The project is conducted in collaboration with the reference site of the data leak on the Internet: Have I Been Powned? As revealed by the website Bleeping computer.
“Warning: this site has been hacked”, the new Firefox notification
The project is still in its infancy: the goal is to warn users that a given site has been hacked in the past. To do this, Firefox should incorporate a new security notification that is based on the code of the addon Breach Alert. This addon is available on GitHub, in the form of a source code that anyone can compile and add to Firefox Quantum, but only if they use the developer version of the browser.
The source code was posted by the engineer in charge of this new project at Mozilla, Nihanth Subramanya and for the moment, it is impossible to say when this new feature will be deployed for the general public. What we do know, however, is that Troy Hunt, a computer security researcher behind the website Have I Been Pwned? , confirmed to Bleeping Computer that he was working with the Firefox engineers. It’s his database that will be used.
Many details to fix to improve security
The goal, in terms of security, is twofold: on the one hand, Internet users will be able to know that the site they are visiting has been the victim of hacking and may therefore be wary of the information they reveal; on the other hand, a user who has not followed the news of hackers can discover that the site has been hacked and therefore take action such as changing his password as a precaution.
However, the engineers in charge of the project must answer several problems, including the best way to display this new notification. It must be clear to users but also that it does not scare them: when the flaw is discovered and hacking made public sites hacked take the necessary steps to fix the problem. It is therefore necessary that the user quickly understands that piracy has already occurred and not that piracy is ongoing. A difference that is not easy to explain to the majority of people who use the Internet and who are not experts.