Welcome!

Search Authors: Shelly Palmer, Mike Kavis, RealWire News Distribution, Alex Forbes, Kevin Benedict

Blog Feed Post

Report: Google Chrome’s Heartbleed Protection is ‘Completely Broken’

Google Chrome and Heartbleed

Google engineer Adam Langley published a blog post taking issue with the GRC characterization that Chrome’s CRLSet is “completely broken.” In the post, Langley said he has always been clear that the measure isn’t perfect, but in any event, it’s more effective than the revocation checks on by default in other browsers. “And yet, GRC managed to write pages (including cartoons!) exposing the fact that it doesn’t cover many revocations and attacking Chrome for it.” In fairness to Google a test performed after this article was published showed Chrome blacklisted the TLS certificate Ars revoked three weeks ago. The ability of Google Chrome to block secure website connections compromised by the Heartbleed bug is “completely broken” because the browser by default detects less than three percent of the underlying digital certificates that have been revoked, according to a detailed analysis recently posted online.

Read the full story at Ars Technica.

Read the original blog entry...

More Stories By Shelly Palmer

Shelly Palmer is the host of NBC Universal’s Live Digital with Shelly Palmer, a weekly half-hour television show about living and working in a digital world. He is Fox 5′s (WNYW-TV New York) Tech Expert and the host of United Stations Radio Network’s, MediaBytes, a daily syndicated radio report that features insightful commentary and a unique insiders take on the biggest stories in technology, media, and entertainment.