{"id":9146,"date":"2017-09-07T08:10:12","date_gmt":"2017-09-07T16:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/07\/news-2919\/"},"modified":"2017-09-07T08:10:12","modified_gmt":"2017-09-07T16:10:12","slug":"news-2919","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/09\/07\/news-2919\/","title":{"rendered":"Google reminds website owners to move to HTTPS before October deadline"},"content":{"rendered":"

Credit to Author: Malwarebytes Labs| Date: Thu, 07 Sep 2017 15:36:57 +0000<\/strong><\/p>\n

With the release of Chrome v62 in less than 3 months, Google will begin marking non-HTTPS pages with text input fields\u2014like contact forms and search bars\u2014and all HTTP websites viewed in Incognito mode as “NOT SECURE” in the address bar.\u00a0The company has started sending out warning emails to web owners in August as a follow-up to an announcement by Emily Schechter<\/a>, Product Manager of Chrome\u00a0Security Team, back in April.<\/p>\n

Google began marking sites in\u00a0Chrome v56<\/a>, which was issued in January of this year. They targeted HTTP sites that collect user passwords and credit card details.<\/p>\n

For owners to secure the information being shared among their visitors and their web server, they must start incorporating an SSL certificate<\/a>. Failing to do this is risky for both parties: sites that allow the sending of information in clear text may also allow its exposure through the\u00a0Internet.<\/p>\n

Ms. Schechter also provided website owners with a handy guide on how to enable HTTPS<\/a> on their servers. An additional\u00a0guideline on how to avoid the “NOT SECURE” warning on Chrome<\/a> is also available for web developers.<\/p>\n

Looking at the way things are panning out, we can be confident that HTTPS will be the norm in no time. However, this doesn’t mean that all sites using SSL certificates can and should be trusted.<\/p>\n

Google intended to separate phishing<\/a> sites from legitimate ones with the marking of insecure sites, as Help Net Security\u00a0noted<\/a>\u00a0in an article. Unfortunately, the introduction of new browser versions capable of flagging sites also promptly introduced more phishing sites using HTTPS<\/a>. We’ve been seeing examples of this in the wild, as well, the latest of which was an Apple phishing campaign<\/a>.<\/p>\n

Discerning phishing pages from the real ones has\u00a0become more challenging than ever. This is why it’s important for users to familiarize themselves with other signs that they might be on a phishing page apart from the lack of SSL certificates. Fortunately, users don’t have to look far from the address bar when they want to double-check that they’re on the right page before entering their credentials or banking details. Keep in mind the following when scrutinizing URLs and other elements around it:<\/p>\n