Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Google is bringing HTTPS to all blogspot domain blogs

Google decided to switch on default HTTPS for its free domain service provider Blogspot, the migration will be easy and transparent for the users. After WordPress also Google decided to switch on default HTTPS for its free domain service provider Blogspot. The measure will impact millions of users of the popular platform. Since September 2015 Google had introduced […]

Google is bringing HTTPS to all blogspot domain blogs

Google decided to switch on default HTTPS for its free domain service provider Blogspot, the migration will be easy and transparent for the users.

After WordPress also Google decided to switch on default HTTPS for its free domain service provider Blogspot. The measure will impact millions of users of the popular platform. Since September 2015 Google had introduced HTTPS support for Blogspot domains as an option, now it is announcing the extension to every Blogspot domain blog.
The adoption of encryption will provide more security to the end-users, in the recent months, many companies have pushed the security measures, including WhatsApp and Viber.

In April WordPress announced that it has partnered with the Let’s Encrypt project in order to offer free HTTPS support for all of its users on WordPress.com blogs, that means over 26% of websites based on the most popular CMSs on the web will be secured (Statistics by W3techs).

“As part of this launch, we’re removing the HTTPS Availability setting. Even if you did not previously turn on this setting, your blogs will have an HTTPS version enabled.” Google informed users. “We’re also adding a new setting called HTTPS Redirect that allows you to opt-in to redirect HTTP requests to HTTPS. While all blogspot blogs will have an HTTPS version enabled, if you turn on this new setting, all visitors will be redirected to the HTTPS version of your blog at https://<your-blog>.blogspot.com even if they go to http://<your-blog>.blogspot.com. If you choose to turn off this setting, visitors will have two options for viewing your blog: the unencrypted version at http://<your-blog>.blogspot.com or the encrypted version at https://<your-blog>.blogspot.com”

Google blogspot HTTPS

HTTPS will make impossible for attackers to eavesdrop connections between the user’s browser and web server. The adoption of HTTPS will help visitors to check that they open the correct website and aren’t being redirected to a malicious site, and it helps detect if an attacker tries to change any data sent from Blogger to the visitor.

The HTTP version of the blogs will remain accessible by the users anyway, anyway, that can use the new setting called HTTPS Redirect that redirects HTTP requests to HTTPS. Google implemented the technical implementation in order to avoid forcing its users to use the HTTPS and avoid problems with the bloggers.

Some blogs on Blogspot, in fact, contains “mixed content” such as images and scripts incompatible with the HTTPS protocol. Google intends to support its bloggers by offering tools and porting services to overwhelm the difficulties related to the migration of this mix content.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Blogspot, HTTPS)

[adrotate banner=”12″]