Seek and Destroy Non-Secure References Using the moarTLS Analyzer

tl;dr: I made a Chrome Extension that finds security vulnerabilities.It’s now available for Firefox too! To secure web connections, TLS-enabling servers is only half the battle; the other half is ensuring that TLS is used everywhere. Unfortunately, many HTTPS sites today include insecure references that provide an network-based attacker the opportunity to break into theContinue reading “Seek and Destroy Non-Secure References Using the moarTLS Analyzer”

On Daylight Savings Time

In Fiddler, the Caching tab will attempt to calculate the cache freshness lifetime for responses that lack an explicit Expires or Cache-Control: max-age directive. The standard suggests clients use (0.1 * (DateTime.Now – Last-Modified)) as a heuristic freshness lifetime. An alert Fiddler user noticed that the values he was seeing were slightly off what he expected: sometimes the valuesContinue reading “On Daylight Savings Time”

Out-of-Memory is (Usually) a Lie

The most common exception logged by Fiddler telemetry is OutOfMemoryException. Yesterday, a Facebook friend lamented: “How does firefox have out of memory errors so often while only taking up 1.2 of my 8 gigs of ram?” This morning, a Python script running on my machine as a part of the Chromium build process failed with aContinue reading “Out-of-Memory is (Usually) a Lie”

Things I’ve Learned in my first weeks on Chrome

This is a stub post which will be updated periodically. It would be impossible to summarize how much I’ve learned in the last six weeks working at Google, but it’s easy to throw together some references to the most interesting and accessible things I’ve learned. So that’s this post. Developing Chrome Searching the code isContinue reading “Things I’ve Learned in my first weeks on Chrome”