Two experiences this week reminded me of a very important principle for improving the quality of software… if you see something, say something. And the best way to do that is to file a bug. Something Weird? File a bug! The first case was last Thursday, when a user filed a bug in Chrome’s trackerContinue reading “File the Bug”
Author Archives: ericlaw
Using Fiddler With iOS 10 and Android 7
If you’ve tried to use Fiddler with iOS10 beta or Android 7 Nougat, you have probably found that HTTPS decryption isn’t working, even if you use the latest Fiddler and the Fiddler Certificate Maker add-on. Unfortunately, at the moment both platforms are broken, but for different reasons. In both cases, the client will fail toContinue reading “Using Fiddler With iOS 10 and Android 7”
Test post
Here’s an image from a server with a LetsEncrypt certificate.
Cheating Authenticode, Redux
Back in 2014, I explained two techniques that have been used by developers to store information in Authenticode-signed executables without breaking the signature, including information about the EnableCertPaddingCheck registry flag that can be set to break the technique1. Recently, Kevin Jones pointed out that Chrome’s signed installer differs on each download, as you can seeContinue reading “Cheating Authenticode, Redux”
TLS Fallbacks are Dead
Just over 5 years ago, I wrote a blog post titled “Misbehaving HTTPS Servers Impair TLS 1.1 and TLS 1.2.” In that post, I noted that enabling versions 1.1 and 1.2 of the TLS protocol in IE would cause some sites to load more slowly, or fail to load at all. Sites that failed toContinue reading “TLS Fallbacks are Dead”