How To: Encrypted Sites May Not Be Safe to Visit Using Chrome's Default Settings
As you may have already heard, the worst bug in OpenSSL history went public yesterday, dubbed Heartbleed. While we can go deeper into the technical details of it later, the short version is that OpenSSL, the library used to encrypt much of the web running on Linux and Apache has been vulnerable for up to two years.The vulnerability reveals the contents of memory on any server running an unpatched version of OpenSSL, 64KB at a time. This effectively means that with enough polling, one could reconstruct the private keys to SSL certificates used on affected servers, plain-text passwords, emails, usernames, and anything else that might be floating around in memory on an affected server.While a few big sites and service providers received early notice of the bug and were able to patch their systems before news went public, the rest of the web running OpenSSL has been scrambling to patch their systems (which requires a reboot... for those of you who need to patch your own systems to 1.0.1g).While we can't say for sure if the private SSL keys of affected sites have been compromised, as the bug has been in the wild for 2 years, we have to assume they are. As such, many sites are issuing new private keys for their SSL certificates, and revoking the old ones to make sure any compromised keys can't be used going forward.
So What Does All This Have to Do with Chrome?When an SSL certificate is revoked, your browser won't trust it—but that only works if your browser knows that the certificate has been revoked. Chrome's default settings do not automatically check to see if certificates have been revoked. As such, a compromised SSL certificate could be set up on a spoofed website, and Chrome would show the green lock indicating it's secured.
How to Fix Your Chrome SettingsSimply enable the check for server certificate revocation. To do this:Click the Chrome "menu" button in the upper right. Click Settings. Scroll down and click "Show advanced settings...". Scroll down to the HTTP/SSL headline and check the box labeled "Check for server certificate revocation". That's it. You can now browse the web knowing that any revoked certificates will no longer be trusted.
But What About All the Unpatched Websites?There are still many encrypted sites out there that are unpatched as of yet. To make sure your login credentials don't end up floating around in memory, ready to be picked off, refrain from logging into any HTTPS websites until they've patched their servers.You can check to see if a domain is vulnerable using this website set up by Filippo Valsorda.It will show red if vulnerable. If you get a timeout, or it shows green, then you can rest easy knowing the server is not using one of the vulnerable versions of OpenSSL, and is safe to log in to.
Fortunately, CyanogenMod developed Gello, a browser that includes the best and most used features in one fast Chromium-based application, so the browser wars slowed down a bit with one clear winner atop the heap. Don't Miss: CyanogenMod's Gello Browser Gives You the Chrome Experience Without Google's Tracking
Replace Your Android Browser with This Enhanced Version of
Unfortunately, the Hangouts application doesn't have too many users at the moment and things will get worse, because the company decided to remove the SMS feature from it. Hangouts version 18 is currently rolling out, but, for now, it doesn't come with any functional changes. However, the new version of the application comes with a code
Improve Picture Quality for MMS Messages in Hangouts « HTC
The stock AccuWeather widget on the Samsung Galaxy Note 3 is great if you want a super quick way to see the current time, date, and weather forecast for your area, but personally, its design just doesn't do it for me.
How to Set a GIF as a Live Wallpaper for Your iPhone's Lock
How to Check Your Android Phone's CPU Architecture [ARM or ARM 64 or X86] or 32 Bit or 64 bit CPU In this video as i have shown how you can check whether your cpu is 32 bit or 64 bit or x86 just
How to Build Android Kernel on Windows 10 - Appuals.com
Here's how to unroot your Android smartphone or tablet, works on any Android device. This is a universal guide on how to remove the SU binaries and Superuser.apk file using ES File Explorer in root mo
How to unroot your Android phone or tablet - Android Authority
You will be happy to know that all apps on Android Pie use HTTPS by default. Android cares about your privacy. 20. The Media Panel. Since the volume controls are dedicated to Ringer volume, Android's media setting now has its volume control in a vertically aligned slider on the right side of the screen and this same media panel displays
Android Pie 9: All you need to know - theandroidsoul.com
Sure, you can long-press pictures in Chrome to search for other instances of a photo, but it's not possible with pictures you find in other apps, or photos you've downloaded to your phone. Considering that Google makes Android, it's rather strange that the operating system doesn't have a baked-in solution for doing a reverse image search.
How to Change Google Chrome's Default Search Engine on Your
Report Ad
Did you check eBay? Fill Your Cart With Color today!
That is until Android themer Mohit Arora ported the video boot animation functionality from Motorola's latest devices to many other Android gadgets. Rather than using a series of PNG image files to animate your boot sequence, these video boot animations utilize MP4 video files with much higher frame rates.
How to Set a Video as Your Boot Animation - xda-developers
Speedbit, the creator of the most popular download manager - Download Accelerator Plus, is a pioneer in accelerating data delivery. Speedbit leverages powerful, patented, multi-channel technology, to overcome latency and other slowing factors in the internet infrastructure.
Best Download Manager to download large files on PC. - YouTube
Report Ad
See EVERYTHING: GPS, Texts & More. 100% Undetectable. Start Free Trial Today. Purchase the worlds most advanced mobile tracking software.
Here are 12 gestures you can use on Android that you might not know about. In Twitter for Android the same action copies text straight to the clipboard In a lot of Google apps for Android
How to run apps with touchpad gestures on Windows 10
0 comments:
Post a Comment