When you connect to websites you sometimes find yourselves on a secure site, this means that the communications between your computer and the website are encrypted. One of those encryption technologies used is called SHA1.
SHA1 is a hashing function that is designed to hide what you send online, due to its vulnerabilities though its soon to be retired. While stopping the use of old and insecure technologies is a great step, Facebook and Web security firm CloudFlare have warned that when SHA1 stops being supported around 7% of the world’s browsers can’t support the new standard being put in place, SHA256.
While Facebook is rolling the new mechanism across their websites and Cloudflare to websites they host. For other companies who want to adopt the new mechanism, it will be made open source, granting the entire world access to the technology, in the hopes that the tens of millions of people who would be affected can still connect and use the internet without disruption.
While new technologies fixing the problems of the last generation is always a good thing, is the impact of cutting millions of users off from their sites worth it?
Mozilla officials have warned about a possible leak of email addresses and cryptographically protected passwords belonging to Mozilla developers last Friday. It is said that a database glitch occurred, which could have been the work of some hackers, and lead to some private information leaking online.
An estimated number of 76,000 email addresses and 4,000 password hashes are said to have been on a public server for about 30 days, starting from the 23rd of June. There appears to be no indication of the data being accessed, according to the officials, but they cannot rule out the possibility of the data being compromised.
“We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you,” director of developer relations, Stormy Peters, and operations security manager, Joe Stevensen, said in an official statement.
Although hackers who might have cracked the hashes cannot access the Mozilla Developer Network accounts, they might still be able to access other user accounts that are secured with the same password. The incident is said to have been caused when a data “sanitization” process failed, resulting in having the addresses and passwords dumped onto a publicly accessible server.