Posts Tagged ‘https’

How to Prevent Your ISP from Snooping on You

Thursday, March 30th, 2017

Given recent changes in US internet privacy policies, this article is particularly timely (even though it appears to have been written before the change in policy took place.)

Internet Service Providers may be able to sell your web history in the United States without you giving your consent. The new ruling passed the US Senate and the House of Representatives already, and the last thing standing in its way is the President of the United States.


Chrome 56: HTTP Sites Marked as Not Secure

Thursday, September 8th, 2016

It’s fairly obvious what Chrome is trying to do here; they’re trying to push sites to switch over to the more secure HTTPS communication. That’s an admirable effort, but it also seems like Chrome might be undermining its own credibility by issuing what is essentially a false security alert for existing HTTP sites that are perfectly secure.

Google announced plans today to increase the pressure on sites not yet offering their content over secure https connections. Starting with Chrome 56 Stable, out January 2017, the company plans to list some HTTP sites as not secure in the browser. Chrome uses a neutral listing for non HTTPs sites currently. All sites, HTTP and HTTPS sites with mixed content, fall into that category.


Chrome 53 breaks HTTPS Everywhere

Tuesday, September 6th, 2016

Apparently, Chrome 53 has a problem with HTTPS. If you’ve noticed that some of your extensions are no longer working, here’s what to do …

If you are a Google Chrome user on the stable channel, you may have noticed that some of your extensions stopped working with the update to Chrome 53. While any number of extensions may be affected by this, the issue has been confirmed for HTTPS Everywhere and Privacy Badger.


Google HTTP Search – Yes, It’s Still Possible

Tuesday, October 27th, 2015

It’s debatable how useful this trick might be (especially from a security or privacy standpoint,) but it’s still an interesting trick.

Google began to implement SSL on its search engine back in 2010. First on its own domain name, then as a mandatory feature for logged in Google users, and after a while for all users on the main Google Search website. Workarounds to use HTTP instead of HTTPS on Google Search existed ever since the company began implementing HTTPS on its properties but lately most of them were either retired by Google or switched to use HTTPS instead.


How to Prevent HSTS Tracking in Firefox

Friday, October 16th, 2015

For every step taken to make browsing more secure and private, there are a thousand coders out there, trying to figure out a way around it.

HTTP Strict Transport Security (HSTS) was designed to help secure websites (those using HTTPS) by declaring to web browsers that they should communicate only via HTTPS with the server to protect connections against downgrade attacks and cookie hijacking. Mozilla implemented support for HSTS in its current form in Firefox in 2014 and it has been active in all Firefox versions ever since.


How to Check the Security of Proxy Servers

Thursday, June 25th, 2015

There are very few things in life that are truly free, and when it comes to free proxy services, it’s a good idea to know just what that “free” services actually costs you.

A recent study of 443 free proxy servers by Austrian security researcher Christian Haschek ended with the conclusion that free is not necessarily a good thing, at least when it comes to the majority of proxy servers analyzed in the study. Web proxies come in different flavors but the two groups that you will encounter the most are proxies that you use on web pages and proxies that you add to your browser directly.


Breaking Web – Mozilla Plans to Deprecate Non-Secure HTTP

Monday, May 4th, 2015

Yet another sign that HTTP may soon become a thing of the past …

Mozilla plans to make fundamental changes to the Firefox web browser in regards to non-secure HTTP contents on the web. According to a new post by Richard Barnes on the organization’s security blog, Mozilla plans to make new features only available to secure websites in the future and phase out features for non-secure sites gradually as well.


HTTPS Everywhere 5 Launches with Thousands of New Rules

Monday, April 6th, 2015

The good news is that they’ve also added support for 16 new languages …

HTTPS Everywhere is a browser extension that is published by the Electronic Frontier Foundation that improves privacy and security by enforcing the use of the HTTPS protocol on websites supporting it. It is of specific use when you are connecting to sites or services that support http and https depending on how you access the site and its contents.


Secure your Wireless Router

Tuesday, March 24th, 2015

When I started to read this article, my first thought was, “This is way too basic, most people already know this stuff.” But then I thought again and remembered all of the unsecured wireless routers I’ve run across in the past.

There is no such thing as perfect security. Given enough knowledge, resources, and time any system can be compromised. The best you can do is to make it as difficult for an attacker as possible. That said there are steps you can take to harden your network against the vast majority of attacks. The default configurations for what I call consumer-grade routers offer fairly basic security. To be honest, it doesn’t take much to compromise them. When I install a new router (or reset an existing), I rarely use the ‘setup wizards’. I go through and configure everything exactly how I want it. Unless there is a good reason, I usually don’t leave it as default.