Hello, welcome to the Thursday, January 31st, 2019 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich. I'm recording from Jacksonville, Florida.

Let's start out with browser updates. Today, Google released a new version for Google Chrome, Google Chrome 72, fixes a number

of bugs but also makes a couple of security relevant changes.

First of all, this version of Google Chrome starts the deprecation of TLS 1.0 and 1.1.

Most users won't see a difference yet. You'll only see warnings in the developer

console, but starting early 2020, so about a year from now in Google Chrome 81, Google

TLS 1.0 and 1.1 will be removed all together.

Right? This is likely going to be a problem is things like devices, like web-based cameras and such.

They may not support anything beyond, usually actually TLS 1.0.

In those cases, you may actually be forced then to fall back to HTTP. Another

change to TLS is that public key pinning will be removed and that probably has less

on impact. Few sites have used it in the past. We used it for a while for a Nord-Storm Center.

But the reason it's being removed is that people found it too complex to maintain these

public key pinning headers.

And there was a real chance here of a denial of service and a fairly nasty sort of persistent

denial of service, which is why browsers start removing this feature again.

Another change is the way FTP is being dealt with in Chrome 72.

Now, you'll still be able to see FTP director release things, but if you download a file, it will just be downloaded.

It will not be

rendered inside the browser.

And the second browser, we got an update for today is Firefox.

...