U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Mozilla Fundation, a step toward to full HTTPS implementation

The Mozilla Foundation is starting the operations to phase the HTTP connections in the Firefox browser according to “encrypt the Web” movement. According to roadmap defined by the Mozilla Foundation, the organization has started the process to move toward full HTTPS enforcement in Firefox browser In November 2014 the Electronic Frontier Foundation (EFF) and other firms, […]

Mozilla Fundation, a step toward to full HTTPS implementation

The Mozilla Foundation is starting the operations to phase the HTTP connections in the Firefox browser according to “encrypt the Web” movement.

According to roadmap defined by the Mozilla Foundation, the organization has started the process to move toward full HTTPS enforcement in Firefox browser

In November 2014 the Electronic Frontier Foundation (EFF) and other firms, including Cisco, Mozilla, Akamai, Identrust launched a new organization called Let’s Encrypt with help from researchers at the University of Michigan.

The organization will provide free HTTPS certificates to every website that will move to HTTPs.

The announcement of Mozilla is very important considering that its Firefox product accounts for between 12 and 22 percent of the browser market share if we count the different versions.

Mozilla still hasn’t provided any indication on the timeline for the exclusive adoption of the HTTPs protocol. The only news available on the roadmap is that Firefox will provide a date for the full adoption of HTTPS connections and that once defined this date the organization will begin making existing features incompatible with insecure HTTP websites.

HTTPs traffic Analysis 2

The expert considers the path very complicated because Mozilla will have to cut off existing features for HTTP connections gradually.

“We’re also already considering softer limitations that can be placed on features when used by non-secure sites,” explained security lead Richard Barnes. “For example, Firefox already prevents persistent permissions for camera and microphone access when invoked from a non-secure website.  There have also been some proposals to limit the scope of non-secure cookies.”

Principal security firms have announced similar initiatives to promote the adoption of encryption on a global scale. Google recently announced that websites implementing HTTPs will be favorited by the giant of search engines, which has also announced the adoption of encryption mechanisms also for its ad services.

Pierluigi Paganini

(Security Affairs – HTTPs, Encryption)