Security News
Google has announced a timetable for phasing out insecure file downloads in the Chrome browser, starting with desktop version 81 due out next month. Known in jargon as 'mixed content downloads', these are files such as software executables, documents and media files offered from secure HTTPS websites over insecure HTTP connections.
Continuing to drop flame retardant on the dumpster fire that is web security, Google on Thursday said it will soon prevent Chrome users from downloading files over insecure, plain old, unencrypted HTTP. "All insecure downloads are bad for privacy and security," declared Joe DeBlasio, who works on the Chrome security team, in a Twitter thread. "An eavesdropper can see what a user is downloading, or an active attacker can swap the download for a malicious one." "We hope to stop all unsafe downloads, but Chrome doesn't currently tell users on HTTPS pages that their downloads are insecure. That's weird! Users expect that what they do on secure pages to be... well secure! So we're blocking these downloads first."
In an attempt to improve the security of its users, the Chrome browser will soon start blocking insecure downloads on HTTPS pages, Google announced. The announcement comes just days after the release of Chrome 80, which by default blocks mixed audio and video resources if they cannot be automatically upgraded to HTTPS. The same will happen with image files in Chrome 81, which is expected to be released to the stable channel in March 2020.
Google Chrome will soon restrict certain files, like PDFs or executables, from being downloaded via an HTTP connection, if they are loaded on HTTPS webpages. With Chrome 68's 2018 release, Google started to label HTTP websites with an "Insecure" warning label in the navigation bar.
GOV validation and HTTPS encryption among county election websites in 13 states projected to be critical in the 2020 U.S. Presidential Election, a McAfee survey reveals. GOV validation across these states, and 88.9% and 90.0% of websites lacked such certification in Iowa and New Hampshire respectively.
Xton Technologies, a provider of privileged access management solutions, announced that Xton Access Manager now includes advanced proxy support for RDP, SSH and web proxies allowing customers to create secure, high trust remote sessions with full session recording and keystroke monitoring using native desktop or mobile applications. "Unique to XTAM is our ability to securely lock credentials on the server-side without ever releasing them to the client computer even in an encrypted form. This provides administrators with secure and efficient access to the systems they need to do their jobs while satisfying audit and senior management requirements for just in time secure access and controls."
If you find port 80 is a security risk on your network, you can change the Apache listening port to something non-standard.
DNS-over-HTTPS (DoH) traffic can apparently be identified without actually decrypting it, a security researcher has discovered. The DoH protocol is aimed at improving the overall security of the...
Firefox users interested in turning on the browser’s DNS-over-HTTPS (DoH) privacy feature now have two providers to choose from.
