Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: FireFox calling home?

  1. #1
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76

    FireFox calling home?

    I just happened to be running Wireshark doing some other stuff and noticed an very short SSL exchange happen. I had Firefox open, but only on a couple of regular http pages. Any ideas? I didn't think Mozilla was into this kind of secret phoning home, it seems more of an M$ trick. Here's some excerpts from the reassembled convo (with human readable extracts and snips) -- but it's just mostly the SSL cert and encryption setup stuff, nothing to indicate what it's really doing...

    Anyone know what's going on?

    IP dest was 63.245.209.49 (Mozilla.org)

    ...+.........aus2.mozilla.org.
    ........................F..F.?..S.....0....`..bk] .../..L.X G."..6.`...
    C..F.[...u..#.F...|..............0...0.........
    j
    5......:0
    ..*.H..
    .....0..1.0...U....US1.0...U....Texas1.0...U....San Antonio1.0...U....GS CA1$0"..U.
    ..XRamp Security Services Inc1&0$..U....XRamp Security Services GS CA0..
    050105052436Z.
    080105054019Z0..1.0...U....US1.0...U...
    California1.0...U...
    Mountain View1.0...U.
    ..Mozilla Foundation1.0...U...
    *.mozilla.org1.0...U...
    *.mozilla.org1%0#..*.H..
    .....hostmaster@mozilla.org0..0

    http://crl.xrampsecurity.com/XRampGSCA.crl0U..U. .N0L0J..`.H...E....0;09..+........-http://www.xrampsecurity.com/legal/issuer.asp0

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi Mykol,

    Obviously I don't know what all that means other than than FF was establishing a secure link with the mothership.

    As far as I am aware XRamp Security Services Inc. are reputable suppliers of secure communications technology and are accepted by the likes of Visa, Amex and so on.

    If you let it, FF will do one or most of these:

    1. Check for updates to FF
    2. Check for updates to plugins to FF
    3. Warn you that an update is available
    4. Automatically update

    I would suggest that you look at <Tools> <Options> <Updates> and see what your settings are.

    If that happened this morning (GMT) then FF did do an update on my machine.


  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    CRL? Certificate Revocation List? It looks like an SSL certificate..

    FF update check seems the most logical explanation.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Member
    Join Date
    May 2003
    Location
    Somewhere in Texas
    Posts
    76

    yep

    ...that's what I was leading to -- an update, or a certificate update. Just wondering if anyone had any insight on anything *else* that may be going on. If it were Internet Exploder, I'd immediately think malicious, with Mozilla, I'm thinking practical (and giving the benefit of the doubt)...

    cheers!

  5. #5
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    nihil is right. FF checks for updates rather regularly. Several times a day (Dont know the actual number) but when it does that it checks for updates for anything else like plugins etc. If you have ThunderBird, you will probably notice the same thing going on to pretty much the same internet addresses.
    I believe in making the world safe for our children, but not our children’s children, because I don’t think children should be having sex. -- Jack Handey

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    weird how it uses an SSL connection to do it though........transmitting private information maybe??? Could be worthwhile setting an SSL proxy up to see what it being sent...

    //edit: although on second thoughts it is going to need to validate the identity of the remote host that is receives updates from.

  7. #7
    Member d34dl0k1's Avatar
    Join Date
    Mar 2007
    Posts
    58
    first of all, wow. we're getting paranoid about open source code?

    It's using a cert to verify the update. otherwise you can't verify it's integrity. Windows update does the same thing. Or, didn't you know?

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    first of all, wow. we're getting paranoid about open source code?
    Shame, shame and triple shame on you d34dl0k1 !!!. You actually only got a half of it there

    Open source, closed source............... it really doesn't matter.......... both are equally crap.

    What I didn't bother to mention was "what are the motives of FF to do such a thing............err like what benefits would they gain?"

    To get a reasonable chance of a conviction you have to demonstrate:

    1. Ability to commit the crime
    2. Presence (or at least lack of alibi)
    3. Motive to commit said crime

    It is on #3 that the case fails miserably?

    Incidentally, don't get seduced by open source............... I could provide many open sources....... and you wouldn't even know what language they were in? They are not "audited" by jealous "wannabees", unlike closed source applications....... mainly because such information is of no commercial value.


  9. #9
    Member d34dl0k1's Avatar
    Join Date
    Mar 2007
    Posts
    58
    Ha! We agree both are equally crap. However, I find even the slightest accusation against Firefox to be somewhat ignorant when the benefit of THE SOURCE is available!

    Seduced by open source... that's the first time i've been accused of THAT! ha.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi, d34dl0k1,

    I get the feeling that there is something of a generation gap (or three!) between us?

    I come from a generation when you actually got the source (if you wanted it) of COTS products. So, these packages would be "closed source" in today's nomenclature because they are proprietary COTS?

    I am referring to stuff like IBM's "MAAPICS" and the like, and I am talking about applications, NOT operating systems.

    Now, you needed the source for systems integration and interfacing your own grown applications (typically, reporting and statistics).

    What you did not do, is mess with the source (that made your application unsupportable under the terms of your EULA)............hence my use of the expression "seduce". Because there is a temptation to make amendments to the sources of today's "open source" applications. In fact you are encouraged to do so?

    I take your point that the "vanilla" version of an open source application is unlikely to contain anything underhand, because it can be examined, and will have been subjected to an independent peer review.

    My approach was that the provider (Mozilla) has no motivation to do such a thing anyway. My advice would be that people should just be sure to get their open source applications from the developers' or other trusted website.

    Mainstream open source code will be scrutinised, but the compiled executable on http:/narstyhakzncrakz.biz will not have been. And the source could well have been amended to produce that compilation.

Similar Threads

  1. Terrorism
    By Tedob1 in forum Cosmos
    Replies: 9
    Last Post: May 7th, 2006, 05:06 AM
  2. Replies: 12
    Last Post: February 9th, 2005, 08:11 PM
  3. Mozilla Firefox vs IE
    By neosamurai in forum General Computer Discussions
    Replies: 1
    Last Post: December 8th, 2004, 11:47 PM
  4. Why I don't recommend Firefox
    By SDK in forum Miscellaneous Security Discussions
    Replies: 31
    Last Post: September 9th, 2004, 07:56 AM
  5. The Worlds Longest Thread!
    By Noble Hamlet in forum AntiOnline's General Chit Chat
    Replies: 1100
    Last Post: March 17th, 2002, 09:38 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •