iMyFone LockWiper

iMyFone LockWiper

Helps you bypass the iPhone passcode in case you forgot it and the device became unusable or you have to wait for a long time before attempting to unlock it again

FULL VERSION + CRACK
Flvto Youtube Downloader

Flvto Youtube Downloader

With this simple and intuitive application, you can swiftly download all your favorite online videos to your computer, in just a couple of moves

FULL VERSION + CRACK
Voicemod

Voicemod

Real-time voice changer that works with any application and comes equipped with an extensive collection of voices and ambient effects

FULL VERSION + CRACK
Dolby Access

Dolby Access

Take advantage of stunning sound quality and realism in your multimedia experiences, with sound that surrounds you with the help of this app that gives you a free trial of Dolby Atmos.

FULL VERSION + CRACK
Logic Pro X

Logic Pro X

A fully-featured recoding studio that provides a complete set of tools for musicians who need to write, record, edit and mix music

FULL VERSION + CRACK

IT News

Feb 24
The two companies plan to team up with telcos to sell 5G-enabled augmented reality technology for remote collaboration.
Feb 21
Apple has joined a veritable who's who of tech vendors in the FIDO Alliance who see standardized, two-factor authentication as the way forward for device log-in.
Feb 21
Google bought Cornerstone Technology, whose technology facilitates moving mainframe applications to the cloud.
Feb 21
SAP and IBM offer a new (certified) home for big databases in SAP HANA Enterprise Cloud.
Feb 20
40% year-over year SD-WAN growth through 2022 is being fueled by relationships built between vendors including Cisco, VMware, Juniper, and Arista and service provders AWS, Microsoft Azure, Google Anthos, and IBM RedHat.
Feb 19
Vulnerabilities in unvalidated peripheral firmware such as WiFi adapters, cameras, and network interface controllers give attackers control over systems.
Feb 19
Creating an immutable ledger to track metadata associated with published content shows promise as a method for identifying authentic news.

Categories

Chrome, Firefox to expunge Extended Validation cert signals

Google and Mozilla have decided to eliminate visual signals in their Chrome and Firefox desktop browsers of special digital certificates meant to assure users that they landed at a legitimate site, not a malicious copycat.

The certificates, dubbed "Extended Validation" (EV) certificates, were a subset of the usual certificates used to encrypt browser-to-server-and-back communications. Unlike run-of-the-mill certificates, EVs can be issued only by a select group of certificate authorities (CAs); to acquire one, a company must go through a complicated process that validates its legal identity as the site owner. They're also more expensive.

The idea behind EVs was to give web users confidence that they were at their intended destination, that the site computerworld.com, for instance, was owned by its legal proprietor, IDG, and not a fishy - and phishy - URL run by It's Crooks All the Way Down LLC and chockablock with malware. Browsers quickly took to the concept, rewarding EV-secured sites with in-your-face visual cues, notably the verified legal identity in front of the domain in the address bar. The identity was often shaded in green as an additional tip-off. (Chrome dismissed the green in September 2018 as of Chrome 69.)

But Google and Mozilla claim that EVs are no longer worth calling out in their browsers' address bars.

"Through our own research as well as a survey of prior academic work, the Chrome Security UX [user experience] team has determined that the EV UI [user interface] does not protect users as intended," Google wrote in an online document detailing why it is scrubbing EV evidence from the address bar. "Users do not appear to make secure choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection."

Plus, Google added, the legal entity's name takes up valuable browser real estate.

Mozilla said something similar on Monday. "The effectiveness of EV has been called into question numerous times over the last few years, there are serious doubts whether users notice the absence of positive security indicators and proof of concepts have been pitting EV against domains for phishing," said Johann Hofmann, a Firefox engineer, in a message posted to development forum.

Chrome 77, slated to ship Sept. 10, will remove the EV information from the address bar and place it in the Page Info pop-up, which is accessed by clicking on the padlock icon.

Firefox will follow suit on Oct. 22 with version 70. "We intend to remove Extended Validation (EV) indicators from the identity block (the left hand side of the URL bar which is used to display security/privacy information)," Hofmann said.

Other browsers have already ditched the EV signs. Apple's Safari, for example, dropped the company name last year with version 12, the one packaged with macOS 10.14, aka Mojave; Safari still slaps a coat of green on the URL, though. Microsoft's "full-Chromium" Edge eschews any EV indicator.

Mobile browsers have usually done without EV extras in the address bar because of space issues, as in they have none to spare. Some of those which have - Safari in iOS, say - later removed it.

Opera Software's Opera, however, mimics Firefox's company-name-in-green, even though that browser is built atop the same engines as Chrome.

"EV is now really, really dead," said security professional Troy Hunt, in an Aug. 13 post to his personal blog. "The claims that were made about it have been thoroughly debunked and the entire premise on which it was sold is about to disappear."

Hunt, noted for creating and maintaining the "Have I Been Pwned?" website, first called EVs' demise in September 2018 when he wrote, "Their usefulness has now descended from 'barely there' to 'as good as non-existent,'" also on his blog.

"The writing might have been on the wall a year ago, but the death warrant is now well and truly inked with both Chrome and Firefox killing it stone cold dead," Hunt said Tuesday.

This story, "Chrome, Firefox to expunge Extended Validation cert signals" was originally published by Computerworld.