Friday, February 10, 2012

Google Chrome Has Lost The Plot

This is massive. Mind numbingly stupid, too. There goes any chance I'll ever use Chrome as a serious/test browser. This sort of massive security fail NEEDS to be outed and brought to the public's attention, then have the public vote with their mice and use other browsers instead.

Admittedly, the current system has its flaws, however dropping it without offering a valid alternative is utter madness!


Regards,

The Outspoken Wookie

3 comments:

photo fun said...

I m using google chrome becauz it saves all my data online....

Alan said...

I initially totally agreed with your comment... But i just listend to security now podcast at http://twit.tv/show/security-now/339 and there was a good point to be made...

SO... get ready... i am about to say something good about Google...

1. CRL List are not reliable or fast thus making browsing slow
2. If a browser cannot find a CRL then it assumes it is safe...
3. Chrome is updated almost weekly... and during these updated they can manually update the in built CRL list....

While this does not mean that a certificate can be revoked straight away there is still a way fot he certificated to be revoked during the next browser update...

Not a perfect system... but it is neither is check a CRL for evey SSL request...

Hilton Travis said...

Oh, I agree that CRL isn't a flawless system, however waiting a week to find out that the site you visited previously was a phishing site and that now explains why your bank has been drained, well, that's not great either!

All up, the DNS and SSL/TLS/Certificate system is in need of an overhaul, however Google's going the wrong way about it.