Step 1

Enter your contact information.

Step 2

Enter your project information.

Step 3

Choose the PHP programmers you want to hire.

Compare Free PHP Quotes





Country



Google to Strip Chrome of SSL Revocation Checking

*Attention PHP Programmers* - Add A Free Listing! Get more clients.

Win a new Compaq Presario Notebook!

Google’s Chrome browser will stop relying on a decades-old method for ensuring secure sockets layer certificates are valid after one of the company’s top engineers compared it to seat belts that break when they are needed most.

The browser will stop querying CRL, or certificate revocation lists, and databases that rely on OCSP, or online certificate status protocol, Google researcher Adam Langley said in a blog post published on Sunday. He said the services, which browsers are supposed to query before trusting a credential for an SSL-protected address, don’t make end users safer because Chrome and most other browsers establish the connection even when the services aren’t able to ensure a certificate hasn’t been tampered with.

“So soft-fail revocation checks are like a seat-belt that snaps when you crash,” Langley wrote. “Even though it works 99% of the time, it’s worthless because it only works when you don’t need it.”

SSL critics have long complained that the revocation checks are mostly useless. Attackers who have the ability to spoof the websites and certificates of Gmail and other trusted websites typically have the ability to replace warnings that the credential is no longer valid with a response that says the server is temporarily down. Indeed, Moxie Marlinspike’s SSL Strip hacking tool automatically supplies such messages, effectively bypassing the measure.

“While the benefits of online revocation checking are hard to find, the costs are clear: Online revocation checks are slow and compromise privacy,” Langley added. That’s because the checks add a median time of 300 milliseconds and a mean of almost 1 second to page loads, making many websites reluctant to use SSL. Marlinspike and others have also complained that the services allow certificate authorities to compile logs of user IP addresses and the sites they visit over time.

Chrome will instead rely on its automatic update mechanism to maintain a list of certificates that have been revoked for security reasons. Langley called on certificate authorities to provide a list of revoked certificates that Google bots can automatically fetch. The time frame for the Chrome changes to go into effect are “on the order of months,” a Google spokesman said.

This article originally appeared on Ars Technica, Wired’s sister site for in-depth technology news.

Source http://www.webmonkey.com/?p=54194
Tue, 07 Feb 2012 14:57:59 GMT
Tags: Browsers, chrome, Security,

*Attention PHP Programmers* - Add A Free Listing! Get more clients.

Browsers

Chrome 10 Beta Offers Faster JavaScript, Less CPU Usage

Google has released version 10 of its Chrome web browser to the beta release channel. Chrome 10 is a major overhaul, featuring a new version of the V8 JavaScript engine, which is 60 percent faster than the version of V8 found in Chrome 9. Faster JavaScrip

Mozilla Makes Plans for Firefox 5

Firefox 4 was originally scheduled for release in November of last year, but bugs and last minute features have seen the next version of Firefox delayed several months. However, Firefox 4 has finally entered the home stretch and should be available in rel

Microsoft, Mozilla Battle Over What Makes a ‘Modern’ Web Browser

Microsoft and Mozilla are trading barbs over the coming Internet Explorer 9. Microsoft has been touting its HTML5 support in IE9, claiming that it renders HTML5 better than Firefox (and Chrome, Safari and Opera). Mozilla then turned around and released an

chrome

Google Adds Malware Protection to Chrome 12

Google has announced it will add a new malware protection tool to the upcoming release of Chrome 12. The new feature will warn users whenever they download a Windows executable file that’s a known malware offender. Malware protection is already avai

Bad Browser, No Donut

The Monkey is back from an extended vacation spent surveying the state of the internet around the world. I’m happy to report that things are, well, things are good, but far from perfect. Having spent the last eight weeks with unreliable, often very

Chrome Update Fixes Gestures in OS X Lion

Google has released a minor update to the Chrome dev channel which might be of interest to Mac OS X Lion fans. Previous releases of Chrome for Mac included support for left and right three-finger swipe gestures to navigate backward and forward in browsing

Security

HTTPS Is More Secure, So Why Isn’t the Web Using It?

You wouldn’t write your username and passwords on a postcard and mail it for the world to see, so why are you doing it online? Every time you log in to Twitter, Facebook or any other service that uses a plain HTTP connection, that’s essentiall

It’s World Backup Day, Do You Know Where Your Files Are?

Amazon’s recent leap into the world of online backups, with its new CloudDrive service, is just one of several dozen ways you can backup your files. And, as anyone with a failed hard drive can tell you, there’s no such thing as too many backup

EFF Wants to Secure the Web With “HTTPS Now” Campaign

The Electronic Frontier Foundation (EFF) has kicked off a new “HTTPS Now” campaign to educate consumers and help “make web surfing safer.” The new campaign is a two part effort. First the EFF would like to encourage users to instal

Members:
Quilcene
Pamela M Hunter Profile
Pamela M Hunter

Web site design and development. International clients are welcome.

Quilcene, Washington US
Zrenjanin
Mirza Delic Profile
Mirza Delic

PHP/MySQL Developer

Zrenjanin, Vojvodina RS
San Antonio
Integrity Web Design Profile
Integrity Web Design

Integrity Web Design builds website, will get clients listed on search engines, directories, design brochures, business cards, bookmarks, catalogs, booklets, calendars, door hangers, & club flyers.

San Antonio, Texas US
Mesa
Hamilton Arts Profile
Hamilton Arts

Let Hamilton Arts assist you with your web design needs. We can assure you that our design will not only impress but also work within your budget.

Mesa, Arizona US
Las Vegas
NetDynamic - PHP/MySQL - Experienced Dev Profile
NetDynamic - PHP/MySQL - Experienced Dev

PHP/MySQL Web Developer 15+ years experience. We are a team of developers and designers. Address: 3513 E Russell Road, Las Vegas, NV Call us: 877-704-0005 or 702-509-5050

Las Vegas, Nevada US
Design Leads


PHP Programmers Valid HTML 4.0 Transitional Valid CSS!

Jobs

It’s impossible to imagine the web as it is today without Steve Jobs in the story. Even someth


Review: Lightroom 4 Beta Offers Subtle, but Worthwhile Improvements

Adobe has released a free public beta preview of its coming Lightroom 4 image editor. On the surface


Adobe Envisions Brave New World of Web Layouts With ‘CSS Regions’

It’s cold here in the Webmonkey offices, Adobe has unveiled a web browser. No, Adobe isn’


This Week In Web – PHP Internals, jQuery Plugins, Kohana Performance

Podcast: Under PHP’s Hood

The folks over at This week in web – Vim Python IDE, Silex, Dojo JS Classes, New Appengine Datastore API

Python Appengine Datastore alternate API

Guido van Rossum has published a PHP Programmers Articles

Browsers| Web Standards| CSS| HTML5| Web Basics| firefox| Programming| Web Services| Mobile| JavaScript| Web Development| Multimedia| Visual Design| chrome| Google| responsive design| This Week in Web| CSS 3| Opera| Social|
Friends:
Live Help Chat Software
Web Design Quote
Web Design