Two of the new reporting features in https://report-uri.com currently require additions to the HSTS Preload List in Chromium. Here's a quick guide on how to request your site be added. Update 2nd May: I wrote this blog some time ago and have only just published it now. I'm…
Tag: chrome
Total 5 Posts
It's been common knowledge in the wider PKI community that Symantec, the Certificate Authority, is currently being distrusted and will soon cease to exist as a CA. My worry is that the wider community doesn't seem fully prepared for the distrust and the impact it will have. Symantec There's a…
I saw some research published at BlackHat EU recently that detailed various ways to bypass both HSTS and HPKP in a variety of mainstream browsers. It was a novel technique and seems like a viable attack vector to bypass them, which is a big problem because both HSTS and HPKP…
An address spoofing vulnerability has been disclosed in Google Chrome that not only allows a site to change the address you see in the address bar, but the certificate if the site uses HTTPS too. The vulnerability The issue was first published on the Full Disclosure mailing list by David…
A recently publicised "flaw" in Chrome and Firefox could allow someone with access to your computer to view all of your online passwords in a matter of seconds. Let's look at exactly what the problem is and what can be done about it. The Issue Just over a…
