Google has announced today that it is adjusting its all-important indexing system to favor HTTPS pages over the HTTP versions of the same page. The tweak is more than certain to encourage web administrators and website runners to embrace HTTPS by default for their websites.
Google figures among the companies that has long been a proponent for encryption and better user security.
In 2008, Google provided Gmail users the option to always use HTTPS. In 2010, Google followed up its earlier offering by switching over to HTTPS by default for Gmail along with its encrypted search offering that could be switched on by Google search users. 2011 saw Google enable forward secrecy, [...]
A recent study by an independent security firm analyzing over 4000 embedded devices such as routers, modems, IP cameras, VoIP phones and IPs reveal an industry-wide practice of sharing the same HTTPS server certificates and Secure Shell Host (SSH) keys.
According to a study conducted by researchers at security firm SEC Consult, vast swathes of shared HTTPS certificates and SSH keys could potentially allow malicious attackers to snoop in and listen in to encrypted traffic accessed by millions of devices and its users.
Studying the firmware in over 4000 embedded devices across 70 vendors, the researchers specifically looked into cryptographic keys. These keys include [...]
Readers may be surprised to read that there are still websites that use the deprecated, insecure HTTP protocol to authenticate user access. As reported here, the dating website Match.com is one of them. But an even bigger userbase than that is Ning, the site that allows anyone to create a social network.
Standard HTTP communications provide absolutely no data security. Anyone can analyze packets sent over HTTP using easily-available tools like Wireshark to obtain passwords, credit card numbers, and other sensitive data in cleartext. The HTTPS protocol makes up for this lack of security by layering itself on top of the secure SSL/TLS cryptographic protocol. HTTPS is already used by many sites that handle sensitive information such as PayPal and Gmail. However, most of the internet still operates over HTTP, and Google Chrome hopes to change that.
The Chrome Security Team has proposed that browsers gradually start marking all HTTP traffic as non-secure. All popular web browsers [...]