U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Experimental Mozilla Send service allows users share encrypted copy of huge files

Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with […]

mozilla send service

Mozilla Send service allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient.

Mozilla has presented Send, an experimental service that allows users to make an encrypted copy of a local file, store it on a remote server, and share it with a single recipient. The service allows to easily share large files in a secure way.

Once the copy has been shared, the data will be deleted from the server.

mozilla send service

The Send service is offered through Mozilla’s Test Pilot program for previewing new features developed for the Firefox browser.

The Send service was developed on Node.js backed by a Redis database running on Amazon Web Services. It relies on the Web Cryptography JavaScript API with the AES-GCM algorithm for client side encryption. Using the Send service is very simple, upon selecting a local file, the Mozilla application encrypts it client-side and uploads it to AWS.

Then the user will receive an URL generated by the Mozilla Send service that contains the encryption key, this link can be shared with the recipient of the file.

“Each link created by Send will expire after one download or 24 hours, and all sent files will be automatically deleted from the Send server,” reads a blog post published by Mozilla.

Of course, the first thought is for privacy issues, but Mozilla clarified that it would not be able to unlock a stored file, even upon receipt of a lawful warrant.

Giving a look at the generated URL it is possible to note that a portion of the link after the character ‘#’ contains the generated key that is not sent to the Mozilla server.

Experts argue that anyway AWS is able to recover a file, for example, upon receipt of a lawful warrant it could be forced to retain them. The Send service sends the file name and other data in plain text.

The keys generated by the Mozilla Send service might be recoverable from the messaging service used to share it or from log files.

Send service is an ongoing experimental project, Mozilla is updating it continuously, if you are curious you can access the GitHub repository and look at the open issues.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Mozilla Send service, encryption)

[adrotate banner=”13″]