• Time: (Weekly) Tuesday at 13:30 PM PDT / 16:30 PM EDT / 21:30 PM UTC.
• Place: Mozilla HQ, MTV 217 Star Trek
• Phone (US/Intl): 650 903 0800 x92 Conf: 95217#
• Phone (Toronto): 416 848 3114 x92 Conf: 95217#
• Phone (US): 800 707 2533 (pin 369) Conf: 95217#

Agenda

Today's meeting is hosted by, Operations Security (aka "OpSec")

• [kang] Rapid Risk Assessment (aka RRA) (13:34)
  • We have a reference document on how we do RRAs:
  • https://mana.mozilla.org/wiki/pages/viewpage.action?pageId=37684270
  • Current RRAs stored at https://drive.google.com/a/mozilla.com/?usp=sheets_web#folders/0B9hhYg2CqN25SUVuQlczRzU3bTg
• [ulfr] MIG deployment update and future
• [ulfr] Server Side TLS Recommendations Updated
  • https://wiki.mozilla.org/Security/Server_Side_TLS
• [michal] datacenter network security

https://docs.google.com/a/mozilla.com/presentation/d/1Aw_HTCz_qY4tVFddNFyOQgbizzY4Z8xf8CjGte4R9e0/edit#slide=id.g3574813e8_033 ^^ slides

• [jeff] What's next for MozDef
• Decommission arcsight (again)
  • Making use of NSM/Bro as IDS instead of just combing through logs
• release 1.0 at blackhat arsenal
  • docs, packaging, moar docs
• Other Data sources: MIG, Vulnsnitch, Nagios, Vidyo
• Integration to existing banhammer for ogre remediation
• Virtual reality (occulus rift, myo, omnidirectional treadmill)
• Machine learning
• [averez] Caphaw DNS classifier for fun (free time project)
  • https://github.com/netantho/caphaw-dns-classifier
• [joe] Some upcoming projects for Q3/Q4
  • Operational Metrics
  • Risk Heat Map
  • RRRA
  • MFA and SSO
  • Moar cloud security
  • Certificate management standards and guidelines
• Questions?
  • can you go a bit more into detail for MFA/SSO? Will this expose (share) our password data to additional external service providers? [freddy]
• Anything else?

Team Updates (Silent)

Firefox Desktop

Firefox Mobile

Firefox OS

Firefox Core

MarketPlace

Web Apps

Services

Operations Security