• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • HomePage
  • About
  • Structure
  • Schedule
    • First Half of the Semester
      • Week 1: Overview of Course
      • Week 2: TCP/IP and Network Architecture
      • Week 3: Reconnaissance
      • Week 4: Vulnerability scanning
      • Week 5: System and User enumeration
      • Week 6: Sniffers
      • Week 7: NetCat, Hellcat
    • Second Half of the Semester
      • Week 8: Social Engineering, Encoding, and Encryption
      • Week 9: Malware
      • Week 10: Web application hacking, Intercepting Proxies, and URL Editing
      • Week 11: SQL injection
      • Week 12: Web Services
      • Week 13: Evasion Techniques
      • Week 14: Review of all topics and wrap up discussion
  • Assignments
    • Analysis Reports
    • Quizzes & Tests
  • Webex
  • Harvard Coursepack
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Google Chrome To Flag Non-HTTPS Logins, Credit Card Info ‘Not Secure’

September 28, 2016 by Roberto Nogueda 2 Comments

 

So we will be getting the touch and feel of the newest Google browser that will flag “not secured” any non-HTTPS sites that transmit credit cards information and passwords, as of January 2017, called Google’s Chrome 56 browser.

Hypertext Transport Protocol Secured (HTTPS) is a converter for the Web’s lingua franca hypertext transport protocol with encryption from Transport Layer Security (TLS) or secure Socket Layer (SSL) to guarantee the authenticity of a website, it also protects communication between client and server, and obviate man-in-the-middle attacks says Terry Sweeney from InformationWeek Dark Reading magazine.

When a website is loaded over HTTP, someone else on the network can look at or modify the site before it gets to you, since currently Chrome delivers HTTP connections with its neutral indicator, which Google says that it doesn’t reflect the real lack of security.

Net Market Share mentions that Google Chrome is the most widely used browser in the world, with nearly 54% of the combined desktop and mobile user segments as of the month of August.

The main change to users is that eventually the plan is to label all HTTP pages as non-secure, and change the HTTP security indicator to the red triangle that they use for broken HTTPS pages.

http://www.darkreading.com/vulnerabilities—threats/google-chrome-to-flag-non-https-logins-credit-card-info-not-secure/d/d-id/1326921?

Filed Under: Week 05: System and User Enumeration Tagged With:

Reader Interactions

Comments

  1. Noah J Berson says

    October 1, 2016 at 6:14 pm

    Google has the difficult position of balancing user experience with security. If other browsers don’t follow, users may notice they can use a site just fine in their competitor and switch, ignoring the fact that Google is just trying to keep them safe. Google for example could demand two step verification if it knows you own a smartphone but for many they consider security a hassle. I do know another change that Google has started is recommending difficult passwords when you create an account on any websites and offers to remember it for you.

    Log in to Reply
  2. Jason A Lindsley says

    October 2, 2016 at 8:02 am

    I think this is a smart move by Google. Admittedly, I don’t always check to see if HTTPS is used when processing a payment. I usually will if it is a site I’ve never used before, but I like the idea of this added Chrome functionality that will warn me. I also think they should warn users if older, non-secure versions of SSL/TLS are being used by the website. This also creates a risk.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (133)
  • Week 01: Overview (1)
  • Week 02: TCP/IP and Network Architecture (8)
  • Week 03: Reconnaisance (25)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (15)
  • Week 06: Sniffers (9)
  • Week 07: NetCat and HellCat (11)
  • Week 08: Social Engineering, Encoding and Encryption (12)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (12)
  • Week 11: SQL Injection (11)
  • Week 12: Web Services (10)
  • Week 13: Evasion Techniques (7)
  • Week 14: Review of all topics (5)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in