SslEncryption
Latest
Firefox deems favicons risky, banishes them from address bar
Who'd have thought those tiny reminders of the site you're browsing could bite your backside? Apparently Mozilla did, and with its latest nightly Firefox build it has expunged favicons from their eternal perch just left of the URL. The problem is that instead something friendly -- like Google's famous "g" -- nefarious sites can use a padlock or similar image, making you think you're on a secure SSL page. So, starting from mid-July you'll see a generic globe for standard websites, green padlocks for SSL sites with validation, and gray padlocks for SSL sites without it. Take note that (so far) tabs will keep their favicons, so those of us with 43 sites open at the same time will still know where in the web we are.
Google encrypts search for users, paranoiacs unsure how to respond
When Al Gore first created the internet (hard wink, everybody), we're pretty sure the plan was for Big Brother to collect your data, not Silicon Valley titans. Now Google, the company that mainly tends the gates to the web's vast array of information, is stepping up to its "Do No Evil" motto, and making encrypted search the norm -- for account users. While Gmail's long had SSL set as a default login, good ol' Joe Public's had to specifically access Mountain View's dedicated encrypted search page for anonymous surfing privileges. No longer, as Gmail users signed in to Goog's suite of web services will be automatically redirected to https://www.google.com where their searches and results will be hidden from prying eyes. The protection doesn't extend out to web advertisements, so those specific clicks will deliver the same metric-relevant info that helps marketers optimize their hyper-targeting. Any of that put you conspiracy theorists at ease? Good, now you can open those curtains again.
1024-bit RSA encryption cracked by carefully starving CPU of electricity
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.
