HTTPS News, Articles and Updates

Threats in SSL traffic rocket by 30 percent

While the use of HTTPS encryption is on the rise, the same is unfortunately true of attackers using it to mask their operations, according to a new report.

Google will label all HTTP sites 'not secure' starting in July 2018

Google recently announced that the Chrome browser will soon start flagging every site not using HTTPS encryption as "not secure."

New Phishing scam combines FedEx and Google Drive to lure victims

Several universities and more than 20 companies have been hit with malware whose creators are using several layers of subterfuge to camouflage their phishing attack by taking advantage of a few trusted brand names.

Mozilla says more traffic now encrypted than not

The web firm Mozilla claims that despite it's failings, the use of HTTPS by web users is still preferable to them not doing so.

GDS boosts government security with HTTPS/HSTS and DMARC

The Cabinet Office's Government Digital Service has mandated that all UK government agencies should be using HTTPS and DMARC to increase their online defences.

Cloudflare looks to TLS 1.3 to secure internet

Amongst various security features, cloud-provider Cloudflare looks to TLS 1.3 to secure internet.

Google to start encryption shaming

Google will start shaming websites for not encrypting connections between the user and the site itself by telling users exactly when they are visiting HTTP sites

2 Minutes On: DROWNing in SSL2 connection requests - the web's latest large-scale vulnerability

One of the latest large scale web vulnerabilities, dubbed DROWN (Decrypting RSA with Obsolete and Weakened Encryption), again targets SSL.

WordPress sets up default HTTPS encryption for custom domains

WordPress has turned on HTTPS encryption for every custom domain hosted on WordPress.com. The publishing platform started working with the certificate authority Let's Encrypt to launch a beta rollout of HTTPS earlier this year.

Researchers manage to derive user info from HTTPS

Researchers have demonstrated how encrypted comms traffic can be used to extract data on users' operating systems, browsers and applications.

Mathletics coding error provokes security upgrades

A coding error that transmits children's login details has been discovered in the mathematics e-leaning platform, Mathletics

Encryption increasingly used to hide attacks, says new report

Dell's new threat report adds further evidence to support the observation that attackers are increasingly hiding activity within HTTPS.

Nine percent of HTTPS hosts on the web "share the same private keys"

Stefan Viehböck, senior security consultant at SEC Consult, examined 4000 devices from 70 vendors and found widespread reuse of private keys.

Free automated open encryption certification launches in September

Describing itself as the first free and automated certificate authority, Let's Encrypt, launches on 14 September.

Google to encrypt most ads from June

Google has announced that it plans to encrypt most ads placed on the search engine from this summer, in a big to combat growing malvertising attacks.

'Freak' SSL flaw affects mobile browsers, thousands of websites

Security researchers have discovered the latest SSL/TLS vulnerability, which leaves around 12 percent of all websites open to MiTM attacks and potential data loss.

Son of Superfish, Lenovo bloatware variants start to surface

There are as many as a dozen variants of the Superfish bloatware found last week on Lenovo laptops, it has been discovered.

Prime minister wrong on encryption say experts

Prime minister David Cameron's perceived criticism of encryption technologies has prompted a staunch defence from the information security community.

'Let's Encrypt' aims to drive adoption of HTTPS

Some of the world's biggest security companies are working together to develop 'Let's Encrypt' - a new certificate authority (CA) offering free and automatically renewable HTTPS web encryption.

Rogue Tor exit node injects malware into downloaded binaries

A security researcher has discovered a 'bad' Russia-based Tor exit node which was being used to inject malware into downloaded binary files.

Website encryption boosted by Google promotion of HTTPS

The latest change in Google's search engine optimisation (SEO) algorithm looks set to boost the uptake of encryption for websites by rating sites using HTTPS higher than those with HTTP.

Internet of Things - Top Ten concerns

Mark O'Neill suggests that his top ten potential vulnerabilities of the Internet of Things (IoT), need to be considered now, before mass deployment.

HTTPS: not as secure as previously thought?

Tapping Gaussian functions to analyse which HTTPS pages are being accessed exposes website usage.

Google announces deployment of 2048-bit SSL certificates

Google has announced that it is to strengthen its SSL certificates, implementing 2048-bit certificates.