Chrome browser flags Daily Mail and other sites as 'not secure'

Posted BBCnews

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Chrome browser flags Daily Mail and other sites as 'not secure'相关的知识,希望对你有一定的参考价值。

Image caption The latest version of Chrome shows an alert next to web addresses

Security warnings will pop up on the Daily Mail website today if visitors are using the latest version of Google's Chrome browser.

It is one of many sites the browser will flag because they do not use HTTPS - the secure version of the web's underlying data transfer protocol.

Many sites have switched to this version to protect visitors against data theft and hijacking. 

About 20% of the world's top 500 websites are using HTTP.

The HyperText Transfer Protocol (HTTP) defines how data is passed around the web. The "S" in HTTPS stands for "Secure" and ensures that data is encrypted before it travels.

In the UK many other sites, such as Sky Sports, Argos and Boohoo have also not yet adopted HTTPS.

There is no evidence that any of the sites which have not made the change to HTTPS are currently subject to attacks that abuse insecure data.

Why does it say the sites are not secure?

Image caption Many widely used sites are now flagged as "not secure" by Chrome

It's because they do nothing to scramble the data passing between you and that website.

According to statistics gathered by security researcher Troy Hunt, more than half of all the web's top one million sites have not flipped to HTTPS.

Mr Hunt has launched a site called WhyNoHTTPS? that lists the world's most popular websites that are not using it.

The Daily Mail tops his UK list as the busiest site to lack the protective measure.

Big names on the list include Chinese messaging firm Tencent QQ, block-building game Roblox and sports broadcaster ESPN.

Why are these warnings appearing today?

It is not because anything on these sites has changed. It's because today is the day Google updated to Chrome 68 - which has been changed to flag HTTP-only sites. 

Google began the process of warning people about sites that use HTTP in early 2017. Initially the "Not secure" warnings were only used on sites that collected passwords or credit cards. Firefox and Safari added similar systems about the same time.

Now all sites that have not switched will be flagged by Chrome. The other big browser makers are expected to follow soon.

Others - including governments - are joining the push for HTTPS. The UK's National Cyber Security Centre recently issued advice saying that all sites should use HTTPS.

In addition, the Let's Encrypt project aims to make it easy for small sites to adopt it by publishing easy-to-follow guides and tools that simplify the process.

Image copyrightGETTY IMAGES
Image caption Many news and sport websites do not use secure HTTPS connections

Is my data at risk?

Mr Hunt, and many other security experts, have demonstrated ways to hijack and redirect users if they only connect to a site via HTTP.

Without HTTPS, data is effectively broadcast as it travels back and forth across the web. There are circumstances that cyber-criminals can exploit to intercept that information, abuse it to steal data or insert their own code or malicious adverts.

It is not clear how many criminals are using these methods to fool users and steal data, but several successful campaigns have been spotted that use these techniques. 

There is no suggestion that the sites currently only using HTTP are subject to attacks targeting insecure data.

Also, many sites are now rapidly adopting HTTPS as a result of a growing consensus around its use. Mr Hunt's list of insecure sites is regularly updated, but some sites on it, such as JustEat and Sage.com, have already adopted HTTPS.

Should I avoid sites that are flagged as not secure?

No, but you should be wary on those that require you to sign in or which let you buy goods and services through them.

To stay safe, pick a hard-to-guess password and ensure your browser and other software on your device are up to date. If there are other methods you can use to secure transactions, such as two-factor authentication, it could be well worth adopting them.

If you run your own website then it has got a lot easier to adopt the technology to help protect visitors.


以上是关于Chrome browser flags Daily Mail and other sites as 'not secure'的主要内容,如果未能解决你的问题,请参考以下文章

让谷歌浏览器更强大

Chrome browser flags Daily Mail and other sites as 'not secure'

最全的chrome显示www和https方法(全版本)

Chrome 80 调教篇

Chrome 字体模糊解决

python集合