サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
画力アップ
textslashplain.com
In a recent post, I explored some of the tradeoffs engineers must make when evaluating the security properties of a given design. In this post, we explore an interesting tradeoff between Security and Privacy in the analysis of web traffic. Many different security features and products attempt to protect web browsers from malicious sites by evaluating the target site’s URL and blocking access to th
text/plain ericlaw talks about security, the web, and software in general The Top Level Domain (TLD) is the final label in a fully-qualified domain name: The most common TLD you’ll see is com, but you may be surprised to learn that there are 1479 registered TLDs today. This list can be subdivided into categories: Generic TLDs (gTLD) like .com Country Code TLDs (ccTLDs) like .uk, each of which is c
text/plain ericlaw talks about security, the web, and software in general Last Updated: 13 November 2023 For privacy reasons, the web platform is moving away from supporting 3rd-party cookies, first with lockdowns, and eventually with removal of support starting at 1% in Q1 2024 (was late 2023) and completed in the third quarter of 2024. The Edge team will almost certainly follow the Chrome team,
text/plain ericlaw talks about security, the web, and software in general Last Update: June 24, 2024 From the mailbag: Q: How long does Chromium cache hostnames? I know a user can clear the hostname cache using the Clear host cache button on about://net-internals/#dns, but how long it will take for the cache to be removed if no manual action is taken? After changing DNS records on my server, nsloo
text/plain ericlaw talks about security, the web, and software in general The Web Browser is the most security-critical application on most users’ systems– it accepts untrusted input from servers anywhere in the world, parses that input using dozens to hundreds of parsers, and renders the result locally as fast as it can. For performance reasons, almost all code in almost all browsers is written i
text/plain ericlaw talks about security, the web, and software in general The Chrome team is embarking on a clever and bold plan to change the recipe for cookies. It’s one of the most consequential changes to the web platform in almost a decade, but with any luck, users won’t notice anything has changed. But if you’re a web developer, you should start testing your sites and services now to help en
text/plain ericlaw talks about security, the web, and software in general While most users probably would have no idea what to make of this, I happened to know what it means– Chrome is warning me that the system configuration has instructed it to leak the secret keys it uses to encrypt and decrypt HTTPS traffic to a stream on the local computer. Looking at the Chrome source code, this warning was
text/plain ericlaw talks about security, the web, and software in general By this point, most browser enthusiasts know that Chrome has a rapid release cycle, releasing a new stable version of the browser approximately every six 4 weeks (2022 Update: now every four weeks). The Edge team adopted that rapid release cadence for our new browser, and we’re already releasing new Edge Dev Channel builds e
text/plain ericlaw talks about security, the web, and software in general I’ve been working on browsers professionally for 12 of the last 15 years, and in related areas for 20 of the last 20, and over the years I’ve discovered enough surprises in browser behavior that they’re no longer very surprising. Back in April, I wrote up a quick post explaining how easy it is to delete a single site’s cooki
text/plain ericlaw talks about security, the web, and software in general A colleague recently forwarded me an article about the hazards of browsing on public WiFi with the question: “Doesn’t HTTPS fix this?” And the answer is, “Yes, generally.” As with most interesting questions, however, the complete answer is a bit more complicated. HTTPS is a powerful technology for helping secure the web; all
text/plain ericlaw talks about security, the web, and software in general If you’re using a Self-Signed certificate for your HTTPS server, a deprecation coming to Chrome may affect your workflow. Chrome 58 will require [why?] that certificates specify the hostname(s) to which they apply in the SubjectAltName field; values in the Subject field will be ignored. This follows a similar change in Firef
text/plain ericlaw talks about security, the web, and software in general When building applications that display untrusted content, security designers have a major problem— if an attacker has full control of a block of pixels, he can make those pixels look like anything he wants, including the UI of the application itself. He can then induce the user to undertake an unsafe action, and a user will
このページを最初にブックマークしてみませんか?
『textslashplain.com』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く