Big browsers to pull support plug for TLS 1.0 and 1.1 encryption protocols in early '20

Credit to Author: Gregg Keizer| Date: Tue, 16 Oct 2018 04:06:00 -0700

The makers of the four biggest browsers all said Monday that their applications will drop support for the TLS (Transport Layer Security) 1.0 and 1.1 encryption protocols in early 2020.

“In March of 2020, Firefox will disable support for TLS 1.0 and TLS 1.1,” wrote Martin Thomson, principal engineer at Mozilla, in a post to a company blog.

Other browser developers, including Apple (Safari), Google (Chrome) and Microsoft (Edge and Internet Explorer) issued similar notices. All pegged early 2020 as the target for disabling support.

To read this article in full, please click here

Read more

Firefox to auto-block ad trackers

Credit to Author: Gregg Keizer| Date: Fri, 31 Aug 2018 10:13:00 -0700

Mozilla this week said that its Firefox browser will soon start to automatically block some ad tracking technologies that the company claimed impact page load performance and shadow users wherever they go.

“In the near future, Firefox will — by default — protect users by blocking tracking,” wrote Nick Nguyen, Mozilla’s top Firefox executive, in an August 30 post to a company blog.

Mozilla added what it dubbed “Tracking Protection” to Firefox 57, a.k.a. “Quantum,” last fall. Since then, the feature has remained opt-in, meaning people must manually enable it from the browser’s Preferences display if they want to use it. When switched on, Tracking Protection blocks a wide range of content, not just advertisements but also in-page trackers that sites or ad networks implant to follow users from one website to another. Such trackers are the reason why an ad for underwear from a specific vendor seemingly pops up wherever one goes after one has browsed the underwear selection at the seller’s website.

To read this article in full, please click here

Read more

Get serious about privacy with the Epic, Brave and Tor browsers

Credit to Author: Barbara Krasnoff| Date: Fri, 24 Aug 2018 03:00:00 -0700

Privacy is one of the hardest things to find today — and one of the most prized, especially online. Most people, even those not technologically adept, are concerned about the amount of personal information that is being harvested by governments, corporations, third-party advertising agencies and/or unethical hackers.

To read this article in full, please click here

(Insider Story)

Read more

Google flips switch on Chrome's newest defensive technology

Credit to Author: Gregg Keizer| Date: Thu, 12 Jul 2018 13:32:00 -0700

Google has switched on a defensive technology in Chrome that will make it much more difficult for Spectra-like attacks to steal information such as log-on credentials.

Called “Site Isolation,” the new security technology has a decade-long history. But most recently it’s been cited as a shield to guard against threats posed by Spectre, the processor vulnerability sniffed out by Google’s own engineers more than year ago. Google unveiled Site Isolation in late 2017 within Chrome 63, making it an option for enterprise IT staff members, who could customize the defense to shield workers from threats harbored on external sites. Company administrators could use Windows GPOs – Group Policy Objects – as well as command-line flags prior to wider deployment via group policies.

To read this article in full, please click here

Read more

Apple pushes privacy theme in Safari for iOS 12, 'Mojave'

Credit to Author: Gregg Keizer| Date: Fri, 22 Jun 2018 03:23:00 -0700

Apple upgrades its Safari browser on macOS and iOS just once a year, making the refresh more strategic than most of its rivals, notably Google, which last year had eight separate opportunities to add features or functionality to Chrome.

The next Safari, which will be bundled with macOS 10.14 ‘Mojave’ and iOS 12, and offered as a separate download for those who stick with macOS High Sierra (10.13) and Sierra (10.12), thus must make its enhancements count.

On the security and privacy side, Safari tries its hardest to build a case. Here are the important ways Apple’s browser – which shed user share on both the desktop and on mobile over the past year – has staked its reputation for the next 12 months.

To read this article in full, please click here

Read more

How your web browser tells you when it's safe

Credit to Author: Gregg Keizer| Date: Wed, 23 May 2018 13:27:00 -0700

Google last week spelled out the schedule it will use to reverse years of advice from security experts when browsing the Web – to “look for the padlock.” Starting in July, the search giant will mark insecure URLs in its market-dominant Chrome, not those that already are secure. Google’s goal? Pressure all website owners to adopt digital certificates and encrypt the traffic of all their pages.

The decision to tag HTTP sites – those not locked down with a certificate and which don’t encrypt server-to-browser and browser-to-server communications – rather than label the safer HTTPS websites, didn’t come out of nowhere. Google has been promising as much since 2014.

To read this article in full, please click here

Read more

Google details how it will overturn encryption signals in Chrome

Credit to Author: Gregg Keizer| Date: Mon, 21 May 2018 13:45:00 -0700

Google has further fleshed out plans to upend the historical approach browsers have taken to warn users of insecure websites, spelling out more gradual steps the company will take with Chrome this year.

Starting in September, Google will stop marking plain-vanilla HTTP sites – those not secured with a digital certificate, and which don’t encrypt traffic between browser and site servers – as secure in Chrome’s address bar. The following month, Chrome will tag HTTP pages with a red “Not Secure” marker when users enter any kind of data.

Eventually, Google will have Chrome label every HTTP website as, in its words, “affirmatively non-secure.” By doing so, Chrome will have completed a 180-degree turn from browsers’ original signage – marking secure HTTPS sites, usually with a padlock icon of some shade, to indicate encryption and a digital certificate – to labeling only those pages that are insecure.

To read this article in full, please click here

Read more

(Insider Story)

Read more