only Firefox Developer Edition is currently supported.
The add-on is still in early stages of development and alerts are currently enabled when the user visits a site that is included in the Have I Been Pwned public violation list.
This new warning system will definitely upset companies that have been breached. Have I Been Pwned may offer the same service, but it is not the same. It is very different for this information to be displayed by one browser, used by millions of users and displays violations that occurred years ago.
"I'm working with Mozilla on this," said Troy Hunt, the researcher behind Have I Been Pwned.
“We're looking at a few different models of how it might work, but the main takeaway is that there's an intention to show warnings about data that's been exposed directly from the Browser,” Hunt reports.
One thing is for sure that the Mozilla Foundation should pay special attention to how it will display the warnings. It should focus less on the security incident and put more emphasis on encouraging users to change their credentials on infringing websites.
See the add-on Breach Alerts