Broadband Tech > Security > Security > Google disables SSL compression in Chrome against new attack

reply to Mele20

Re: Google disables SSL compression in Chrome against new attack

reply to Name Game

reply to StuartMW
Well, I had forgotten momentarily that Google Sharing extension forces SSL connection. I love the extension but I see no real need for SSL for searches if the extension is scrambling and mixing up my search with a bunch of others. Because I don't use SSL for Proxo it means I see ads on Google searches using Google Sharing.

As for my ISP, well, gee, again I don't see why I should get upset about them theoretically being able to see every where I go. That has been the case since I got a computer in 1999. Why the sudden concern now, but not for all these past years? My ISP has never betrayed me (except for trying to force their search page for urls that are mistyped but I could easily and permanently opt out), but Google sure would just as Facebook, etc would.. and Yahoo...I haven't been to Yahoo about 10 years. They are the worst for betrayal and snooping...but my ISP? As I said, why would that suddenly concern me when it hasn't in all these years? I haven't seen my ISP suddenly becoming evel...maybe I am missing something though.....
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

reply to Mele20
Right and google invented SSL and TSL
Get real.
How can you protect yourself from CRIME, BEAST’s successor?
»security.blogoverflow.com/2012/0···ccessor/

Crack in Internet’s foundation of trust allows HTTPS session hijacking
safari info added:

»quickiphoneapps.com/crack-in-int···jacking/

--

Gladiator Security Forum
»www.gladiator-antivirus.com/

reply to Mele20

quote:

---

One year ago, the RIAA and the MPAA organized a project with the largest internet service providers in the US to begin monitoring their customer’s internet activity. This monitoring was introduced as a joint coalition to combat piracy.

---

Oh...the pirating thing....haven't done that in many years...errr...if I ever did. Yeah, I read that thread but that affects those who pirate. The ISPs have always been able to track the users so the only difference now is they will do so in connection with RIAA and that is the pits but unless you are a current pirate how does it affect you differently from before this?

I would be very pissed if my idiot state legislature had passed that hairbrained law that one representative introduced last session because she didn't know how to properly protect her website, but that got canned and I don't equate looking for pirates to be anything like what the state law would have been if passed and implemented. It is this latter crap that we must protest and stop.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

reply to StuartMW
SPDY ON on Firefox 15!!! not on 10ESR

No wonder why Firefox Mobile has discontinued 10.0.7 ESR and force users to use 15.0.1

Just turned off SPDY in Firefox mobile 15, Thx a million!!! Shame Mozilla!!!

reply to Name Game
SPDY is an open standard developed by Google so what do you mean by "get real"? I didn't claim Google invented SSL and TSL....geez. Just because you are madly in love with Google doesn't mean everyone is or that your admiration and love is not misplaced.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

Then I would remind you that Crime exploits TLS.

"The researchers who developed the attack that exploits this weakness say that all versions of TLS are affected, including TLS 1.2, and that the cipher suite used in the encrypted session makes no difference in the success of the attack."

And...
»SSL is broken and nearly impossible to fix

If you use Opera..even many month ago..

SSL2 should be disabled.
TLS 1.1 and TLS 1.2 should be enabled and are preferred, though TLS 1.2 was not yet supported on many servers

But for Opera this was the problem even in Jan 2012

»my.opera.com/community/forums/to···=1262702

Firefox, with "HTTPS Everywhere" (which forces TLS when available), along with "Perspectives" (which polls various certificate notaries to bolster the browsers trust for the Certificate in question) should have been used, if possible.

Sooo..getting back to the real world..

Yes, TLS is vulnerable although supposedly Fx and SM are now patched according to the Arstechnica artile linked here in this thread.

But I am talking about SPDY and not just in the context of this exploit. You ignored this and instead began discussing TLS which is related but not the subject. I didn't know hardly anything about SPDY until this thread (it is not available on my default browser or my other Fx browser or Opera or IE so this thread is the first I have heard of it). I don't like the possible threat it poses to Proxo even if you use Proxo with the files that make it able to filter HTTPS sites which I have never done. FF4m3 says he had to disable it in Fx so that Proxo will filter HTTPS correctly. So, I am talking about SPDY and you deliberately? or obtusely? changed the subject to TLS.

I am in the real world. You though wandered off somewhere else.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

And you still don't know anything about SPDY and this thread is about Crime..Rizzo and TLS.

And this is a joke

»prxbx.com/forums/showthread.php?tid=2029
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

reply to Mele20

reply to Mele20
SPDY indicator
An indicator in the address bar for SPDY usage by each website.
»chrome.google.com/webstore/detai···ggcjblin
These are the sites that happen to use it today

reply to Name Game
Yes, it started out being about Crime and TLS but it quickly got into SPDY. If SPDY should not be in this thread then please "hey mod" the thread and ask that all the posts on SPDY be moved to a new thread that is open for posts as I, and I think some others, would like to pursue not only the relationship of SPDY and Crime but SPDY more generally.

I'm sure I don't know a lot about SPDY as it is new to me but it is inaccurate for you to claim I know nothing and sounds just like a spiteful remark because you don't like the turn this thread has taken.

Yeah, I was about to go to prxbx and see if there was anything there regarding SPDY. I am not too surprised at that thread. It is very early to be concerned and we don't have Sidki now...stlll...the reply was lacking but that doesn't mean that when push comes to shove that Proxo lovers will not be able to meet the challenge. But the time will come, some day, when, because we don't have the Proxo code, it will become less and less relevant but I don't see that happening for years.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson

reply to Mele20

reply to Mele20

reply to Mele20
Have they told you if proxo with work with Windows 8..I hear it might be compatible but not tested..

We have a lot of experts guessing at what Crime might be able to do and how..so we shall see... I do remember in Beast there was a lot of speculation...

Because of Beast this happened..

»blog.torproject.org/blog/tor-and···l-attack

Then users were clamouring for TLS 1.1 or 1.2 support in firefox
»support.mozilla.org/en-US/questions/781028
Finally someone from Hawaii posted and
You might understand it all more in this thread where scarlettrunner20
shows people how to do a little test at "boh.com" The Bank of Hawaii .
»forums.mozillazine.org/viewtopic···=2310053
--
Gladiator Security Forum
»www.gladiator-antivirus.com/

reply to FF4m3

reply to Name Game

reply to Mele20