How To: Encrypted Sites May Not Be Safe to Visit Using Chrome's Default Settings
As you may have already heard, the worst bug in OpenSSL history went public yesterday, dubbed Heartbleed. While we can go deeper into the technical details of it later, the short version is that OpenSSL, the library used to encrypt much of the web running on Linux and Apache has been vulnerable for up to two years.The vulnerability reveals the contents of memory on any server running an unpatched version of OpenSSL, 64KB at a time. This effectively means that with enough polling, one could reconstruct the private keys to SSL certificates used on affected servers, plain-text passwords, emails, usernames, and anything else that might be floating around in memory on an affected server.While a few big sites and service providers received early notice of the bug and were able to patch their systems before news went public, the rest of the web running OpenSSL has been scrambling to patch their systems (which requires a reboot... for those of you who need to patch your own systems to 1.0.1g).While we can't say for sure if the private SSL keys of affected sites have been compromised, as the bug has been in the wild for 2 years, we have to assume they are. As such, many sites are issuing new private keys for their SSL certificates, and revoking the old ones to make sure any compromised keys can't be used going forward.
So What Does All This Have to Do with Chrome?When an SSL certificate is revoked, your browser won't trust it—but that only works if your browser knows that the certificate has been revoked. Chrome's default settings do not automatically check to see if certificates have been revoked. As such, a compromised SSL certificate could be set up on a spoofed website, and Chrome would show the green lock indicating it's secured.
How to Fix Your Chrome SettingsSimply enable the check for server certificate revocation. To do this:Click the Chrome "menu" button in the upper right. Click Settings. Scroll down and click "Show advanced settings...". Scroll down to the HTTP/SSL headline and check the box labeled "Check for server certificate revocation". That's it. You can now browse the web knowing that any revoked certificates will no longer be trusted.
But What About All the Unpatched Websites?There are still many encrypted sites out there that are unpatched as of yet. To make sure your login credentials don't end up floating around in memory, ready to be picked off, refrain from logging into any HTTPS websites until they've patched their servers.You can check to see if a domain is vulnerable using this website set up by Filippo Valsorda.It will show red if vulnerable. If you get a timeout, or it shows green, then you can rest easy knowing the server is not using one of the vulnerable versions of OpenSSL, and is safe to log in to.
Cricket can be great for talk, txt, basic web and all that but as far as smart phones it's not that great.. Cricket doesn't have a solid data service nor do they have BES, there web service is extremely basic and not made for smart phones.. I have a blackberry storm with cricket.. Its a great phone..
**verizon Blackberry Storm 9530 Full Flash To Cricket So. Cal
Text messaging may no longer be a feature in Hangouts . SOFTPEDIA® NEWS Play Store to find a new alternative. SMS through user Google Voice numbers can still be sent started rolling out
Google updates Hangouts app to support merged SMS
Watch Out Facebook & Twitter: Google's Stepping Up Their Live
If you want to jailbreak your iPhone, iPad or iPod touch then you've reached the correct destination. This page is the ultimate guide to jailbreaking where we will answer your most frequently asked questions and also provide links to detailed tutorials on how to jailbreak iPhone, iPad and iPod touch.
How to Jailbreak 2.2.1 for iPhone/iPod Touch - YouTube
If you would like to access a USB device connected to another computer in your network, there is an application that enables you to do just that. FlexiHub serves as a control panel for all shared devices in your network.
How to Transfer Your Stardew Valley Saves from Your Computer
How to Delete Cydia from iPhone/iPod Touch. Cydia is an app that allows jailbroken iOS devices to find and install jailbreak-only apps and tweaks. If you no longer wish to use Cydia, you can either uninstall it or remove your jailbreak
How To Remove Music Player From Lock Screen On iOS 11? Published on 2017-12-13 One of my friend who uses iPhone had reported a problem that after updating his iPhone to iOS 11, the music player keeps prompting on the lock screen .
Fix: how to remove a stuck music player widget from your
This video will show you how to stop flash auto play in Chrome and Firefox Browser. Flash auto play consumes unnecessary bandwidth and slow down speed also. Now with the help of this video you could stop this auto Play feature in Chrome and Firefox browser.
How to Disable Video Autoplay in Chrome and Firefox
How to Save (All) Pictures from Messages & Facebook on iPhone Images you receive on your iPhone don't automatically save to your Photos app, but you can save pictures from Messages on iPhone—you can even save all of the photos you send and receive. iPhone users have also asked how they can save all pictures from Facebook or how to simply save a single image from Facebook.
How to Transfer Photos from Phone to Computer- Android/iPhone
You can decide to have Guided Help delete the cookie files from your computer for you, or you can manually delete cookie files from your computer. The "How to automatically delete cookies in Internet Explorer on Windows XP" section contains instructions on how to have Guided Help perform the steps for you.
Clear the Windows XP system file cache in to get more free
How to Screencast directly from an iPhone or iPod Touch
In addition to the police flashlight reviews, we have also included a handy Flashlight Comparison Guide and many other best flashlight articles, to help you choose the best law enforcement flashlight for you. Using the guide, you can easily sort through the flashlights using certain specifications, such as lumens, battery life, battery type, etc.
Amazon.com: police grade flashlight
0 comments:
Post a Comment