Today’s the day that Chrome brands plain old HTTP “not secure”

by
Peter Bright
from Ars Technica - All content on (#3VG5X)
TonyAlter_Flickr_UnlockedPadlock-800x533

Enlarge (credit: Tony Alter / Flickr)

Since February, Google has planned to brand non-HTTPS sites as "Not Secure," and today, with Chrome 68, that change is being rolled out to a wide audience.

With the change, every site now gets a label in its address bar: "Secure" if the site is loaded over HTTPS, "Not Secure" otherwise. In September, Google will make another change and remove the "Secure" label, marking the transition to a world where secure HTTP is the default rather than the exception.

Most major online sites and services do now support and default to HTTPS. Correctly configured, servers should redirect any attempt to access a page over insecure HTTP to secure HTTPS, ensuring that a site cannot be intercepted or tampered with. However, Troy Hunt-creator of the Have I Been Pwned service-has found that a number of popular sites can still serve content insecurely.

Read 2 remaining paragraphs | Comments

index?i=pTVUs5LBaMU:TTCnFi9krfA:V_sGLiPB index?i=pTVUs5LBaMU:TTCnFi9krfA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments