About Firefox security.

Hello Guys,

My name is Carlos Alberto=85 I=92m working at the Bolsa de Valores =
(Stock
Exchange, http://www.bmv.com.mx ) of M=E9xico in some software that is =
going
to be used for the non repudiation of the exchange instructions.

 My team has put some pressure under supporting Firefox in our portal. =
But
this time that got us into a problem, it seems that the PKCS #7 =
signature is
different from Firefox than from IE and we haven=B4t being able to =
detect how
is it different (rather than the most obvious places) for us to tweak =
our
process. We are trying to validate the signature using an OS library =
named
BouncyCastle but we have not being able to do that to the date. We think
that it could be some salt or maybe the encoding=85 but we can=B4t =
advance from
where we are.
=20
 Is there a way to simply emulate IE's signature... I'm pretty sure that =
the
Firefox implementation is much better and that we are avoiding some =
other
attack using this salt (I think is a Salt) but we are working with huge
organizations that won=B4t easily change the way they are working... and =
that
means we will need to use IE signature style.

 Do you happen to have some information about the differences from IE =
signed
content and Firefox signed one? How to tweak firefox using javascript =
for
that? Or any other information that could help us.

Thank you very much, we really appreciate your help
Carlos Alberto

PD: I already tried to send this to 'dev-tech-crypto@lists.mozilla.org' =
but
I got a cannot be reached error.

0
Alberto
9/19/2007 3:27:52 PM
mozilla.dev.tech.crypto 2048 articles. 1 followers. Post Follow

0 Replies
795 Views

Similar Articles

[PageSpeed] 10
Get it on Google Play
Get it on Apple App Store

Reply:

Similar Artilces:

x-posting from dev-tech-crypto: web crypto APIs and resources
Hello Security Enthusiasts: I just started a conversation on Web Crypto APIs (low-level, high-level) and the resources to implement in Gecko. https://groups.google.com/forum/?fromgroups=#!topic/mozilla.dev.tech.crypto/rQeNHJsYKoM Cheers, David ...

Trouble with dev-tech-crypto
I'm having trouble posting to this list. I'm trying to get an announcement posted, but the messages simply disappear without errors. If you end up seeing my messages multiple times, please apologize. This issue is being tracked in bugzilla at mozilla dot org number 839245. (Not including a link, just in case links are the reason why mails are being filtered.) Kai ...

dev-tech-crypto moderation changes
Since its origin a few months ago, the dev-tech-crypto@lists.mozilla.org list has been moderated, in an effort to keep spam out of the list. The rules have been rather simple: mail sent by list members gets right through, the rest goes into a moderation queue where it is reviewed daily. The occasional on-topic message from a non-subscriber address gets manually passed through, and the rest is discarded. Spam filters (are intended to) recognize most spam and discard it outright, so that the moderator need not review hundreds of spams daily to find the occasional rare nuggets. Un...

[moderator] testing dev-tech-crypto
I haven't seen any mail on this list for about two weeks. I'm wondering if subscribers have been trying to send mail and have been seeing it fail. If you ever send emails to the list and find that they don't go through, please send an email to me, the moderator. -- Nelson B ...

Password Security for Firefox (Can future version of Firefox pass all 21 security tests?)
Name: HY Tan Email: elfelleatgmaildotcom Product: Shiretoko Summary: Password Security for Firefox (Can future version of Firefox pass all 21 security tests?) Comments: http://news.softpedia.com/news/IE7-vs-Chrome-1-0-vs-Opera-9-62-vs-Firefox-3-0-4-vs-Safari-3-2-vs-Password-Security-100103.shtml Above link is not based on 3.1b2 results but hope firefox can pass all security tests to make it the leading secure browser. Speed is one area but Security is another key area where it will attract more people to switch to most secure browsers with the less loopholes :) Browser De...

Anti-spam changes to dev-tech-crypto mailing list
Dear readers of dev-tech-crypto mailing list, and mozilla.dev.tech.crypto newsgroup: As you have probably noticed, in the past 7 days we've seen a number of emails that have gotten through the list's meager grep-based spam filters. I have been increasing the rules trying to trap more spam, but the spam grows faster than I can create rules for it. I apologize for that. The situation has simply become intolerable, so as your list moderator, I have taken steps to cut it off, and am prepared to take more steps. Consequently, there are some changes to the list moderation that h...

dev-tech-crypto News->email gateway re-enabled
I have not seen any new spam in the mozilla.dev.tech.crypto newsgroup since May 1, and in the last week, there have been numerous on-topic messages posted to the newsgroup that have not been gatewayed to the list, so today I have re-enabled the News->email gateway between mozilla.dev.tech.crypto and the dev-tech-crypto mailing list. If the spam resumes, I will disable the gateway again, but hopefully that will not happen soon. I invite any comments you may have about the relative merits of keeping all spam out of the mailing list (which closing the news->mail gateway accompl...

Tech review required: Firefox OS debugging and security testing using Marionette
Hi all, Could I get someone to do me a quick technical review on the following = article set? = https://developer.mozilla.org/en-US/Firefox_OS/Security/Debugging_and_secu= rity_testing Particularly the following section needs some details added, as it=92s = still TBD. = https://developer.mozilla.org/en-US/Firefox_OS/Security/Testing_in_a_privi= leged_context#Windows They are not very long, so looking through should be pretty quick. Many thanks in advance! Chris Mills Senior tech writer || Mozilla developer.mozilla.org || MDN cmills@mozilla.com || @chrisdavid...

Tech review required: Firefox OS debugging and security testing using Marionette
Hi all, Could I get someone to do me a quick technical review on the following = article set? = https://developer.mozilla.org/en-US/Firefox_OS/Security/Debugging_and_secu= rity_testing Particularly the following section needs some details added, as it=92s = still TBD. = https://developer.mozilla.org/en-US/Firefox_OS/Security/Testing_in_a_privi= leged_context#Windows They are not very long, so looking through should be pretty quick. Many thanks in advance! Chris Mills Senior tech writer || Mozilla developer.mozilla.org || MDN cmills@mozilla.com || @chrisdavid...

Communication by Firefox devs to add-on devs
The time has come for the developers of Firefox to start communicating with the developers of add-ons. As a case in point: Recently the classic.manifest file in fx3 has had a large number of override codes added to it that reassigned filenames from example.png to example-aero.png. Suddenly, all third-party themes in Vista are now missing buttons in a number of places - some of them not easy to spot (e.g. - the wrap icon that shows up only when you reach the bottom of a page in a page search). If one of the themers had not had a user using Vista who communicated with him, and if the t...

Merging dev-tech-layout into dev-platform
Today I found out that I had missed a post from David Baron on dev-tech-layout, because I had no idea that this list exists. I think dev-platform is a better place to have the conversation related to the layout module (people are already having discussions about other modules over there). Does anybody have any objections? Cheers, Ehsan ...

Merging dev-tech-layout into dev-platform
Today I found out that I had missed a post from David Baron on dev-tech-layout, because I had no idea that this list exists. I think dev-platform is a better place to have the conversation related to the layout module (people are already having discussions about other modules over there). Does anybody have any objections? Cheers, Ehsan ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Securing FireFox
A bit outdated but... <http://www.us-cert.gov/reading_room/securing_browser/#Mozilla_Firefox> Also see vulnerability posted by Crash: <http://www.kb.cert.org/vuls/id/393921> -- js Well, you can secure FireFox by using SafeZilla (www.safezilla.com). At last, if you have a properly configured PC the exploits won't harm you very much... oh, it can sandbox not only the browser, the email, the chat etc., but even olly/ida debuggeee... have fun ;) "Max" <max_cuneiform2@yahoo.it> wrote in message news:ervnju$1ul$1@news.grc.com... > W...

Web resources about - About Firefox security. - mozilla.dev.tech.crypto

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Committee on National Security Systems - Wikipedia, the free encyclopedia
The National Security Telecommunications and Information Systems Security Committee (NSTISSC) was established under National Security Directive ...

Man infiltrated federal police HQ allegedly armed with knives in security breach
A man infiltrated Australian Federal Police headquarters in Sydney allegedly armed with several knives and a samurai sword.

COAG: Death and taxes, and an expanding security state
This is broad consultation, Malcolm style &ndash; politics as the art of the positive.

Cisco Looks to Acquisitions in Security, Says UBS
Cisco Systems ( CSCO ) will be looking to buy other companies to fill in its security portfolio as it attempts to boost growth, writes UBS ’s ...

CBT Nuggets Announces Cisco Security Course
New video training course with Keith Barker covers Cisco CCNA security topics and technologies. Eugene, Oregon (PRWEB) December 11, 2015 CBT ...

Crystal Security is a compact cloud-based malware detector
... real-time protection and you’re generally weighing down your system with services, drivers, DLLs, background processes and more. Crystal Security ...

Homeland Security gets involved in search for missing Afghans
Afghan men disappeared while training with U.S. military at south Georgia base

Resources last updated: 12/12/2015 11:03:06 AM