Vulnerabilidad FREAK puede dejar las comunicaciones cifradas expuestas a ataques
Una falla reportada recientemente permite a los atacantes forzar las conexiones seguras a usar un método de cifrado más débil y quebrantable.
Read More
Una falla reportada recientemente permite a los atacantes forzar las conexiones seguras a usar un método de cifrado más débil y quebrantable.
Read More
A recently reported flaw lets attackers force secure connections to use a weaker, breakable form of encryption.Read More
The latest news in the SSL and web browser industries is Google’s plans to deprecate SHA-1 in a unique way on upcoming releases of Chrome starting with version 39. Considerably different from Microsoft’s plans that were announced in November 2013, Google plans on placing visual marks or placing a block within the browser; all based on the version of the browser, date of use and certificate’s expiration date.
Here is what you need to know first:
What we expect to see with future Chrome releases:
Chrome 39 (Beta release: 26 September 2014, tentative production release: November 2014):
Chrome 40 (Beta release: 7 November 2014, tentative production release: post-holiday season):
Chrome 41 (Q1-Q2 2015):
Here is a matrix to help you understand the dates:
|
Sample Expiration Dates |
||||
Chrome Version (Beta dates) |
SHA-1 (Dec 31 2015) |
SHA-1 (Jan 1 – May 31 2016) |
SHA-1 (Jun 1 – Dec 31 2016) |
SHA-1 (Jan 1 2017 and beyond ) |
Recommended: SHA-2 |
Chrome 39 (Sept. 2014) |
|||||
Chrome 40 (Nov. 2014) |
|||||
Chrome 41 (Q1 2015) |
Moral of the story: Move to SHA-2, especially if your SSL certificate expires after December 2015.
What you need to do.
For more in-depth information, instructions, and assistance please refer to our knowledge center article on this subject. For a list of SHA-2 supported and unsupported applications review this list from the CA Security Council.
Read our SHA-2 webpage for the tools, steps to take, and a list of FAQs that can be generally applicable across all browsers.
Google is the most popular Internet search provider worldwide. The name itself has even become a verb: We don’t look online anymore, we Google everything. Moreover, we use plenty of Google products not even realizing how connected they are. Gmail, YouTube, Translator, Google Drive, Photos (the former Picassa), Play, as well as Google+. The integration of Google […]
Google is the most popular Internet search provider worldwide. The name itself has even become a verb: We don’t look online anymore, we Google everything. Moreover, we use plenty of Google products not even realizing how connected they are. Gmail, YouTube, Translator, Google Drive, Photos (the former Picassa), Play, as well as Google+. The integration of Google […]
Google wants Android everywhere and on everything but what does this mean for user security?
Read more…
Is the era of oversharing over? Recent revelations about state-sponsored surveillance and mega-breaches engineered by cybercrime gangs have put the issue of privacy in the spotlight. After more than a decade where people appeared to be sharing more and more details about themselves online, there is some evidence that a backlash is now underway. Certainly the founders of a number of new social networking services seem to think so and they have made privacy one of the main selling points of their offerings.
One effort at building a more anonymous social network is Secret. Its creators decided to move in the opposite direction to most social networks and minimize the personal information its users share. Available as either an iOS or Android app, it doesn’t use real names or profile photos. Users instead anonymously share text and images. Their posts are shared with other friends who are also on Secret, but users are not told which of their friends authored the post. They can choose to share those posts with their own friends and, if a post goes two degrees beyond its author, it is shared publicly and marked with its broad location (e.g. California).
Secret goes to some length to reassure its users of their privacy. For example, it markets itself with the fact that customer data is stored on Google servers – the same servers used in Gmail – and all communications are encrypted with TLS. Message data is encrypted before being written to its servers and keys are stored in an off-site keystore service that rotates keys. When the app connects a user with someone they know from their contacts book, it doesn’t send phone numbers or email addresses to Secret’s servers. Contact details are locally hashed with a shared salt and the server then compares them against other hashed values.
Secret’s arrival is a sign that social media moguls have spotted which way the wind is blowing. The app was developed by online publishing platform Medium, which was founded by Evan Williams and Biz Stone. Williams was a co-founder of blogging platform pioneer Pyra Labs (and credited with coining the phrase “blogger”) and was later a co-founder of Twitter.
The latest service to launch is Cloaq, which goes far beyond Secret in the level of anonymity it offers its users. Users don’t have to provide any personal information when they sign up, such as their name, email address or phone number. Instead, they choose their own password and Cloaq assigns them a user ID. The company is handing out accounts in batches, e.g. @alpha1 through to @alpha999 and so on. The downside of having such an anonymous service is that anyone who does forget their user ID or password has no way of retrieving it.
In addition to new social media ventures, established operators have also begun to perceive a market for private services. For example, Twitter chief executive Dick Costolo recently said that the company is exploring the option of introducing a “whisper mode” that will allow its users to move conversations into the private sphere. While the company already has a private direct messaging feature, Costolo indicated that the whisper mode would allow for a smoother transition between public and private conversations. Additionally, he indicated that the feature could enable private conversations between more than two people.
Revelations about surveillance have also prompted some of the main online service providers to beef up their privacy measures. For example, Google has now moved to a default encrypted HTTPS connection whenever a user of its email service Gmail logs on. Furthermore, the company said that it was encrypting all traffic on its data center network, meaning that Gmail data will also be encrypted if it moves between Google servers. The move is intended to allay privacy fears following revelations about state-sponsored surveillance of traffic between data centers.
Google isn’t the only company moving to enhance customer privacy. Yahoo has followed suit, switching on HTTPS as a default on Yahoo mail and encrypting traffic between its data centers. Microsoft too has responded to privacy concerns. Likening the threat posed by surveillance to that presented by malware, the company is encrypting content moving between itself and its customers, in addition to encrypting data center traffic.
Whether a permanent shift towards greater anonymity is underway remains to be seen. However it is clear that the entire industry, from start-ups to the major players, has recognized that it is, for now, a key concern for consumers.
We would like to assume that passwords saved in our web browser are stored in a secured virtual lock box, helping us to surf the web with increased speed and easily log into our favorite sites without sacrificing safety. Unfortunately, this might not be the case on Google Chrome, as it was recently brought to Read more…
It’s not all fun and games when it comes to your favorite social media sites. Many of the top sites such as Facebook and Twitter are used for entertainment and leisure, but they also store vital information identity thieves would love to get their hands on and disrupt your online life. For instance, personal login information Read more…
Our first “#useAVAST” Hashtag challenge is over and it’s time to announce the results. As always, YOU have proven what an engaged and creative community AVAST has. We’ve seen plenty of Facebook and Google+ posts and Tweets with your personal recommendations. It has convinced us that we should be giving you this opportunity more often, […]