BROWSERS and security



Valentin Goșu

Firefox Network Engineer

valentin@mozilla.ro



SSL & TLS

Secure Sockets Layer

Transport Layer Security



SSL 1.0 (1994)

SSL 2.0 (1995)

SSL 3.0 (1996)

TLS 1.0 (1999)

TLS 1.1 (2006)

TLS 1.2 (2008)

The Summer of snowden










""The bottom line …

is that encryption does work""


Edward Snowden (SXSW-2014)

SRINT


STRINT - Strengthening the Internet against pervasive monitoring

IETF - Internet Engineering Task Force


https://datatracker.ietf.org/doc/draft-farrell-perpass-attack/


Pervasive monitoring is an Attack
draft-farrell-perpass-attack-06.txt



HTTP2


TLS only (Mozilla & Google)


Security


1. Service Providers

2. Users

3. Server/Client developers





CRYPTO USE TODAY


https://www.trustworthyinternet.org/ssl-pulse/




Why don't you JUST USE HTTPS?




 


1. Load time

2. Price

3. Doesn't matter


--

Any encryption is better than no encryption?

USERS






&

HSTS - HTTP STRICT TRANSPORT SECURITY

TRUSTED SOFTWARE


Extensions

https://addons.mozilla.org/en-US/firefox/

https://chrome.google.com/webstore/category/extensions


Anti-virus software is a must (on Windows)

PASSWORDS


Password: password (BAD!!!!1)


Use different passwords


Change your passwords often


Stay informed

SERVER/CLIENT developers



Encrypt Everything


Cert Authority = Vulnerability ?


Oportunistic encryption (self-signed=ok)





Browser security

By Valentin Gosu

Browser security

  • 1,735