Author Topic: You have to enable "check for server certificate revocation" in Chrome yourself!  (Read 6536 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Chrome browser users have to tag "Check for server certificate revocation"  in advanced settings themselves, because Google Chrome as by default will  keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html  link article author =  John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out.  ;)

polonus
« Last Edit: April 19, 2014, 11:55:03 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Chrome browser users have to tag "Check for server certificate revocation"  in advanced settings themselves, because Google Chrome as by default will  keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html  link article author =  John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out.  ;)

polonus

This can result in a "noisy" browser experience. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi bob3160,

Enabled the settings and no more noisiness as usual  in fx and chrome. So noisiness apparently was not the reason for not passing these alerts on and for sending them to digital oblivion. This smells of "security through obscurity" tactics. Keeping information away from users is not the way to establish user confidence. Think what damage it did while the heartbleed issue was kept from the public. When such damage has been done, it will be so much harder to regain confidence.  :D

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7170
  • When you think you know, Think Again
I believe IE 11 has this option checked by "default".
I explored and found the option already checked.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Hi schmidthouse,

Point your Google chrome browser here capturing evenrs: chrome://net-internals/#dns 
Get the feel of your DNS Prefetching. Info credits go to Disqus -> http://www.cambus.net/inspecting-dns-prefetching-and-resolver-performance-within-chrome/

enjoy,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

AdrianH

  • Guest
Chrome browser users have to tag "Check for server certificate revocation"  in advanced settings themselves, because Google Chrome as by default will  keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html  link article author =  John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out.  ;)

polonus

This can result in a "noisy" browser experience. :)

Why?

That setting has always been checked in Google Chrome on all my systems, I never get bothered by anything.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Disable "check for server certificate revocation" in Chrome!
« Reply #6 on: April 22, 2014, 11:46:39 PM »
@bob3160,

Because of the specific way in which Google Chrome checks SSL Certificates the default setting like bob3160 gives as advice, may be the better alternative.
Read here why bob3160 shares with us the latest insights from Google-engineer Adam Langley: https://www.imperialviolet.org/2014/04/19/revchecking.html

Well, bob3160, I didn't know that you were sitting on the latest and hottest Google Chrome SSL-security insights.
I am impressed,

polonus
« Last Edit: April 22, 2014, 11:52:24 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet