Security/Meetings/SecurityAssurance/2013-06-18

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »
  • Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
  • Place: Mozilla HQ, 3A-All Your Base (3rd Floor)
  • Phone (US/Intl): 650 903 0800 x92 Conf: 95316#
  • Phone (Toronto): 416 848 3114 x92 Conf: 95316#
  • Phone (US): 800 707 2533 (pin 369) Conf: 95316#

Agenda

Demos

   Minion Status Update + Quick Demo [st3fan]

Upcoming Speaking Engagements

(List it at these two locations too: https://developer.mozilla.org/en-US/events & https://wiki.mozilla.org/Security/Talks )

  • psiinon: June 20 OWASP EU tour, Amsterdam - ZAP
  • freddyb: June 21: Hack in Paris, June 19-21: "Origin Policy Enforcement in Modern Browsers"
  • mgoodwin: June 26 OWASP EU Tour, Dublin - Your Browser as a Security Tool
  • psiinon & freddy: August 20-23 AppSec EU - ZAP (see above)
  • psiinon: November 18-21 AppSec USA - ZAP
  • stefan: "Web Security 101" & "Firefox OS" at OHM213, July31 - August 4
  • yvan: RMLL July 7-11, Talking about Security

Planned Blog Posts

Security Review Status (curtisk)

  • Completed in Q1 2013: 66

https://security-review-statistics.vcap.mozillalabs.com/weekly (currently at 60, on track to meet or exceed Q1)

Operations Security Update (Joe Stevensen)

Project Updates

Please add your name to the update so we know who to follow up with

Firefox Desktop

Firefox Mobile

Firefox OS

    • We implemented the same password generator and actually found that it was a good balance between actual risk and user convenience :-)
    • (Seriously?) How would you figure that balance? WPA cracking can be done offline on a couple of sniffed packets by a GPU, so a complexity of 2^20 is not sufficient. Now the point-and-click cracking tools are there to prove it.

Firefox Core

MarketPlace

Web Apps

Services

Operation Security