[ZDnet] Google: Mark HTTP pages as insecure - Overclock.net - An Overclocking Community

Forum Jump: 

[ZDnet] Google: Mark HTTP pages as insecure

Reply
 
Thread Tools
post #1 of 21 (permalink) Old 12-17-2014, 09:37 AM - Thread Starter
I took this profile pic
 
Thready's Avatar
 
Join Date: Jan 2013
Location: St. Louis, Missouri, USA
Posts: 3,940
Rep: 136 (Unique: 107)
http://www.zdnet.com/article/google-mark-http-pages-as-insecure/
Quote:
On the Chromium Security web site, Google has put out a proposal for comment that user agents, such as web browsers, should flag all plain HTTP web pages as insecure.

Google has been taking an assertive and aggressive stance on advancing the use of SSL/TLS on the Internet and in strengthening those protocols. In 2014 alone they have:

Accelerated the schedule for retiring support for SSLv3, a version we now know to be insecure by design
Pushed for a quicker deprecation of the SHA-1 hash algorithm in favor of SHA-2
Introduced their own methods of checking for certificate revocation, arguing that standard methods are broken
They have even suggested that they will boost search engine rankings for sites which use HTTPS

The article goes on to explain the difference between HTTP and HTTPS and gives stats on the number of each on the net. What's funny is that I've been building for a while and I know a lot about how to protect myself (or so I thought), but I only learned about how HTTPS is more secure from reading a personal finance textbook in college like 3 years ago.

Instagram @patrickmcguirkphotos & @mcguirk.patrick @patrickmcguirkportraits
Psychology grad student, computer hobbyist, self taught photographer
I'm really funny but I don't know when to stop.
I took my profile pic.
Zen
(17 items)
CPU
i5-6600k
Motherboard
Gigabyte Z170XP-SLI
GPU
RX Vega 56
RAM
24 GB DDR4 2133MHz
Hard Drive
Samsung 850 evo NVME 256 GB
Hard Drive
Samsung Evo 1 TB
Hard Drive
Crucial MX 500 256GB
Hard Drive
WD Black 3 TB
Hard Drive
Toshiba 3 TB
Hard Drive
Seagate 3 TB
Power Supply
Antec Earthwatts 650
Operating System
Windows 10
Monitor
Asus mx27a
Monitor
hp 2009 m
Keyboard
Corsair MR Brown
Mouse
Razer Naga
Audio
Soundblaster Omni
▲ hide details ▲
Thready is offline  
Sponsored Links
Advertisement
 
post #2 of 21 (permalink) Old 12-17-2014, 09:40 AM
New to Overclock.net
 
Pip Boy's Avatar
 
Join Date: May 2010
Location: Space
Posts: 5,749
Rep: 232 (Unique: 167)
OCN is insecure tongue.gif

Pip Boy is offline  
post #3 of 21 (permalink) Old 12-17-2014, 09:42 AM - Thread Starter
I took this profile pic
 
Thready's Avatar
 
Join Date: Jan 2013
Location: St. Louis, Missouri, USA
Posts: 3,940
Rep: 136 (Unique: 107)
Quote:
Originally Posted by Pip Boy View Post

OCN is insecure tongue.gif

I never realized that. Maybe an admin should look at this thread then.

Instagram @patrickmcguirkphotos & @mcguirk.patrick @patrickmcguirkportraits
Psychology grad student, computer hobbyist, self taught photographer
I'm really funny but I don't know when to stop.
I took my profile pic.
Zen
(17 items)
CPU
i5-6600k
Motherboard
Gigabyte Z170XP-SLI
GPU
RX Vega 56
RAM
24 GB DDR4 2133MHz
Hard Drive
Samsung 850 evo NVME 256 GB
Hard Drive
Samsung Evo 1 TB
Hard Drive
Crucial MX 500 256GB
Hard Drive
WD Black 3 TB
Hard Drive
Toshiba 3 TB
Hard Drive
Seagate 3 TB
Power Supply
Antec Earthwatts 650
Operating System
Windows 10
Monitor
Asus mx27a
Monitor
hp 2009 m
Keyboard
Corsair MR Brown
Mouse
Razer Naga
Audio
Soundblaster Omni
▲ hide details ▲
Thready is offline  
Sponsored Links
Advertisement
 
post #4 of 21 (permalink) Old 12-17-2014, 09:49 AM
Linux Lobbyist
 
Rookie1337's Avatar
 
Join Date: Nov 2008
Location: /dev/random
Posts: 8,555
Rep: 389 (Unique: 296)
Quote:
Originally Posted by Thready View Post

I never realized that. Maybe an admin should look at this thread then.

I think the important question is whether there is or could be the potential for sensitive information on the website. Not everything has to be HTTPS and locked down. But, I definitely think something that was like a smart "Hey, we noticed this site asking for credit cards and isn't using any security." pop-up or overlay would be fine.

I do wonder...what is google's gain from pushing this? Do they have access to making money somehow through the forcing of this beyond assuming that it would lead to more users?
Rookie1337 is offline  
post #5 of 21 (permalink) Old 12-17-2014, 09:49 AM
New to Overclock.net
 
Shrak's Avatar
 
Join Date: Dec 2011
Location: Nixers / Reddit
Posts: 10,323
Rep: 605 (Unique: 370)
Quote:
Originally Posted by Thready View Post

I never realized that. Maybe an admin should look at this thread then.

I searched for why OCN didn't use SSL a while ago and either admin or chipp said it wasn't needed for a forum such as this. I think that post was in 2009 though, and now... there's really no reason to not have a secure login, even for just a forum.

Might look for that thread...


EDIT:

https://www.overclock.net/t/857705/https-ssl-connection/10#post_11209928
https://www.overclock.net/t/600692/a-secure-overclock-net-https#post_7528139
Shrak is offline  
post #6 of 21 (permalink) Old 12-17-2014, 09:52 AM - Thread Starter
I took this profile pic
 
Thready's Avatar
 
Join Date: Jan 2013
Location: St. Louis, Missouri, USA
Posts: 3,940
Rep: 136 (Unique: 107)
Quote:
Originally Posted by Shrak View Post

I searched for why OCN didn't use SSL a while ago and either admin or chipp said it wasn't needed for a forum such as this. I think that post was in 2009 though, and now... there's really no reason to not have a secure login, even for just a forum.

Might look for that thread...


EDIT: https://www.overclock.net/t/857705/https-ssl-connection/10#post_11209928

Many people put their Twitter and Facebook info on their profile and it's just a problem waiting to happen.

Instagram @patrickmcguirkphotos & @mcguirk.patrick @patrickmcguirkportraits
Psychology grad student, computer hobbyist, self taught photographer
I'm really funny but I don't know when to stop.
I took my profile pic.
Zen
(17 items)
CPU
i5-6600k
Motherboard
Gigabyte Z170XP-SLI
GPU
RX Vega 56
RAM
24 GB DDR4 2133MHz
Hard Drive
Samsung 850 evo NVME 256 GB
Hard Drive
Samsung Evo 1 TB
Hard Drive
Crucial MX 500 256GB
Hard Drive
WD Black 3 TB
Hard Drive
Toshiba 3 TB
Hard Drive
Seagate 3 TB
Power Supply
Antec Earthwatts 650
Operating System
Windows 10
Monitor
Asus mx27a
Monitor
hp 2009 m
Keyboard
Corsair MR Brown
Mouse
Razer Naga
Audio
Soundblaster Omni
▲ hide details ▲
Thready is offline  
post #7 of 21 (permalink) Old 12-17-2014, 09:54 AM - Thread Starter
I took this profile pic
 
Thready's Avatar
 
Join Date: Jan 2013
Location: St. Louis, Missouri, USA
Posts: 3,940
Rep: 136 (Unique: 107)
Quote:
Originally Posted by Rookie1337 View Post

I think the important question is whether there is or could be the potential for sensitive information on the website. Not everything has to be HTTPS and locked down. But, I definitely think something that was like a smart "Hey, we noticed this site asking for credit cards and isn't using any security." pop-up or overlay would be fine.

I do wonder...what is google's gain from pushing this? Do they have access to making money somehow through the forcing of this beyond assuming that it would lead to more users?

This may be a stretch but I think Google's trying to beef up security all around because if a website out there doesn't have this security and that website had some business with Google, it might be a legal issue for Google if anything happened.

Instagram @patrickmcguirkphotos & @mcguirk.patrick @patrickmcguirkportraits
Psychology grad student, computer hobbyist, self taught photographer
I'm really funny but I don't know when to stop.
I took my profile pic.
Zen
(17 items)
CPU
i5-6600k
Motherboard
Gigabyte Z170XP-SLI
GPU
RX Vega 56
RAM
24 GB DDR4 2133MHz
Hard Drive
Samsung 850 evo NVME 256 GB
Hard Drive
Samsung Evo 1 TB
Hard Drive
Crucial MX 500 256GB
Hard Drive
WD Black 3 TB
Hard Drive
Toshiba 3 TB
Hard Drive
Seagate 3 TB
Power Supply
Antec Earthwatts 650
Operating System
Windows 10
Monitor
Asus mx27a
Monitor
hp 2009 m
Keyboard
Corsair MR Brown
Mouse
Razer Naga
Audio
Soundblaster Omni
▲ hide details ▲
Thready is offline  
post #8 of 21 (permalink) Old 12-17-2014, 09:59 AM
New to Overclock.net
 
Shrak's Avatar
 
Join Date: Dec 2011
Location: Nixers / Reddit
Posts: 10,323
Rep: 605 (Unique: 370)
Quote:
Originally Posted by Thready View Post

This may be a stretch but I think Google's trying to beef up security all around because if a website out there doesn't have this security and that website had some business with Google, it might be a legal issue for Google if anything happened.

I doubt it's a liability or legality issue.

Cloudflare recently changed to having free SSL certs a few months back;

http://arstechnica.com/information-technology/2014/09/cloudflare-gives-internet-a-present-free-no-hassle-universal-ssl/

As well as a few others, so there's really no reason to not have SSL anymore. In a mobile world today where we're connecting to many different connections ( Starbucks, McDonalds, friends, comcast hotspots, etc ) having a secure connection is nice.
Shrak is offline  
post #9 of 21 (permalink) Old 12-17-2014, 10:03 AM - Thread Starter
I took this profile pic
 
Thready's Avatar
 
Join Date: Jan 2013
Location: St. Louis, Missouri, USA
Posts: 3,940
Rep: 136 (Unique: 107)
Quote:
Originally Posted by Shrak View Post

I doubt it's a liability or legality issue.

Cloudflare recently changed to having free SSL certs a few months back;

http://arstechnica.com/information-technology/2014/09/cloudflare-gives-internet-a-present-free-no-hassle-universal-ssl/

As well as a few others, so there's really no reason to not have SSL anymore. In a mobile world today where we're connecting to many different connections ( Starbucks, McDonalds, friends, comcast hotspots, etc ) having a secure connection is nice.

Well I don't know then I was just spitballing. It just seems that Google is more security conscious now and maybe they're doing it to cover themselves.

Instagram @patrickmcguirkphotos & @mcguirk.patrick @patrickmcguirkportraits
Psychology grad student, computer hobbyist, self taught photographer
I'm really funny but I don't know when to stop.
I took my profile pic.
Zen
(17 items)
CPU
i5-6600k
Motherboard
Gigabyte Z170XP-SLI
GPU
RX Vega 56
RAM
24 GB DDR4 2133MHz
Hard Drive
Samsung 850 evo NVME 256 GB
Hard Drive
Samsung Evo 1 TB
Hard Drive
Crucial MX 500 256GB
Hard Drive
WD Black 3 TB
Hard Drive
Toshiba 3 TB
Hard Drive
Seagate 3 TB
Power Supply
Antec Earthwatts 650
Operating System
Windows 10
Monitor
Asus mx27a
Monitor
hp 2009 m
Keyboard
Corsair MR Brown
Mouse
Razer Naga
Audio
Soundblaster Omni
▲ hide details ▲
Thready is offline  
post #10 of 21 (permalink) Old 12-17-2014, 10:07 AM
Retired Staff
 
Join Date: Nov 2006
Location: NJ
Posts: 65,144
Rep: 4426 (Unique: 2045)
Quote:
Originally Posted by Rookie1337 View Post

I do wonder...what is google's gain from pushing this? Do they have access to making money somehow through the forcing of this beyond assuming that it would lead to more users?
Correct, more confident usage of the Internet means more users and applications.

To answer most of your questions: (1) a fridge cannot cool a PC (2) 64-bit OS for over 3.4GB (3) If a PCIe card fits, it should work (4) Resolution, not screen size (5) Report, not respond to Spam (6) Single-Rail/Non-Modular PSUs are not always better than Multi-Rail/Modular (7) Sequential does not matter as much as random for OS drives (8) Requirements come before hardware for servers

DuckieHo is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off