News Posts matching #HTTP

Return to Keyword Browsing

The Internet is Becoming QUIC - New HTTP/3 Protocol Improves UDP, Increases Internet's Responsiveness

As the internet evolves and becomes more of the organic, ever-evolving system that it has been coming towards, there is a need to leave behind old protocols that have served us well - but that are now standing in the way of progress. It's always like that with (but not limited to) technology, and now, it's time for TCP's (Transmission Control Protocol) review. The idea is for it to make way for its leaner, faster cousin with some upgrades: the Google-proposed - and meanwhile much-altered by IETF, the Internet Engineering Task Force - QUIC (Quick UDP Internet Connections).

QUIC has been built upon UDP (User Datagram Protocol), which is leaner than TCP, but lacks some much-needed features for a safe Internet. UDP doesn't incorporate Reliability (knowledge of missing data from the origin point), or Order (meaning that data is received in the order it is transmitted), things that TCP does include, right alongside Error-correction (detection of in-transit corruption of data).

Google To Integrate "Not Secure" Tag in Websites Sans HTTPS

Google has been one of the more vocal advocates of a HTTPS-based web, and the company is mounting an offensive of sorts that aims to push web page managers to adopt the more secure protocol. Starting July of this year, with Chrome 68, the Google web browser will start marking all non-HTTPs websites as "Not secure", thus warning users of heightened security risks. From the way Google is doing this, it seems the company hopes users that see the "Not secure" badge on web pages will start gradually choosing other options for their web surfing habits - HTTPS-enabled options, ideally - and thus force page managers to upgrade their security to stem the leaving user base.

Google has some interesting bullet points as it pertains to the adoption of HTTPS; they say that over 68% of Chrome traffic on both Android and Windows is now protected; over 78% of Chrome traffic on both Chrome OS and Mac is now protected; and that 81 of the top 100 sites on the web use HTTPS by default (which this editor would personally expect to be closer to 100 out of 100, but there are just some websites that really can't be moved). In the blog post announcing the change, Google engineers also bring attention to the company's Lighthouse utility, which automagically scans web pages for non-HTTPS elements, highlighting them, and noting those that can easily and painlessly be converted to their secure, HTTPS equivalent - which in some cases, might even enable more powerful tools.

Taking Hold of Your Signal - Critical Flaw Discovered in WPA2 Wi-Fi Security

Researchers have recently discovered a critical flaw that affects all WPA2 protected Wi-Fi devices. This can't be remedied solely by user intervention, or password changes, or even by the usage of HTTPS website; this is a flaw with the core of WPA's protection scheme, and means that an attacker could intercept every single traffic data point that your device sends over Wi-Fi, including passwords, credit card details, images - the whole treasure trove. Adding insult to injury, it's even possible for attackers using this method to inject malware into your devices. The new attack method - dubbed KRACK for Key Reinstallation Attack - basically forces your device's encryption code to default to a known, plain-text all-zero decryption key, which is trivial for hackers to reuse.

Adding to the paranoia, this is basically a device and software-agnostic attack - it's effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. HTTPS isn't the best solution either, simply because some website's implementation of it isn't the best, and there are scripts (such as SSLScript) that can force a website to downgrade its connection to a simple HTTP link - which can then be infiltrated by the attacker.

Chrome 62 Really Won't Like "HTTP" Sites When In Incognito Mode

As part of Google's push towards a safer, HTTPS-encrypted web, the Chrome browser will begin marking any HTTP site as non-secure when a user browses in incognito mode. Incognito is the Chrome browser's enhanced privacy mode, which goes a long way in explaining why Google sees non-HTTPS sites as a non-secure place to visit. Save some network metadata, encrypted HTTPS connections keep the contents of the communications between the user and a web server hidden from outside parties - in normal circumstances, that is. The company is already marking HTTP web-pages that accept credit card details as not-secure, and starting October this year, the browser will do the same on every HTTP site in which the user has to input data, and for every HTTP page browsed in Incognito mode.

Interestingly, Google has advanced that traffic to pages it has marked "Not Secure" has dropped by 23%, which goes to show that such policies do impact a user's decision on whether or not to establish such a connection. In addition, Google started scrambling its search engine algorithm so as to feature HTTPS sites more prominently than sites that don't. This means that websites that see diminishing visitors should be more inclined towards a adopting the more secure, encrypted HTTPS. And in an era where every scrap of our information is deemed worthy of at least being stored and resold, I find it commendable that Google thinks every piece of information should be secured, instead of just our payment information - which even that isn't always secure.
Return to Keyword Browsing