Hacker 10 |  |
| SPDY, a quicker and safer HTTP browser protocol Posted: 28 Apr 2012 05:15 PM PDT SPDY protocol explained SPDY, pronounced “speedy”, is a new experimental protocol developed by Google to speed up the Internet and make it safer. HTTP (Hypertext Transfer Protocol) was never designed to efficiently download a large number of small files, it was meant to attend a single request each time. As the Internet age advanced websites kept adding elements like CSS (Cascade Style Sheets), external javascript, XML and images, all of those multiple elements needed to be downloaded together for the user to be able to view a webpage, resulting in bottlenecks and delays. The ultramodern SPDY protocol ambition is to reduce website load, latency and increase security, it wants to replace parts of the old HTTP providing faster communication in between server and browser. SPDY uses less TCP connections wrapping up multiplexing in a single stream and manages TCP more efficiently prioritizing the resources needed to be send first, reducing upstream data and cutting down the number of handshakes, it also supports “server push” a technology that predicts what will be downloaded next, sending it to the browser before a request is made.  SPDY protocol status in Chrome browser SPDY is turned on by default in Google Chrome, see it by typing "chrome://net-internals" into the Omnibox, and Firefox will turn it on in their next Firefox 13 release, to enable it now, go to “about:config“, search for “network.http.spdy.enabled” and set it to “true“. An Apache server SPDY module exists and Nginx based servers (used by Facebook and Hulu) and Jetty web servers (Ubuntu, Zimbra) will support it soon making it easy for webmasters to deploy SPDY, the protocol won’t work unless server and browser both support it. Browsers that currently work with SDPY are Chrome, Firefox, SeaMonkey and Amazon Kindle Silk, the only websites I know of at this time supporting SDPY are Google services (Gmail, search,etc) and Twitter. Safari and Internet Explorer do not have immediate plans to support the protocol leaving half of the Internet population out and making it more difficult for the Internet Engineering Task Force ( IETF) in charge of the HTTP protocol to approve a backwards compatible neutral standard. Compulsory SSL connection The SPDY protocol makes it mandatory to encrypt all connections with websites using SSL, webmasters must install a SSL certificate in their servers for this endeavour. As good as it seems, various webmasters have objected to the approach arguing that when you multiply millions of SSL encryption and decryption requests the server CPU hardware needs a hardware upgrade and extra arrangements for heat dissipation provoking costs to go up. The second problem is that requiring all webmasters to have an SSL certificate will end up with many of them not bothering renewing the certificates and users will start to get used to see “expired digital certificate” warnings clicking on the ignore button without even reading it. Read Google’s SPDY white paper
|
| DropKey for MAC OS X to easily encrypt and email files Posted: 28 Apr 2012 09:46 AM PDT MAC OS X file encryption DropKey is a MAC OS X tool (Lion and above) to easily encrypt and share documents using public/private key encryption, you only have to drag and drop any file you want to encrypt on top of the DropKey icon that appears in the menu bar and it will automatically encrypted, specifying who to send the file to will create a new email message with the encrypted attachment, only the person whose public encryption key has been used will be able to view it. Your public encryption key is stored in your personal contact record in the Address Book and it can be safely attached to a vcard file (.vcard) to send to your contacts, any file encrypted by a sender using your public key can be opened by you without entering a password. The secret private key in your power decrypts it and makes sure that nobody else can access the file. It is possible to guard against man-in-the-middle attacks, where an adversary sends the wrong public encryption key making you believe that it is that of your friend so that you encrypt your personal files using it. DropKey can generate 4 random dictionary words with each encryption key, asking the person you are communicating with to verify those words, over the phone or Instant Messenger, will guarantee that it is his key. This is akin to a digital fingerprint, formed of random letters and numbers, DropKey has pursued to make the system easier for the average user by using pronounceable words instead of random characters.  DropKey MAC OS X file encryption This program is very easy to use and it integrates with your address book, the private encryption key is kept in OS X’s built-in Keychain Access app, to see it you will be asked for the administror password. DropKey can be used to keep personal files encrypted, they don’t have to be necessarily emailed, simply choose a place where to save the file after encryption, multiple files can be encrypted at once, the developer created this app with people wanting to email documents securely and not for those who need secure data archiving, functionality comes accordingly. No data ever leaves your computer unencrypted, the encryption and decryption process takes places locally, the recipient will need to have DropKey installed but doesn’t have to buy the software just to decrypt data, trial mode decryption never expires. I can foresee a big problem with this app, you won’t be able to communicate with friends using Windows or Linux computers, and for that reason I would advise you against it and go for GPGTools instead, which is compatible with any other OpenPGP software. Notice: This is not a free app.
|
| You are subscribed to email updates from Hacker 10 - Security Tips To stop receiving these emails, you may unsubscribe now. | Email delivery powered by Google |
| Google Inc., 20 West Kinzie, Chicago IL USA 60610 | |
Niciun comentariu:
Trimiteți un comentariu