BROWSERS and security
Valentin Goșu
Firefox Network Engineer
valentin@mozilla.ro
SSL & TLS
Secure Sockets Layer
Transport Layer Security
SSL 1.0 (1994)
SSL 2.0 (1995)
SSL 3.0 (1996)
TLS 1.0 (1999)
TLS 1.1 (2006)
TLS 1.2 (2008)
The Summer of snowden
""The bottom line …
is that encryption does work""
Edward Snowden (SXSW-2014)
SRINT
STRINT - Strengthening the Internet against pervasive monitoring
IETF - Internet Engineering Task Force
https://datatracker.ietf.org/doc/draft-farrell-perpass-attack/
draft-farrell-perpass-attack-06.txt
HTTP2
TLS only (Mozilla & Google)
Security
1. Service Providers
2. Users
3. Server/Client developers
CRYPTO USE TODAY
https://www.trustworthyinternet.org/ssl-pulse/
Why don't you JUST USE HTTPS?
1. Load time
2. Price
3. Doesn't matter
--
Any encryption is better than no encryption?
USERS
&
HSTS - HTTP STRICT TRANSPORT SECURITY
TRUSTED SOFTWARE
Extensions
https://addons.mozilla.org/en-US/firefox/
https://chrome.google.com/webstore/category/extensions
Anti-virus software is a must (on Windows)
PASSWORDS
Password: password (BAD!!!!1)
Use different passwords
Change your passwords often
Stay informed
SERVER/CLIENT developers
Encrypt Everything
Cert Authority = Vulnerability ?
Oportunistic encryption (self-signed=ok)
Browser security
By Valentin Gosu
Browser security
- 1,877