| mar_id: MAR1 | |
| offset_to_index: 7390908 | |
| product_information: firefox-mozilla-esr 60.0.1 | |
| signature_header: | |
| file_size: 7392867 | |
| num_signatures: 1 | |
| signatures: | |
| - signatureentryheader: | |
| algorithm_id: 2 | |
| size: 512 |
| Target: irc.mozilla.org:6697 | |
| prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple npn pfs | |
| 1 DHE-RSA-AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True None False None DH,1024bits None | |
| 2 DHE-RSA-AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False None DH,1024bits None | |
| 3 DHE-RSA-CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False None DH,1024bits None | |
| 4 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True None False None None None | |
| 5 AES256-SHA SSLv3,TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False None None None | |
| 6 CAMELLIA256-SHA TLSv1,TLSv1.1,TLSv1.2 |
| #!/usr/bin/env bash | |
| trusted_keys=( #A | |
| "E60892BB9BD89A69F759A1A0A3D652173B763E8F" #A | |
| "CA84AA8BF9EBBE8AAD3EF759A1A652173B768B35" #A | |
| ) | |
| exit_code=0 | |
| for hash in $(git log --format=format:%H --no-merges); do #B | |
| res=$(git verify-commit --raw $hash 2>&1) | |
| if [ $? -gt 0 ]; then | |
| echo $hash NO SIGNATURE FOUND |
| Header: MAR ID="MAR1", Offset to Index=49468896 | |
| Signatures Header: FileSize=49471514, NumSignatures=1 | |
| * Signature 0 Entry Header: Algorithm="RSA-PKCS1-SHA384", Size=512 | |
| * Signature 0 Data (len=512): 3671D5CE31DEAB2AEBA1F67EA10A20BEACCA45A76B993D1C26D3426C5ADD73B6634F40C37C0297F9E0E77F31F4739C6902B5C63714B018649BB1A458B7EC7BF871DA7EFA6169A806F646F931B00228E84262CBD05C92F599FFFE78BC5D84B6A3A82EDFEC290D2DE5F52FCFB24E116BBF45528FE6654F0FBCA65B7E3E03F4632EB924169D705C7A9FAA24DF61E9C2DFBF908C999CF508D09DE67CF10255F8CC1965110F29BFA39AA50A4889C122A8CD17244ABE36F3E4237F42D7123A13D31E698CDCF376E2F196FFB724CF18E120BE9BA2C5995EA9D3EB82B408F9C9A63E051571AD7ADB9FAF8DEF340C9AEEC7E2455D78A0E41C41D8CC3896A6A414AC1C69F7CB7D98691CDF5C2A9E3B81B693C874D2EF175E4EF2D9B35CD8CA8508D7110D0D6054746D04E565CA20ADFB440C4DEC692D372300C85437919133560CAC19517BFB1D6484AB88C8AF41CA2631124AF75394514AE6DA8CBCE74138836568E96EF72E1D484342E861070AC74891E89A6C348856619DE256BD72B94557015F9115D6E21BCDDFF6F98B24AAD88E4C3BA529DD7A28501F3B28D47675000988 |
| $ go run main.go | |
| Header: MAR ID="MAR1", Offset to Index=45801756 | |
| Signatures Header: FileSize=45804305, NumSignatures=1 | |
| * Signature 0 Entry Header: Algorithm="RSA-PKCS1-SHA384", Size=512 | |
| * Signature 0 Data (len=512): 89F1914AA881AF7876F5EA22E4B047475AC90B270BC68CBFADB3B94E7942107C45F438B1C0391BEF0941D15F37C662F524EB2DC74634764CFC479F15B1C75ECD7A7423BF613F07BF648ADE38F3C19B2B8D567912E7D2A51D2F0592B59EE9185016446B55446450D9F472A34D05FEF0FD1A79E4AA0D8EEDAB57500013DEBCABD9CEE4BF3772D8262383C4CCCA721C6CB38A87C5EDA7157E3E14F4E413CA1668BCEE5F70F36AF4E962449DC22223CBC16C5255974836D413C1F62CABAEE12559A9EC0723FBCF00A27C8A13D04CE4F25E94A67C25328C0A86F948CBA00FA189FC0EF2007D8947B97749DF693C3966226210E7A9849784F7D58723ED5D5514D5F0CD8E0414ED4EC08C16344F8DB652B13AA3A060420F2D7D14FABD8FC080E1589782D15DCCC8F51C705773DE939F8F5EFE0B74319078D328CE100C2BB99C5F4DBD0702EDC4E9C607CB75DA3A28689FA54DBCE8D5A41462309AEC8729D6D9B867C68B3A6C155338C05BD8FB8E680AEA63E1A918E4EA74E3E0BDF2FEA754E70E5A9C3F5B5AE6B979A6791BECB77A4FB9F4CDDC87817BD |
| ulfr@gator4[17:10UTC]:mar[v]$ go run main.go | |
| Header: MAR ID="MAR1", Offset to Index=45801756 | |
| Signatures Header: FileSize=45804305, NumSignatures=1 | |
| * Signature 0 Entry Header: Algorithm="RSA-PKCS1-SHA384", Size=512 | |
| * Signature 0 Data (len=512): 89F1914AA881AF7876F5EA22E4B047475AC90B270BC68CBFADB3B94E7942107C45F438B1C0391BEF0941D15F37C662F524EB2DC74634764CFC479F15B1C75ECD7A7423BF613F07BF648ADE38F3C19B2B8D567912E7D2A51D2F0592B59EE9185016446B55446450D9F472A34D05FEF0FD1A79E4AA0D8EEDAB57500013DEBCABD9CEE4BF3772D8262383C4CCCA721C6CB38A87C5EDA7157E3E14F4E413CA1668BCEE5F70F36AF4E962449DC22223CBC16C5255974836D413C1F62CABAEE12559A9EC0723FBCF00A27C8A13D04CE4F25E94A67C25328C0A86F948CBA00FA189FC0EF2007D8947B97749DF693C3966226210E7A9849784F7D58723ED5D5514D5F0CD8E0414ED4EC08C16344F8DB652B13AA3A060420F2D7D14FABD8FC080E1589782D15DCCC8F51C705773DE939F8F5EFE0B74319078D328CE100C2BB99C5F4DBD0702EDC4E9C607CB75DA3A28689FA54DBCE8D5A41462309AEC8729D6D9B867C68B3A6C155338C05BD8FB8E680AEA63E1A918E4EA74E3E0BDF2FEA754E70E5A9C3F5B5AE6B979A |
| $ analyze_cloudwatch --json --summarize month.txt | |
| 639,280 passed | |
| 599,420 non .exe skipped | |
| 2,588 non-firefox .exe skipped | |
| 68 non shippable skipped | |
| 37,205 signatures examined | |
| 0 exe without signature | |
| 0 exe with bad signature | |
| 0 exe with non-Mozilla signature |
| observatory=> SELECT id, sha256_subject_spki FROM certificates WHERE id > 300 AND id < 305; | |
| id | sha256_subject_spki | |
| -----+------------------------------------------------------------------ | |
| 301 | 3EE6B341402851B27E64021A3023AAC7C1A0D2DEF27D5BCE5C2DBEB0B22DCC71 | |
| 302 | 47C7A149CA82FA7BA940A4D711D010625C6CB0B748B17016C46E25CE7ACD2B0C | |
| 303 | 8AB4E88556CBF864A5E9FD50171CD4ED8424E8F0801B99E236C810915950AE4B | |
| 304 | 5E6E52E50B5B9012817E63178BCB63BDE23CF1CC1F9458CED9B93A2BBA7DC4C6 | |
| (4 rows) | |
| observatory=> UPDATE certificates SET sha256_subject_spki = newvalues.spki |
Sample size: 1236617 HTTPS sites from Cisco Umbrella and Alexa top1m (total of 1868635 sites but 632018 don't support HTTPS)
Distrusted in Firefox 60: 21089 but 7382 of those certs expire before 60 is released so only 13707 need action (1.1% of HTTPS sites, 0.73% of all sites)
Distrusted in Firefox 63: 155847 but 81198 of those certs expire before 63 is released
| require “math” | |
| function haversine(lat1, lon1, lat2, lon2) | |
| lat1 = lat1 * math.pi / 180 | |
| lon1 = lon1 * math.pi / 180 | |
| lat2 = lat2 * math.pi / 180 | |
| lon2 = lon2 * math.pi / 180 | |
| lat_dist = lat2-lat1 | |
| lon_dist = lon2-lon1 | |
| lat_hsin = math.pow(math.sin(lat_dist/2),2) |