Google, the developer of the Chrome Internet browser, is in the midst of beefing up precautions to protect users from falling prey to fraudulent websites masquerading as legitimate websites.
In connection with these changes, Vanderbilt Health Informatics Technologies and Services (HITS) is asking Chrome users, including those who access Vanderbilt clinical applications via the Web, to be on the lookout for yellow or red caution messages.
“If a caution appears when you use Chrome to visit a website hosted by Vanderbilt or any of its partners, please contact the Medical Center Help Desk at 615-343-HELP,” said Eric Boehme, director of application development for the Medical Center. (615-343-4357 also works for contacting the Help Desk.)
According to Boehme, 90 percent of all websites use what is known as SSL encryption, which includes an algorithm called SHA-1 to ensure that users are accessing real websites and not ones created by hackers.
SHA-1 is now considered to be too weak to appropriately protect websites and is being replaced by SHA-2. Google has a migration plan that aggressively forces all websites that support Chrome to make significant changes. This work is underway at Vanderbilt in a collaborative effort between HITS and Vanderbilt University Information Technology.
Boehme said Google, starting with Version 39 of the Chrome browser, has started to warn users when they access websites that have not moved to the new algorithm. Microsoft, with its Internet Explorer browser, has taken a less stringent approach, waiting until 2017 to drop support for SHA-1.
For more information, contact the Help Desk at 615-343-HELP or 615-343-4357.
