Security Alerts & News
by Tymoteusz A. Góral

History
#1116 HTTPS is not a magic bullet for Web security
We're in the midst of a major change sweeping the Web: the familiar HTTP prefix is rapidly being replaced by HTTPS. That extra "S" in an HTTPS URL means your connection is secure and that it's much harder for anyone else to see what you're doing. And on today's Web, everyone wants to see what you're doing.

HTTPS has been around nearly as long as the Web, but it has been primarily used by sites that handle money—your bank's website, shopping carts, social networks, and webmail services like Gmail. But these days Google, Mozilla, the EFF, and others want every website to adopt HTTPS. The push for HTTPS everywhere is about to get a big boost from Mozilla and Google when both companies' Web browsers begin to actively call out sites that still use HTTP.

The plan is for browsers to start labeling HTTP connections as insecure. In other words, instead of the green lock icon that indicates a connection is secure today, there will be a red icon to indicate when a connection is insecure. Eventually secure connections would not be labeled at all, they would be the assumed default.

Google has also been pushing HTTPS connections by "using HTTPS as a ranking signal," meaning Google takes the security of a connection (or lack thereof) into consideration when ranking sites in search results. For the time being, Google says that HTTPS is "a very lightweight signal... carrying less weight than other signals such as high-quality content." However, the company says that it "may decide to strengthen" this indicator as a means to encourage more sites to adopt HTTPS.
Read more
#1119 Millions of Xiaomi phones at risk of remotely installed malware
#1118 IoT medical devices: A prescription for disaster
#1117 Executive's guide to mobile security (free ebook)
#1116 HTTPS is not a magic bullet for Web security
#1115 Time management tips: How to create meetings that work
#1114 The state of mobile device security: Android vs. iOS
#1113 Industrial cybersecurity threat landscape
#1112 How Poland’s intrusive new spying law could bug world leaders at NATO summit
#1111 The Dropping Elephant – aggressive cyber-espionage in the Asian region
#1110 DroidJack uses side-load. It's super effective! Backdoored Pokemon GO Android app found
#1109 CISSP certification: Are multiple choice tests the best way to hire infosec pros?
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12