Five things worth sharing from the last week or so, brought to you by a different member of the Browser Media team every Friday.
This week’s My Five is by Alex.
1. DROWN Risk
Researchers have discovered a new decryption attack called DROWN (Decrypting RSA with Obsololete and Weakened eNcryption) which can access sensitive information on TLS-protected websites.
Despite TLS being the latest form of encryption protocol, many servers apparently aren’t configured correctly, and still support TLS’s precursor; SSLv2, which was withdrawn from popular use thanks to major security flaws.
DROWN exploits this incorrect configuration by firstly reading the TLS connection but then launching SSLv2 probes to the server. Within hours, or maybe even minutes, DROWN can break the standard internet security cryptography, leaving secure information such as passwords, usernames, banking and financial information, and trade secrets available for the taking by the hackers.
To put this even further into perspective, it is estimated that DROWN could affect up to 33 per cent of all HTTPS websites, mail servers and other services – a massive 11 million websites.
But fear not! The researchers have created a handy FAQ page and tool to check your sites, offering advice on how to disable SSLv2 for Open SSL, Microsoft IIS, Network Security Services, Apache, Postfix and Nginx. Take note though that issues need to be address at the server operator level.
2. Google Crashes
On 14th February a Google self-driving car pulled out in front of a bus, causing a collision.
Thankfully, it was only going at 2mph, so there were no injuries. However there was a human in the car who saw the bus coming but thought that it would slow or stop to allow the car to merge into the traffic, so didn’t override the car’s self-driving computer.
Every cloud has a silver lining though, and the crash has given Google the opportunity to refine it’s self-driving algorithm, so that the cars should better understand that larger vehicles – like buses – are less likely to yield, so will ‘drive’ accordingly.
Annoyingly however, this crash came just four days after the US National Highway Traffic Safety Administration told Google that it would ‘likely give the self-driving computer the same legal treatment as a human driver.’ This could pave the way for future self-driving cars which do not have controls such as a steering wheel or pedals.
3. World Book (?) Day
Yesterday was World Book Day, a charity event held annually in the UK to promote reading, and is celebrated by children all over the country by dressing up as their favourite book character for school.
Despite the droves of photos on Twitter, I don’t think I’ll ever see a costume that will top this. However, we do now have a wooden spoon winner…
— joe heenan (@joeheenan) 3 March 2016
Quick-thinking Dad points FTW!
4. Kanye, Kan-NO!
Another day, another twitter fiasco for Kanye West, who, this time got accused of using Pirate Bay, an illegal (here in the UK) file sharing site.
Eagle-eyed Deadmau5 spotted the Pirate Bay tab open in a photo that Kanye uploaded to Twitter
— dead mow cinco (@deadmau5) 2 March 2016
Big deal? Well, seeing as Kanye was one of the stars involved in the high-profile re-launch of Tidal – which was all about the need for artists to get a fair share of revenue from music streaming – yes.
This is just another in the run of Kanye’s bizarre Twitter rants. Someone get that man a social media manager, now.
5. Say and Pay
Google announced yesterday that the company is developing a means for people to pay for things hands-free. The pilot app, which is currently in the early stages of testing (only in South Bay, unfortunately) allows mobile payments – without touching your phone. Available on Android and iOS devices, the imaginatively named Hands Free app uses Bluetooth low energy, WiFi and location services on your phone to detect whether you’re near a participating store (currently it’s only in a small number of McDonald’s, Papa John’s and other small eateries in South Beach). At the checkout, just tell the cashier: “I’ll pay with Google”, and hey presto! Payment made*. Magic.
*once you’ve signed your initials and your identity has been confirmed via Hands Free profile pic
A bonus this week; as one of our fellow Browserites, Annie, is tying the knot!