Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha


Chrome now brands plain old HTTP “not secure”

Written by  Jul 24, 2018
Since February, Google has planned to brand non-HTTPS sites as "Not Secure," and today, with Chrome 68, that change is being rolled out to a wide audience.

With the change, every site now gets a label in its address bar: "Secure" if the site is loaded over HTTPS, "Not Secure" otherwise. In September, Google will make another change and remove the "Secure" label, marking the transition to a world where secure HTTP is the default rather than the exception.

Most major online sites and services do now support and default to HTTPS. Correctly configured, servers should redirect any attempt to access a page over insecure HTTP to secure HTTPS, ensuring that a site cannot be intercepted or tampered with. However, Troy Hunt—creator of the Have I Been Pwned service—has found that a number of popular sites can still serve content insecurely.

Image of Nintendo Switch - Neon Red/Neon Blue

Nintendo Switch - Neon Red/Neon Blue

£279.99 Buy Now at Amazon

Sometimes we include affiliate links to help fund the website and we do receive a small commission. At no extra cost to you, the prices remain the same.

Sometimes this is because a site doesn't redirect at all from HTTP to HTTPS; other times it can be more subtle, such as certain pages allowing HTTP even when the site is otherwise configured correctly. This includes some very high traffic domains, such as Chinese search engine baidu.com, Twitter's URL shortener t.co, and the BBC's international website bbc.com. Whatever the cause of these misconfigurations, the result is that even though they're normally served securely, a bad or malicious link could result in someone visiting the sites insecurely.

There are even some sites with a completely broken configuration. For instance, the UK's Daily Mail, dailymail.co.uk, is presently using an incorrect certificate for its SSL version, meaning that only the insecure version is available.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Daily Steals Free Shipping!

IT Security News UK

cyber News

  1. Popular
  2. Trending