Google flips switch on Chrome's newest defensive technology

Credit to Author: Gregg Keizer| Date: Thu, 12 Jul 2018 13:32:00 -0700

Google has switched on a defensive technology in Chrome that will make it much more difficult for Spectra-like attacks to steal information such as log-on credentials.

Called “Site Isolation,” the new security technology has a decade-long history. But most recently it’s been cited as a shield to guard against threats posed by Spectre, the processor vulnerability sniffed out by Google’s own engineers more than year ago. Google unveiled Site Isolation in late 2017 within Chrome 63, making it an option for enterprise IT staff members, who could customize the defense to shield workers from threats harbored on external sites. Company administrators could use Windows GPOs – Group Policy Objects – as well as command-line flags prior to wider deployment via group policies.

To read this article in full, please click here

Read more

How your web browser tells you when it's safe

Credit to Author: Gregg Keizer| Date: Wed, 23 May 2018 13:27:00 -0700

Google last week spelled out the schedule it will use to reverse years of advice from security experts when browsing the Web – to “look for the padlock.” Starting in July, the search giant will mark insecure URLs in its market-dominant Chrome, not those that already are secure. Google’s goal? Pressure all website owners to adopt digital certificates and encrypt the traffic of all their pages.

The decision to tag HTTP sites – those not locked down with a certificate and which don’t encrypt server-to-browser and browser-to-server communications – rather than label the safer HTTPS websites, didn’t come out of nowhere. Google has been promising as much since 2014.

To read this article in full, please click here

Read more

Google details how it will overturn encryption signals in Chrome

Credit to Author: Gregg Keizer| Date: Mon, 21 May 2018 13:45:00 -0700

Google has further fleshed out plans to upend the historical approach browsers have taken to warn users of insecure websites, spelling out more gradual steps the company will take with Chrome this year.

Starting in September, Google will stop marking plain-vanilla HTTP sites – those not secured with a digital certificate, and which don’t encrypt traffic between browser and site servers – as secure in Chrome’s address bar. The following month, Chrome will tag HTTP pages with a red “Not Secure” marker when users enter any kind of data.

Eventually, Google will have Chrome label every HTTP website as, in its words, “affirmatively non-secure.” By doing so, Chrome will have completed a 180-degree turn from browsers’ original signage – marking secure HTTPS sites, usually with a padlock icon of some shade, to indicate encryption and a digital certificate – to labeling only those pages that are insecure.

To read this article in full, please click here

Read more

TLS 1.3 is nearly here

Credit to Author: Christopher Boyd| Date: Fri, 30 Mar 2018 15:00:00 +0000

TLS 1.3 is nearly upon us, and with it comes a more secure way to do business online. We look at some of the changes coming into force soon.



(Read more…)

The post TLS 1.3 is nearly here appeared first on Malwarebytes Labs.

Read more

Chrome 68 to condemn all unencrypted sites by summer

Credit to Author: Gregg Keizer| Date: Tue, 13 Feb 2018 03:10:00 -0800

Google has put a July deadline on a 2016 promise that its Chrome browser would tag all websites that don’t encrypt their traffic.

“Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure,'” wrote Emily Schechter, a Chrome security product manager, in a Feb. 8 post to a company blog.

Google has scheduled Chrome 68 to release in Stable form – analogous to production-level quality – during the week of July 22-28.

Starting then, Chrome will insert a “Not secure” label into the address bar of every website that uses HTTP connections between its servers and users. Sites that instead rely on HTTPS to encrypt the back-and-forth traffic will display their URLs normally in the address bar.

To read this article in full, please click here

Read more