Mozilla Launches Student Coding Program "Winter of Security"

First time accepted submitter NotInHere (3654617) writes "Mozilla has introduced a new program called MWoS, or 'Mozilla Winter of Security,' to involve university students in security projects. The attending students will write code for a Mozilla security tool during (northern hemisphere) winter. Unlike GSoC, attending it involves no monetary payment, but the student's universities are expected to actively cooperate and to give the students a credit for their work. From the article: 'MWoS is a win for all. Students get a chance to work on real-world security projects, under the guidance of an experienced security engineer. Professors get to implement cutting-edge security projects into their programs. Mozilla and the community get better security tools, which that we would not have the resources to build or improve ourselves.'"

Expecting cooperation from universities...

[Anonymous Coward]

, but the student's universities are expected to actively cooperate and to give the students a credit for their work

If you're from a good university you dont really need such programs, and crappy universities dont give credit unless the work meets a list of crappy criteria designed in the 1950's , so the program is not going to be really great

Crack Firefox DRM

[EmperorOfCanada]

I hope that the first thing these guys do is to figure out how to crack or remove Firefox's DRM, I liked Firefox but I will NOT use it if they implement DRM. All DRM says is "We hate, despise, and crap on our users." Full stop.

But maybe DRM in Firefox is a good thing. It has been a long time since a new browser player came into the market and with Firefox soon to crack single digits(post DRM) it might make room for some fresh blood. So maybe one of these students will learn the Firefox code and business model well enough to fork a successful non DRM product that will get the traction of MariaDB with the fools still using the old product(think AOL) and the people in the know using the new product.

They just removed a major security feature in FF

[chrisvdb]

I'm not sure if I really understand where Mozilla is heading... I chose Firefox over Chrome because of a) secure password sync'ing across devices (real end to end encryption for cloud storage and master password for local storage) and b) addons on Firefox mobile version.

Recently they decided to implement another password sync'ing scheme as the old one (based on pairing devices) was apparently too hard to use for the modal FF user (stats showed that less than 1% of their userbase was using old sync). Unfortunately the new system is by design not nearly as secure as the old system. After a few weeks of enabling the new sync'ing tool I randomly noticed that passwords no longer got sync'ed correctly. Turned out that the new sync system does not work when a master password is enabled. No mention of this in the release notes, no warning message during installation.

With the new sync system we not only get less security by design, on top we're no longer able to locally protect stored passwords with a master password. That means that every malicious/buggy application on your computer is able to read _all_ your saved passwords in plaintext. Take a look at https://bugzilla.mozilla.org/show_bug.cgi?id=995268 for the details. Password sync'ing security is now at par with Chrome, so b) is now the only reason why I'm still staying with FF.

If you take the time to read the bug report it really feels that Mozilla is losing touch with the power users in their pursuit of the average user. They forget that power users influence the rest...

Anyway, I think it's rather ironical that they are doing this security thing while they are knowingly removing security features at the same time.