Google txog kev hloov txoj hauv kev los ua cov ntsiab lus sib xyaw ntawm nplooj ntawv qhib ntawm HTTPS. Yav dhau los, yog tias muaj cov khoom ntawm nplooj ntawv qhib los ntawm HTTPS uas tau thauj khoom los ntawm tsis muaj kev zais (ntawm http:// raws tu qauv), qhov taw qhia tshwj xeeb tau tshwm sim. Nyob rau hauv lub neej yav tom ntej, nws tau txiav txim siab los thaiv kev thauj khoom ntawm cov peev txheej zoo li no. Yog li, nplooj ntawv qhib ntawm "https://" yuav tau lees tias tsuas muaj cov peev txheej rub tawm los ntawm kev sib txuas lus ruaj ntseg.
Nws tau sau tseg tias tam sim no ntau dua 90% ntawm qhov chaw qhib los ntawm Chrome cov neeg siv HTTPS. Lub xub ntiag ntawm cov khoom ntim uas tsis muaj encryption tsim kev nyab xeeb los ntawm kev hloov kho cov ntsiab lus tsis muaj kev tiv thaiv yog tias muaj kev tswj hwm kev sib txuas lus (piv txwv li, thaum txuas ntawm qhib Wi-Fi). Cov ntsiab lus sib xyaw ua ke tau pom tias tsis muaj txiaj ntsig thiab ua rau tus neeg siv dag zog, vim nws tsis muab qhov kev ntsuam xyuas meej ntawm kev ruaj ntseg ntawm nplooj ntawv.
Tam sim no, hom kev phom sij tshaj plaws ntawm cov ntsiab lus sib xyaw, xws li cov ntawv sau thiab iframes, twb raug thaiv los ntawm lub neej ntawd, tab sis cov duab, cov ntaub ntawv audio thiab cov yeeb yaj kiab tseem tuaj yeem rub tawm ntawm http://. Los ntawm cov duab spoofing, tus neeg tawm tsam tuaj yeem hloov cov neeg siv taug qab cov ncuav qab zib, sim siv qhov tsis zoo hauv cov duab processors, lossis ua yuam kev los ntawm kev hloov cov ntaub ntawv hauv daim duab.
Kev taw qhia txog kev thaiv kev thaiv yog muab faib ua ob peb theem. Chrome 79, tau teem rau lub Kaum Ob Hlis 10th, yuav muaj qhov chaw tshiab uas yuav tso cai rau koj los cuam tshuam kev thaiv rau cov chaw tshwj xeeb. Qhov kev teeb tsa no yuav raug siv rau cov ntsiab lus sib xyaw uas twb tau thaiv lawm, xws li cov ntawv sau thiab iframes, thiab yuav raug hu los ntawm cov ntawv qhia zaub mov uas poob qis thaum koj nyem rau ntawm lub cim xauv, hloov qhov taw qhia yav dhau los rau kev cuam tshuam kev thaiv.
Chrome 80, uas xav kom Lub Ob Hlis 4, yuav siv cov phiaj xwm muag muag rau cov ntaub ntawv audio thiab video, txhais tau tias tsis siv neeg hloov pauv ntawm http:// txuas nrog https://, uas yuav khaws cia ua haujlwm yog tias cov khoom muaj teeb meem tseem tuaj yeem siv tau ntawm HTTPS . Cov duab yuav txuas ntxiv mus thauj khoom yam tsis muaj kev hloov pauv, tab sis yog tias rub tawm ntawm http: //, nplooj ntawv https:// yuav tso saib qhov ntsuas kev sib txuas tsis ruaj ntseg rau tag nrho nplooj ntawv. Txhawm rau hloov pauv mus rau https lossis thaiv cov duab, cov chaw tsim khoom yuav tuaj yeem siv CSP cov khoom hloov kho-tsis ruaj ntseg-thov thiab thaiv-tag nrho-sib xyaw-cov ntsiab lus. Chrome 81, teem rau lub Peb Hlis 17, yuav pib kho http:// rau https:// rau cov duab sib xyaw.
Tsis tas li ntawd, Google hais txog kev koom ua ke rau hauv ib qho ntawm cov kev tshaj tawm tom ntej ntawm Chome browser ntawm tus tshiab Password Checkup tivthaiv, yav tas los hauv daim ntawv . Kev sib koom ua ke yuav ua rau pom qhov tshwm sim hauv Chrome tus password tus thawj coj ntawm cov cuab yeej rau kev txheeb xyuas qhov kev ntseeg tau ntawm cov passwords siv los ntawm tus neeg siv. Thaum koj sim nkag mus rau hauv txhua qhov chaw, koj tus ID nkag mus thiab lo lus zais yuav raug tshuaj xyuas tawm tsam cov ntaub ntawv ntawm cov nyiaj tsis txaus siab, nrog cov lus ceeb toom pom yog tias pom muaj teeb meem. Daim tshev yog nqa tawm tawm tsam cov ntaub ntawv npog ntau dua 4 billion tus account uas tau tshwm sim hauv cov neeg siv cov ntaub ntawv xau. Kev ceeb toom tseem yuav tshwm sim yog tias koj sim siv cov passwords tsis tseem ceeb xws li "abc123" (los ntawm Google 23% ntawm cov neeg Asmeskas siv cov password zoo sib xws), lossis thaum siv tib lo lus zais ntawm ntau qhov chaw.
Txhawm rau tswj kev tsis pub lwm tus paub, thaum nkag mus rau API sab nraud, tsuas yog thawj ob bytes ntawm hash ntawm tus ID nkag mus thiab tus password raug xa mus (tus hashing algorithm yog siv. ). Tag nrho hash yog encrypted nrog tus yuam sij generated ntawm tus neeg siv sab. Tus thawj hashs nyob rau hauv Google database kuj tseem encrypted thiab tsuas yog thawj ob bytes ntawm hash yog sab laug rau indexing. Qhov kev pov thawj zaum kawg ntawm hashes uas poob rau hauv kev sib kis ob-byte ua ntej yog ua tiav ntawm tus neeg siv sab uas siv cryptographic technology "", nyob rau hauv uas tsis muaj leej twg paub cov ntsiab lus ntawm cov ntaub ntawv raug kuaj. Txhawm rau tiv thaiv cov ntsiab lus ntawm cov ntaub ntawv ntawm cov nyiaj tsis txaus ntseeg tau txiav txim siab los ntawm brute quab yuam nrog kev thov rau cov lus hais ua ntej, cov ntaub ntawv xa mus yog encrypted nyob rau hauv kev sib txuas nrog tus yuam sij tsim los ntawm kev txheeb xyuas kev sib txuas ntawm tus ID nkag mus thiab lo lus zais.
Tau qhov twg los: opennet.ru