Avast WEBforum
Other => General Topics => Topic started by: polonus on April 19, 2014, 11:50:01 AM
-
Chrome browser users have to tag "Check for server certificate revocation" in advanced settings themselves, because Google Chrome as by default will keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html link article author = John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out. ;)
polonus
-
Chrome browser users have to tag "Check for server certificate revocation" in advanced settings themselves, because Google Chrome as by default will keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html (http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html) link article author = John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out. ;)
polonus
(http://www.screencast-o-matic.com/screenshots/u/Lh/1397916895253-72518.png)
This can result in a "noisy" browser experience. :)
-
Hi bob3160,
Enabled the settings and no more noisiness as usual in fx and chrome. So noisiness apparently was not the reason for not passing these alerts on and for sending them to digital oblivion. This smells of "security through obscurity" tactics. Keeping information away from users is not the way to establish user confidence. Think what damage it did while the heartbleed issue was kept from the public. When such damage has been done, it will be so much harder to regain confidence. :D
polonus
-
I believe IE 11 has this option checked by "default".
I explored and found the option already checked.
-
Hi schmidthouse,
Point your Google chrome browser here capturing evenrs: chrome://net-internals/#dns
Get the feel of your DNS Prefetching. Info credits go to Disqus -> http://www.cambus.net/inspecting-dns-prefetching-and-resolver-performance-within-chrome/
enjoy,
polonus
-
Chrome browser users have to tag "Check for server certificate revocation" in advanced settings themselves, because Google Chrome as by default will keep users in the dark about quite some amount of recently revoked certificates: http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html (http://news.netcraft.com/archives/2014/04/18/chrome-users-oblivious-to-heartbleed-revocation-tsunami.html) link article author = John Graham-Cumming.
I did install Chromebleed in Google Chrome to be aware during the Heartbleed Revocation tsunami (e.g. from Cloudflare etc.). Netcraft Extension will also inform users or the LastPass Heartbleed checker. Still a lot of Heartbleed insecurity out there, be aware and check them out. ;)
polonus
(http://www.screencast-o-matic.com/screenshots/u/Lh/1397916895253-72518.png)
This can result in a "noisy" browser experience. :)
Why?
That setting has always been checked in Google Chrome on all my systems, I never get bothered by anything.
-
@bob3160,
Because of the specific way in which Google Chrome checks SSL Certificates the default setting like bob3160 gives as advice, may be the better alternative.
Read here why bob3160 shares with us the latest insights from Google-engineer Adam Langley: https://www.imperialviolet.org/2014/04/19/revchecking.html
Well, bob3160, I didn't know that you were sitting on the latest and hottest Google Chrome SSL-security insights.
I am impressed,
polonus
-
;)