Chrome devs hatch plan to mark all HTTP traffic insecure

The Chromium Project's security team has kicked off a debate on whether browser will mark all HTTP pages as insecure.

“We … propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure,” the team writes in this post.

The post says the team's goal “... is to more clearly display to users that HTTP provides no data security” because ““We all need data communication on the web to be secure (private, authenticated, untampered).”

If users aren't enjoying good security, the team suggests, browsers “... should explicitly display that, so users can make informed decisions about how to interact with an origin.”

The team also point out that HTTPS traffic usually produces a change to the user interfa,ce notification, yet insecure HTTP traffic does not.

The post proposes that browsers instead define, and inform users of, three security levels:

  • Secure (valid HTTPS, other origins like (*, localhost, *));
  • Dubious (valid HTTPS but with mixed passive resources, valid HTTPS with minor TLS errors); and
  • Non-secure (broken HTTPS, HTTP).

The post's authors have thrown the topic open to debate, posting to several influential mailing lists to gather feedback. But they seem intent on the change: the post says “We intend to devise and begin deploying a transition plan for Chrome in 2015.” ®

Simon Sharwood

Quantum Encryption Makes Credit Cards Fraud-Proof

Credit card frauds are very common these days – today a data breach occurs in retailer’s shop, online shopping site or banking site and at the next moment millions of cards appears in the underground black market – how simple is that for cyber criminals nowadays.
 
But imagine if there is no possible way to hack credit cards and ID cards. Seems like next to impossible, but quantum cryptography ensures that stealing people's personal data will soon be very difficult for hackers and cyber thieves due to an extra layer of verification.
 
SECURE FRAUD-PROOF CREDIT CARDS
The research at the University of Twente in Enschede, Netherlands has suggested that "fraud-proof" credit cards are possible to develop using Quantum Physics that will protect users’ financial and personal information from hackers. Security researchers describe this extra layer of verification as Quantum-Secure Authentication (QSA) of a "classical multiple-scattering key."
 
With the help of QSA method, people will be able to create a physical "key" which is impossible to copy or create similar ones. So, this new technology will not allow any person to copy someone’s credit card and can validate the identity of any person or object, including debit and credit cards, even if the most important data has been stolen, the Optical Society reported in the Dec. 15, 2014 edition of the journal Optica.
 
However, Chip-and-Pin payment cards are opted by the major organisations to promote additional security solutions like tokenization and point-to-point encryption. Chip technology generates a unique code for every transaction, making it nearly impossible for criminals to use the card for counterfeit fraud. But we have also seen that the latest "Chip-and-PIN" technology are vulnerable to Card Cloning.
 
HOW QSA TECHNOLOGY WORKS
Now, the important thing to note is that how is it possible and how Quantum Physics works with the Credit card technology ??
This innovative technology depends on two unique quantum properties of light to create a secure and unique Question-and-Answer (Q&A) exchange that cannot be 'spoofed' or copied. As a single photon of light can occupy more than one location at the same time and because light has so many separate wavelengths that hacking a credit card would take centuries to find the right combination.
"Single photons of light have very special properties that seem to defy normal behavior," said a study lead author Pepijn Pinkse of the University of Twente's MESA and Institute for Nanotechnology. "When properly harnessed, they can encode information in such a way that prevents attackers from determining what the information is."
The "quantum credit cards" would be more secure and fraud-proof because QSA technology leverages the immutable properties of quantum mechanics to create a perfectly secure encryption system, instead of any mathematical interpretation.
 
EASY TO IMPLEMENT AND HARD TO BREAK
According to Pepijn Pinkse, such a security layer would be "straightforward to implement with current technology," used by credit cards.
 
Quantum credit cards would be outfitted with a strip of white paint containing millions of nanoparticles. Researchers could project individual photons of light onto this paint with the help of a laser that would bounce around the nanoparticles as if in a pinball machine before escaping back to the surface and forming a unique pattern.
"It would be like dropping 10 bowling balls onto the ground and creating 200 separate impacts. It's impossible to know precisely what information was sent (what pattern was created on the floor) just by collecting the 10 bowling balls," researcher said.
This new technology could help in protecting government buildings, personal bank and credit cards, and even vehicles, according to the research.
Wednesday, December 17, 2014

We believe ALL internet websites should implement SSL

We believe ALL internet websites should implement SSL. The E.F.F (Electronic Frontier Foundation) started an HTTPS campaign back in 2011. By implementing SSL (regardless if your collecting personal information on your site or not), you are helping to protect users privacy and freedom. Begin by purchasing an SSL certificate. We can assist in converting your current site over to FULL TIME SSL.

Google to give more weight to encrypted websites in search results. Google's announcement may prod more websites to adopt HTTPS connections, said Tom DeSot, chief information officer of Digital Defense, a cybersecurity company. "Google pushing it is good because of the clout they have in the industry,” DeSot said. “The people that are in charge of search engine optimization, they will pay a lot of attention to this.”

Reset the NET, start with DELETING YOUR FACEBOOK

Excellent short video on why you should start caring about your privacy and DELETING your Facebook account. After watching, take a trip over to RESET THE NET on great ways to start protecting your privacy. Also, for anyone interested, we offer/operate a service for encrypting your communcations over the net, visit ourprivacy.org.


Original DELETE YOUR FACEBOOK post at SPLOID

Edward Snowden Wins EPIC "Champion of Freedom" Award

Edward Snowden received a prestigious CHAMPION OF FREEDOM REWARD at EPIC. Bruce Schneier had the honor of presenting the award at the EPIC dinner... continue reading

Vodafone reveals existence of secret wires that allow state surveillance

Vodafone, one of the world's largest mobile phone groups, has revealed the existence of secret wires that allow government agencies to listen to all conversations on its networks, saying they are widely used in some of the 29 countries in which it operates in Europe and beyond.

The company has broken its silence on government surveillance in order to push back against the increasingly widespread use of phone and broadband networks to spy on citizens, and will publish its first Law Enforcement Disclosure Report on Friday. At 40,000 words, it is the most comprehensive survey yet of how governments monitor the conversations and whereabouts of their people.

Continue reading at the Guardian....

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed

 
NON-MANAGED=REACTIVE
MANAGED=PROACTIVE
 
 

ourprivacy.org

US-CERT Latest Warnings

Latest US-CERT Released Warnings

Posted Articles