430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Chrome will mark HTTP connections to websites as non-secure from January 2017

From January 2017, Chrome will indicate connection security with an icon in the address bar labeling HTTP connections to sites as non-secure. Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS […]

Chrome will mark HTTP connections to websites as non-secure from January 2017

From January 2017, Chrome will indicate connection security with an icon in the address bar labeling HTTP connections to sites as non-secure.

Google continues its effort to make the web a better place by pushing the adoption of encryption, we left the IT giant in May when it announced the decision to switch on default HTTPS for its free domain service provider Blogspot.

Now Google confirmed that starting from January of 2017 its web browser Chrome will begin labeling HTTP sites that transmit passwords or request the user’s sensitive data (i.e. credit card details) as “Non Secure” to encourage the use of encryption.

A couple of years ago, Google also introduced new rules in its search engine algorithm in order to increase the ranking of websites using the HTTPs protocol.

The company plans to release the Chrome 56 version in January 2017 as reported on the Google Security Blog.

“To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP sites that transmit passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.” states the post published by Google.

google- HTTP connections label

The use of Unencrypted HTTP connection exposes users to the risk of eavesdropping, an attacker could execute a man-in-the-middle attack to intercept data in transit and manipulate it.

Starting from the Chrome 56 release, Chrome will flag HTTP pages as “Not secure” by using a neutral indicator even in the address bar of incognito mode, where uses expert more privacy.

“In following releases, we will continue to extend HTTP warnings, for example, by labeling HTTP pages as “not secure” in Incognito mode, where users may have higher expectations of privacy. Eventually, we plan to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that we use for broken HTTPS.” reads the post.

This summer, Google implemented HTTP Strict Transport Security (HSTS) on the www.google.com domain to protect users and prevent them from navigating using the HTTP protocol.

Google confirmed that more than half of the websites visited by users with its Chrome browser are already encrypted.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Google,  HTTP sites)

[adrotate banner=”5″]

[adrotate banner=”13″]