Protect Google Chrome against Logjam Vulnerability



Determine if you're vulnerable to the Logjam Attack - go to https://weakdh.org/ with your chrome browser and see if you get a blue bar (good) or a red one (bad).

When I tried this Firefox was OK, Google Chrome was not.

I fixed this by editing /usr/bin/google-chrome and adding the --cipher-suite-blacklist parameter.

 # Make sure that the profile directory specified in the environment, if any,
# overrides the default.
if [[ -n "$CHROME_USER_DATA_DIR" ]]; then
  # Note: exec -a below is a bashism.
  exec -a "$0" "$HERE/chrome" --user-data-dir="$CHROME_USER_DATA_DIR" --cipher-suite-blacklist=0xcc15,0x009e,0x0039,0x0033 "$@"
else
  exec -a "$0" "$HERE/chrome" --cipher-suite-blacklist=0xcc15,0x009e,0x0039,0x0033 "$@"
fi

as shown above.

 https://cc.dcsec.uni-hannover.de/ will tell you which ciphers your browser currently supports.

Comments

Post a Comment

Popular posts from this blog

Hit failing alternator with a hammer to confirm diagnosis of failing alternator due to bad brushes

Hitting something with a hammer often feels good but does nothing useful. Here's one case where it actually helps. On my 2004 Ford Explorer the alternator light came on. I brought it to the auto parts store and they put a volt meter on it. The alternator needs to put out a voltage that is higher than the battery's full charged voltage in order to properly function - somewhere in the 14 volt range. Mine came in low - probably below 13.5 volts. So the guy at the auto parts store took a rubber mallet to the alternator and just briefly, for a period of 10 seconds or maybe less the voltage jumped up into the normal range before falling back to where it was before. This confirmed the diagnosis of a bad alternator in general and worn brushes in particular. The brushes are spring loaded, are located in the are a wearable item and must make contact with the fixed part of the alternator. Tapping the alternator with the hammer temporarily changes spatial relationships between the brushes ...
Read more

alternatives --install gets stuck: failed to read link: No such file or directory

Alternatives utility gets stuck doing install. Fedora 17 x86_64. Removing the /var/lib/alternatives/javaws file resolved the issue (for me). # alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_07/jre/bin/javaws  20000 failed to read link /usr/bin/javaws: No such file or directory # ls /usr/bin/javaws ls: cannot access /usr/bin/javaws: No such file or directory # ls -al /var/lib/alternatives/javaws -rw-r--r--. 1 root root 105 Sep 22 11:39 /var/lib/alternatives/javaws # rm /var/lib/alternatives/javaws rm /var/lib/alternatives/javaws rm: remove regular file `/var/lib/alternatives/javaws'? y # alternatives --install /usr/bin/javaws javaws /usr/java/jdk1.7.0_07/jre/bin/javaws  20000 # which javaws /bin/javaws # ls /usr/bin/javaws /usr/bin/javaws # ls -al /var/lib/alternatives/javaws -rw-r--r--. 1 root root 65 Sep 22 11:50 /var/lib/alternatives/javaws # cat /var/lib/alternatives/javaws auto /usr/bin/javaws /usr/java/jdk1.7.0_0...
Read more

Using SSH, SOCKS, tsocks, and proxy settings to create a simultaneous "dual use" work/home computer

The Problem: Allow one linux workstation to be simultaneously used for both work and non-work purposes so that work and non-work traffic are segregated. The Requirements: I would like to be able to use the following applications in the corporate environment VNC Web (typically Google Chrome but potentially other browsers as well) Email - IMAP, SMTP, LDAP using Thunderbird IM - pidgin As already mentioned here the corporate network has an SSH server that you authenticate and connect to and from there you can reach the other corporate network resources. I would like non-work related traffic to bypass the corporate network - this is mostly web traffic but might also include things like Spotify, yum updates, and other assorted tasks. Finally it would be nice (but not essential) to wrap all this up in a handy GUI operation or series of operations. The Environment:  Fedora Core 16 (x86_64) and Gnome 3. The Solution:  Use SSH, SOCK...
Read more