Security/Meetings/2011-08-25
From MozillaWiki
Apps Review
- http://etherpad.mozilla.com:9000/p5sbmv56Fh
- working on reconciliation with this and B2G
- Lucas focusing on B2G for now and bsterne for Apps
App Store (rforbes)
- https://wiki.mozilla.org/Security/Reviews/AppStore
- Working on the data flow
- 2 stores, one for add-ons one for web apps
- possible browserID for app-store and AMO
- will wiat for BrowserID until it's out of labs
- browserID also reinvestigating use of Hardware Security Module (HSM)
- AMO power users not allowed to use browser ID initially
== OWASP @ Moz (mcoates)
- hosted at MV and broadcast on Air Mozilla tonight @ 18:30 PDT
- mcoates giving same talk he gave in Greece recently
Pancake / Firefox Home (imelven)
- brown bag on tuesday in SF / in MV in 10 forward @ 1230 pm (internal only)
- Sid has been engaged with Privacy conversations
- https://wiki.mozilla.org/Privacy/Reviews/Pancake (in progress, diagrams and risk analysis upcoming)
- mgoodwin has filed many sec bugs against the server
- dchan and i have looked at the pancake FF addon
- imelven has done an initial pass through the iOS app and will follow up with st3fan and mgoodwin
XSS Filter
- support for the same headers as used for IE (de-facto standard as chrome/IE)
- our behaves in the same way as webkit
- will we implement reports like CSP for blocked content?
- maybe: have not reserached this, so not being used right now, could be a future change