Firefox Monitor Will Inform You of Data Breaches

Earlier this year, Mozilla announced Firefox Monitor, a service that will inform you if your online accounts were hacked in a recent data breach. It's now available to general public. A report adds: For the new security-focused tool, Mozilla partnered with Troy Hunt, the renowned security expert behind Have I Been Pwned? (HIBP), which is a database of data breaches that allows anyone to discover whether one of their online accounts has been compromised. The first iteration of Firefox Monitor is, for all intents and purposes, a clone of HIBP. After you enter your email address and hit the scan button, you're told which online services have leaked your personal details (if any). You can also sign up to be notified of any future data breaches involving one or more of your email addresses.

We are always watching...

The Google tentacles tighten.

Re:We are always watching...

Umm... Google does not own Mozilla Firefox yet.

If you don't use Firefox...

[The+Original+CDR]

Try Have I Been Pwned website to check your email address against known data breaches.

Re:If you don't use Firefox...

Since you didn't read TFA...

It is also worth noting here that Firefox Monitor isn’t actually restricted to Firefox — it‘s a web page that can be accessed from any browser.

So, why even bother?

So what is the deal here — why bother launching a Firefox-branded version of an existing popular database? Well, there are a couple of likely reasons.

From HIBP’s perspective, having the weight of Mozilla behind it will significantly boost awareness of its database. HIBP currently has just over 2 million people signed up for breach alerts, which sounds like a lot until you learn that there are 3.1 billion unique email addresses in the HIBP database. This means less than 0.1 percent of breached email addresses are being monitored by their respective owners.

and

From Mozilla’s perspective, bolstering its security credentials through tie-ups with well-respected platforms such as HIBP can only add to its reputation. However, as noted already, Firefox Monitor in its current guise isn’t much of an integration because it doesn’t really feed directly into the Firefox browser. Instead, it appears Firefox Monitor as it stands is essentially a minimal viable product (MVP) upon which deeper integrations can be created.

Finally,

Mozilla is already piloting a password management tool called Firefox Lockbox, which enables users to store and auto-complete usernames and passwords for websites they visit. Have I Been Pwned? already integrates with password manager 1Password, and it would make a great deal of sense to properly integrate Firefox applications such as Firefox Lockbox with the HIBP database so that users can be informed the moment an online data breach is detected.

Re:If you don't use Firefox...

Since you didn't read TFA...

This is Slashdot, not Reddit.

Re:If you don't use Firefox...

Since you didn't read TFA...

This is Slashdot, not Reddit.

Aren't you supposed to be on 4chan?

Re:If you don't use Firefox...

Since you didn't read TFA...

This is Slashdot, not Reddit.

Aren't you supposed to be on 4chan?

Sorry, too busy fucking your wife.

Re:If you don't use Firefox...

For a laugh, enter bgates@hotmail.com to the Have I Been Pwned site

Re:If you don't use Firefox...

Hahahahahahahahaah...

creimer is losing it again and when he does his Coprolalia kicks in!

Coprolalia comes from the Greek (kopros) meaning "feces"

https://en.wikipedia.org/wiki/...

Re:If you don't use Firefox...

Since you didn't read TFA...

This is Slashdot, not Reddit.

Aren't you supposed to be on 4chan?

Sorry, too busy fucking your wife.

Christ, it's "mom" you jerkwad. "Sorry, too busy fucking your mom." is what you're supposed to say.

I still can't believe I married that whore.

Re:If you don't use Firefox...

You married your mom??? LOL!
--
Star Wars Holiday Santa Yoda (Funko POP! #277) Found At Box Lunch

Re:If you don't use Firefox...

I see he's a user of cucksforum.org.

Re:If you don't use Firefox...

[sproketboy]

And what do **they** do with that email?

Yep, it's good.

[raymorris]

Troy and his site are good.

It will probably be breached itself.

Probably by a disgruntled XUL extension developer.

what a fucking stupid premis

Person != Person's email address. So no, you havent been "powned" . Information isn't real. Now, if I punch you in the face or take a shit on you, thats easy to verify, you will feel the impact or wonder what the crap is running down your head

Re:what a fucking stupid premis

Hi dipshit. If you don't understand the terminology used, please don't feel it necessary to comment on the conversation at hand.

Re:If you want to be pwned

I feel like this is a trap like: "Yes, we just pwned your PC" or "no, but you're about to be spammed."

Yet even more bloat.

If you make a browser, just have it...browse! Stop trying to make it do everything. Please. Give me lean, fast, and extension capability.

Re: Yet even more bloat.

A process manager also to spot nasty tasks fir CPU or RAM. Or even better a thread manager.

Re:Yet even more bloat.

This is not in the browser. It's a website.

creimer, creimer, creimer, creimer! Fat man!! Cuck

All your all-you-can-buffets are belong to creimer.

MOD GP DOWN please!

MOD GP DOWN please!

MODDOWN! ; creimer useless karma whoring sock puppet post again!

CREIMER' SUBMISSIONS UPDATE:
Note also that creimer is trying to regain karma by getting his submissions published as articles on /. so make sure to go to:
https://slashdot.org/~The+Orig...
https://slashdot.org/~cre1mer
https://slashdot.org/~The+Fat+...
https://slashdot.org/~__aaclcg...
https://slashdot.org/~IDrinkFa...
https://slashdot.org/~_sharp'r...
https://slashdot.org/~crreimer
https://slashdot.org/~cdreimer
https://slashdot.org/~criss69
https://slashdot.org/~Anonymou...
https://slashdot.org/~FatCashe...
https://slashdot.org/~ILoveFat...
https://slashdot.org/~IHateFat...
https://slashdot.org/~IAteFatC...
https://slashdot.org/~ITapeFat...
https://slashdot.org/~IApeFatC...
https://slashdot.org/~IPrayFat...
https://slashdot.org/~FatCashe...
and mod down his submissions as well. The great thing is that you don't even need mod points to mod down a submission, just click on the "minus" icon!

Yes, believe it or not, creimer owns all the above sock puppet accounts. It is a mystery why Slashdot management tolerates it!

creimer wrote:

I don't bother with mod points. I'm doing something much more sinister. It took ten story submissions ? I'll have to double check the number ? to move cdreimer's karma from neutral to excellent without ever being exposed to the capricious mods. Mmmmmwwwwahahahahahahaha!

https://slashdot.org/comments....

Danger, Will Robinson, Danger! Creimy is posting more than 2 posts a day. Hurry! mod down otherwise /. will go to hell again!

Note: you can mod down even if already at -1 to lower karma and to prevent lost /. users to accidentally mod up.

creimer wrote:

All you need to do is find a website with a permissive TOS, say, Slashdot, create a Python script to scrape your own comments, sprinkle Amazon affiliate links in various posts, and then re-post past links whenever possible. Won't be long before you start making "coffee money" each month.

https://slashdot.org/comments....

C.D. Reimer is a renowned Slashdot collaborator, as he puts it himself; "Because of the quality of my posts and my article submissions, I'm a highly rated commentator and moderator."

But does anybody ever wondered what "C.D." stands for? Well, it stands for Creimy Dumpty of course!

Creimy Dumpty sat on the wall,
Creimy Dumpty had a great fall.
All the king's horses
And all the king's men
Couldn't put Creimy Dumpty
Together again.

Creimy's siblings video and theme song, very realistic, especially the pants, just like Creimy's:
https://www.youtube.com/watch?...

With "Vice President Pence Vowing US Astronauts Will Return To the Moon", we are sure they will nee

Re:MOD GP DOWN please!

Here is what is much worse than laziness alone; some people are lazy and stupid

For example, take creimer and his stupid and dead youtube channel that was supposed to be his long tail revenue stream for his retirement.

He has been told several times that he should finish his certifications instead but he is too lazy to do that and he finds it easier to post stupid stuff on YouTube.

Since nobody watches his stupid stuff. He decided to publish a border line kid video that he filmed himself. Then he posted in various forums, faking outrage to bring views to his channel arguing with himself with different sock puppets names.

Here is basically what it looked like:
creimer wrote:
https://slashdot.org/comments....

Have you seen creimer's children band video [youtu.be]? Holy shit! That video got hundreds of view [twitter.com] with 95% coming from outside of the United States and the top three nations are well known for sex tourism. It doesn't surprise me that Slashdot has so many pedobears.

and:
https://slashdot.org/comments....

No. Thanks to YOU for calling me a pedophile. It has become my best performing video in the first 24 hours to date. All those views came from OUTSIDE the United States. Ukraine being 11% of the total.

and:
https://slashdot.org/comments....

Thanks to your Pedobear buddies, I got 25 hours of watch time in three days and coming in second to my Slashdot video with 30 hours of watch time in six months. Keep up the good work!

So basically creimer, you are bragging about providing video material to pedophiles and sex tourists and you do not see any problems with it as long as it brings views to your youtube channel.

Poor Chris, sad, very sad...

How long will it be before you do the right thing and take that video off line?

update: see creimer's replies here:
https://tech.slashdot.org/comm...

https://news.slashdot.org/comm...

https://slashdot.org/comments....

https://tech.slashdot.org/comm...

Re:If you want to be pwned

Christopher Dale Reimer aka "The Original CDR" is a karma whoring fat retard so what do you expect?

A seed of an idea that never grew

[raymorris]

So far, this looks to me like something that happened with me once. The Firefox team liked the site and liked the idea of working together somehow. But then nobody really had a great idea of *how* they could work together in a way that really adds value. After the excitement of the idea of working together, what was left was how browsers work with web sites - they display them.

After I read a book called Zero Bugs and Program Faster, I really liked what the author was doing. It aligns with my mission to improve the reliability and quality of software everywhere by teaching programmers how to make more reliable software. I emailed the author, Kate Thompson, telling her I enjoyed the book and "we should work together on something sometime". She replied "play how? Work on what?" Um, I don't know. :)

I think some political ideas are like that. They sound great on a bumper sticker. Then when you try to actually put them into action, to decide exactly what to do and how to do it, it turns out the phrase is only good for a bumper sticker, there is no actual policy that makes any sense to do there. I ran into that the other day when someone knocked on my door to pitch the Democrat candidate running for the House in my district. She mentioned a couple bumper sticker slogans, so I asked "cool, what exactly do you mean by ____?â She had zero answers, no policy ideas, just a bumper sticker that sounded good until you ask what it means.

Re:A seed of an idea that never grew

[theweatherelectric]

It aligns with my mission to improve the reliability and quality of software everywhere by teaching programmers how to make more reliable software.

Tell me about it. Choosing better programming languages to start with is one of the most important steps to improving reliability and quality. It's amazing how much people want to stick with "what they know", even when what they know isn't borne out by the practical realities.

What I find disappointing is that even when you demonstrate that the same result can be delivered in less time with higher performance in languages like Pascal or Rust, C programmers still try to justify the use of C based on articles of faith, camp fire stories, and straight up mythology. It's intellectually dishonest.

Luckily, some C programmers are starting to see the light. We'll get there eventually.

Re:If you want to be pwned

[Shikaku]

The only entrapment is not knowing. https://haveibeenpwned.com/Pwn... You could just manually browse this list if you are really that paranoid though.

Damn FF

[rojash]

Ever since they forced that read later crap and no keywords in BMs...i think Vivaldi is the better option

Mozilla, you make me sad, again.

The only hope in browser world. First, remove javascript checkbox, Then, EZ-DRM interface for the IP maximalism predators. Then pocket. Now, selling snake oil.

We'll have to search that industry mole whithin the organization and chase it out.

(Captcha: "restart". How appropriate)

Conspicuously Absent?

[gerald.edward.butler]

Where is the information about the Equifax Breach? This is far more troubling than Last.fm, Disqus, LinkedIn, etc. How the Equifax corruption is permitted to stand by the American people is beyond me.

Plugin/Extension?

[coofercat]

Once again, an excellent idea that should be a plugin (arguably pre-installed on new installs).

The whole password store, and even form-filling feature should be a plugin. In my case, Dashlane does all of that stuff (including the Have I been Pwned thing, so I don't need Firefox doing it. It would be rather good to be able to remove all that code from the running browser by removing the plugin.

Re:Plugin/Extension?

[chrish]

So, I had this idea a while back where I'd make a plugin or whatever to check for people re-using bad, pwn'd passwords. I diligently collected about 40GB of breached password data (that's after I threw out everything but the cracked passwords themselves).

After filtering for uniqueness and slapping everything into a database, it was still something like 16GB. I lost interest in the project before I found a clever way to reduce this further.

The data set is too huge to install on a mobile device, and pretty unreasonable for a browser plugin. And nobody would trust a website that says "type in your password to see if it's already part of a data breach!".

Re:Plugin/Extension?

[coofercat]

But this isn't that - it's basically a Have I Been Pwned service, integrated into the browser. It checks usernames, not passwords.

I'd agree about your size issues and the privacy issues too. However, it could be solved by hashing the passwords before sending them to the server. The server would then not need any plaintext passwords either - just hashes of them using whatever hashing algorithm the plugin uses. You'd still have a trust issue to solve, but as I say, that's different to what's being offered here.