Firefox to Block Mixed Content
Website owners who have mixed-content pages will surely be impacted and should make changes. Along with Firefox, Internet Explorer, Chrome and Opera already block mixed content. This means the users of the site will get trust warnings or the browser’s security indication (i.e., lock icon) may not be present.
Stopping CRIME Attacks
This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression [Read More...]
Why Your Browser Matters
Over the past couple of weeks, the Online Trust Alliance (OTA) and Microsoft have launched campaigns promoting the use of modern browsers. OTA’s campaign, “Why Your Browser Matters,” provides tools and resources to help website operators provide user education on the value of keeping browsers current. What appears to be complementary to the OTA campaign [Read More...]
Addressing Mixed Content Vulnerabilities
I fail to understand why website operators continue to deploy sites with Mixed Content. Are the following trust dialogues presented to their users not sufficient incentive to correct the problem? Nevertheless, a recent study showed that 22 percent of sites use Mixed Content. Internet Explorer (IE) and Firefox present these security dialogues by default. That [Read More...]
Social-engineering attacks are more common than attacks on security vulnerabilities. Traditional defense against malware is a URL-based filter to screen out known malware websites. Microsoft introduced a new defense called Application Reputation that is available in Internet Explorer 9 (IE9) through the SmartScreen Filter. Application Reputation allows publishers and their applications to build a reputation [Read More...]
Online SSL Tools
So you’ve gone to the trouble of buying and installing an SSL certificate. How do know you installed it properly? Some would just test the site by trying it with their browser. The problem is that Internet Explorer and Firefox validate the certificate path differently. Firefox will install an intermediate certificate while IE doesn’t. IE [Read More...]
What are chain certificates? Chain certificates are referred to by many names — CA certificates, subordinate CA certificates or intermediate certificates. Confused yet? Let’s break it down. It all starts with something called a root certificate. The root certificate is generated by a certification authority (CA) and is embedded into software applications. You will find [Read More...]
Is Your Browser Safe?
When Britain and France urge users to change from Internet Explorer due to security flaws they may be missing the point. The right thing to do is to upgrade to the latest version.