Chrome Security Team Proposes Marking HTTP Sites As 'Non-Secure'

Status
Not open for further replies.

spdragoo

Expert
Ambassador
The problem is that you only need an "https" site if you're going to be logging into it: online banking, online billpay, email, social networks, etc.

If all you're doing is visiting a site to read articles or reference information, then you don't need a "secure" website, because you're not logging into an account that needs to be secured.
 

dennisfyfe

Distinguished
Jul 19, 2010
20
0
18,520
The problem is that you only need an "https" site if you're going to be logging into it: online banking, online billpay, email, social networks, etc.

If all you're doing is visiting a site to read articles or reference information, then you don't need a "secure" website, because you're not logging into an account that needs to be secured.

Might help to read the ENTIRE article.

"After the Snowden revelations, we know that HTTP is indeed non-secure, and spy agencies from all over the world can not only intercept and spy on that HTTP traffic, but they can also send malware through it."
 

dthx

Distinguished
Mar 31, 2010
183
0
18,680
The problem is that you only need an "https" site if you're going to be logging into it: online banking, online billpay, email, social networks, etc.

If all you're doing is visiting a site to read articles or reference information, then you don't need a "secure" website, because you're not logging into an account that needs to be secured.

Might help to read the ENTIRE article.

"After the Snowden revelations, we know that HTTP is indeed non-secure, and spy agencies from all over the world can not only intercept and spy on that HTTP traffic, but they can also send malware through it."
It is equally easy to send malware through an https website than through an http website. In fact, in many cases, it even further increases your chances of getting the malware delivered to the right computer as the encryption makes it impossible for some firewalls to analyze the traffic (SSL interception is possible on decent firewalls but often not configured in many companies).
I understand that SSL makes spoofing more difficult, but don't tell me that government agencies have no possibility to obtain the certificates they need for their mission ;-)
 
G

Guest

Guest
Wait what? Is there any reason why a read-only portfolio site for example, needs HTTPS?
As someone said above, best get handing out those certificate's Google, that stuff's expensive.
 

mradamdavies

Reputable
Dec 18, 2014
1
0
4,510
This is retarded. I really don't like the direction in which Chrome is moving. The following statement makes no sense at all... "we know that HTTP is indeed non-secure" Kind of a non sequitur. HTTPS doesn't ensure security but is one aspect thereof. They should focus on marking compromised sites and not targeting those that can't afford to, or prohibited by technical limitations.

Should my comment have been Tom's Hardware isn't HTTPS?!?!?!?!?1one... OMG, I got haxored!"
 
Status
Not open for further replies.

TRENDING THREADS