[ad_1]
Last May, Google announced how the default HTTPS option instead of HTTP would be done on its Chrome browser. We learned that Chrome would soon no longer display the Scuris label for HTTPS sites. Instead of a, the browser will systematically stamp all HTTP sites as unsecured. This change reflects Google's constant efforts over the last few years to push the Internet over HTTPS. The least we can say is that this concern that drives the company wants to secure the Internet is shared by more than one. Troy Hunt, an Australian expert known for his awareness-raising activities on safety-related topics, is among those who, like Google, felt that migration to HTTPS is more than necessary.
Indeed, already in January, the Australian expert had explained that the HTTPS option had passed the tipping point and would soon become the norm. His statements seem to be really verifying because since January, the percentage of Web pages charges on HTTPS has increased from 52% to 71%. The proportion of the world's largest million sites redirecting users to HTTPS would also go from 20% to almost 50%. This rather rapid general adoption was motivated by the recrudescence of browsers (mainly Chrome and Firefox), more easily accessible certificates and a growing awareness among Internet users about the risks inherent in unsecured navigation.
The presence of HTTPS or padlock on a website, in this case electronic commerce sites, reassure visitors against phishing scams or malware. Unfortunately, this is not enough to be safe from a scam. A new study indicates that half of phishing scams are now hosted on websites whose internet address includes the padlock and starts with https: //. According to recent data from PhishLabs, a company that helps organizations protect themselves against cyberattacks against their employees and their customers, 49% of all phishing sites in the third quarter of 2018 are in HTTPS next to the site's domain name. phishing as it appears in the browser's address bar. This represents an increase of 25% a year ago and a 35% increase in the second quarter of 2018.
This alarming change is remarkable because the majority of Internet users think that it is necessary to refer to the lock, or the HTTPS, to be sure that it is about a legitimate site. An investigation by PhishLabs last year reportedly found that more than 80% of respondents thought that the green padlock indicated that a website was either legitimate or safe. But it is nothing. Brian Krebs, a US cybersecurity journalist, explains that in fact, the "https: //" part of the address (also called Secure Sockets Layer or SSL) simply means that the data changes between your browser and the site are crypts and can not be read by third parties. The presence of the lock does not mean that the site is legitimate and does not prove that the site has been protected against the intrusion of hackers.
Most of the hijacking sites have already adopted HTTPS. John LaCour, PhishLabs CTO, believes this can be attributed to the continued use of SSL certificates by these sites that register their own domain names and create certificates, as well as a general increase in SSL due to the Google Chrome browser. Now showing Unsafe for websites that do not use SSL. In the end, the presence or absence of SSL does not tell you anything about the legitimacy of a site. Some phishing sites go so far as to create visual confusion about the site address they imitate by taking advantage of internationaliss domain names (IDNs); which is extremely difficult to distinguish in a URL address bar.
Internet users confirm that users have erroneous trust in HTTPS sites because, as long as a browser does not warn them about a site, and has a secure lock, they think it is safe. Some accuse the browsers of these facts by saying that it's not them to force websites to be safe. Others have suggested that the only solution is to make more people aware of this problem.
Source: Blog ticket
And you ?
What do you think ?
What would you suggest to fight phishing sites on the Internet?
How could you guarantee the authenticity of an online website in your opinion?
See as well
The HTTPS protocol in danger? The RCA algorithm that it uses for broken encryption by researchers for SSL / TLS
Why should you migrate your static sites from HTTP to HTTPS? Here are the reasons advanced by a web security expert
Chrome will no longer display the Scuris label for HTTPS connections as of September 2018
[ad_2]
Source link