Tagged: https

cloudflare

Cloudflare memory leak caused by parser bug

Last Friday, Tavis Ormandy from Google’s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I’ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information...

https logo

Researchers tell security firms to stop SSL tampering

A surprisingly large number of antivirus and security products are undermining HTTPS connections and exposing browser users to decryption attacks, according to a study by researchers at Google, Mozilla, Cloudflare, and several US universities. Thanks to a multi-pronged effort to enable HTTPS everywhere, as of January half the world’s traffic on the web is encrypted using the secure TCP/IP HTTPS protocol. However, while HTTPS...

https logo

Increased encryption will help keep porn browsing private

Thanks to boosts in visibility when it comes to search and web browsers, you’ve probably noticed more websites (like Engadget) switching to HTTPS, which uses encryption to secure the connection between browser and server. Despite benefits to privacy and security most adult sites, even larger ones, haven’t rolled it out across their domains, but the Washington Post points out there’s a new industry push...

chrome logo

Chrome will shame unencrypted sites starting January 2017

Starting in January of 2017, Google’s Chrome browser will start flagging some websites that don’t use web encryption as “Not Secure”—the first step in Google’s eventual plan to shame all sites that don’t use encryption. In the last couple of years, the web has seen a tremendous rise in the number of websites that use encryption, which is displayed by that little green lock...

HTTPS crypto’s days are numbered. Here’s how Google wants to save it

HTTPS crypto’s days are numbered. Here’s how Google wants to save it

Like many forms of encryption in use today, HTTPS protections are on the brink of a collapse that could bring down the world as we know it. Hanging in the balance are most encrypted communications sent over the last several decades. On Thursday, Google unveiled an experiment designed to head off, or at least lessen, the catastrophe. In the coming months, Google servers will add...