Tag: SSL

HTTPS Update: Google Chrome Displays “Not secure” Warning on More Websites

Posted by Ken Moire & filed under Security.

In January we talked about Google displaying a “Not secure” warning to Chrome users who visit any non-HTTPS web pages that accept passwords or credit card information. Soon, Chrome will display this warning in additional cases, affecting website visitors and site owners.

What To Expect

Coming in October, visitors to any non-encrypted (or non-HTTPS) web page that includes a form or to any non-HTTPS website while browsing in “incognito mode” will receive this warning. This will affect even more sites where search, contact and lead generation forms are prevalent.

Google HTTP Not Secure Warning

Chrome’s HTTP Not Secure Warning

This warning does not necessarily mean the website has been compromised. It is a precautionary move by Google to inform website visitors their browsing and communications are not encrypted.

Why Encrypt

The responsibility for web security belongs to all of us: web developers, website owners, network administrators, hardware and software manufacturers, and of course, users. In this chain, web security is only as good as the weakest link. This latest maneuver by Google, in an effort to make the web a more secure place, highlights the responsibility of site owners to provide safe, secure browsing and online communication for their visitors. For users, it educates them on the risk of using non-HTTPS websites, particularly when collecting personal information.

In light of the recent Equifax hack, it is important for users to know their online communications and personal data are secure. And site owners should take measures to obtain a secure socket layer (SSL) certification and move to HTTPS.

SSL certificates are now more affordable than ever. There are three main methods for securing your site. Domain Validated SSL certificates provide a basic level of encryption, and are relatively easy to implement. Organization Validated (OV) and Extended Validation (EV) SSL certificates require more validation, making them costlier and more complicated to set up.

Talk to your web hosting provider to see what your options are and which solution makes the most sense for your website or application.  

What Happens If You Do Nothing

Having HTTPS is a factor in improving your site’s search rank in Google. Displaying this message to your visitors can have a negative long-term impact on your brand’s trust, and worse, keeps you and your visitors open to potential malicious attacks.

While this change currently only impacts users on Google Chrome, other browsers have historically followed Google’s lead on security issues. Firefox to Microsoft Edge will likely follow suit.

Chrome HTTP “Not Secure” Warning Fixed with SSL

Posted by Ken Moire & filed under Security.

Google, in their latest effort to ramp up security, has begun rolling out changes in its Chrome browser that will alert users when they are visiting any non-encrypted HTTP website. Formerly considered neutral, HTTP websites are now deemed not secure by the browser. If you’re a site owner or developer, this can impact your site’s traffic and trustworthiness.

HTTPS is not the plural of HTTP

When checking your bank account or shopping online, you probably already know to look for the lock icon in your web browser’s address bar. This indicates your client (browser) is passing data to the site with encryption.

By default, a web page is served to the browser using the non-encrypted HTTP protocol. The protocol is the bit found at the beginning of a URL, or web address.

Web address protocol

HTTP is the web protocol

When a site is secure, the protocol changes to HTTPS, which stands for “HTTP over SSL”.  An HTTPS site means that the website operator has secured an SSL (or secure socket layer) certification, and any web traffic passed to that website is encrypted. When using HTTPS, this protocol is often highlighted in the address bar, along with lock icon, to tell users that the connection is encrypted and thus secure.

Until recently, purchasing SSL certificates was expensive and difficult to install, so unless the website provided a login or shopping cart, website operators typically opted not to buy a SSL certificate and relied on HTTP for general web traffic.

Encryption for all!

A lot has changed in the last couple of years, driven in part by high-profile data breaches. In response to the current threat environment, organizations like Let’s Encrypt now provide SSL certificates for free. Furthermore, if your hosting provider uses CPANEL, you are able to use HTTPS instead of HTTP, so there are no reasons to not encrypt your site. Google even rewards HTTPS in search rank – secured sites are deemed more trustworthy by the search giant.

Google is not waiting for developers

Initially, only pages that accept a login or provide a shopping cart will show the alert, but eventually this alert will be displayed site-wide across all HTTP pages.

Chrome-HTTP-warning

The Not secure warning in Chrome

Receiving this alert may be alarming to site visitors who are already skittish about web security, so if you own or operate a website you should get to work implementing a SSL certificate for your website. In web security, we’re only as strong as our weakest link, so this push by Google to encourage all websites to go HTTPS is a step in the right direction.

How To Fix It

Site owners and developers should take immediate steps to implement a SSL certificate to avoid the not secure warning in Chrome. Instructions how to do so can be found here.

Dispatches from the Spry Hive 2014: Week 47

Posted by Ben Scherliss & filed under Tips.

Happy week-leading-up-to-Thanksgiving, everyone. It’s a special, yet nondescript limbo, as the laid-back innocence of the “non-holiday” season has now all but faded away. It is almost that time to dig-in our heels and embrace the inevitable, impending frenzy of gifts, family time and bad movies. But before that, we all get to engorge ourselves in a giant calorie-free feast featuring this week’s Spry Hive.

Startups

Spry Digital was thrilled to be a part of StartUp Connection this week, where some of the best early stage startup ventures in the St. Louis region were showcased. As always, Spry Digital was well-represented in the event’s resource fair, where we showcased examples of our work for startups, that included everything from branding to design and building and marketing web applications. We were all truly encouraged by the diversity of companies we heard from at the event.

At the end of the evening we awarded $1,500 in-kind to Arvegenix, a startup that is revolutionizing agriculture with the development of pennycress. Pennycress is a crop that will grow over winter between the corn-soy rotation thereby providing growers with an additional revenue crop which does not compete for food crop acres. We think you’ll be hearing a lot more about them in the near future. Congrats guys!

Speaking of startups, according to new research, St. Louis, Missouri is actually the fastest growing city in the world for tech startup funding. Dollar growth in the city grew by an impressive 1,221 percent between November 2013 and October 2014. This put St. Louis well ahead of Munich, Germany where funding grew at 728 percent.

The entrepreneurial footprint of St. Louis continues to grow, and as always, we’re honored to help some of the companies that are helping to shape our new economy.

Design

Dutch designer Christian Boer believes he has come-up with a dyslexic-friendly font to make reading easier for people suffering from the disorder. Unlike traditional fonts, his font called “Dyslexie” uses heavy base lines, alternating stick and tail lengths, and larger openings. These things give each character a more recognizable form, which is already being utilized by several large corporations. He’s also made it downloadable for free.

We’re getting such a kick out of these imagined posters for movie sequels. Who wouldn’t want to see Beetlejuice 2, or Bigger Trouble in Little China? It’s just fun. Worth noting and appreciating: the absence of  Police Academy 8.

Tech

Now, this is no small feet. Rather, very tiny ones. High-concept artist Jonty Hurwitz has created the smallest human sculptures ever assembled – too small, in fact, to be seen with the naked eye. Some of these sculptures can be seen standing tall inside the eye of a needle, or even on a human hair. You’ll definitely want to read on to learn just how he does it.

Source: Shortlist.com

Thanks to the Electronic Frontier Foundation, Mozilla, and others, SSL certificates will be free and easy to install, starting summer of next year. At that time, a new initiative called “Let’s Encrypt” will start providing free certificates for any website in need. This, coupled with Google’s recent announcement that using HTTPS will give your site a slight SEO boost, leaves little reason for not securing your website.

After 10 years together, Firefox is breaking-up with Google as it’s default search engine. The browser is leaving Google for a 5-year partnership with Yahoo which will begin this December. Yahoo greatly hopes this marriage will benefit them in their mission to reclaim their former prominence in Web search.

Apps

Hard drives aren’t much different from any closet, basement or attic in the sense that they all fill-up with storage of things we no longer use or need. If you have these issues (that is, being human), take a look at DaisyDisk. We appreciate the visual map that provides a detailed overview of all your Mac’s files and folders.

Social Media

Having “fake” friends has an entirely different meaning in the social media era than it did 20 years ago. In fact, a recent article in the New York Times outlines that many celebrities, politicians and companies often buy fake followers to enhance their perceived popularity online. What’s even more surprising is that many of these fake accounts can even be programmed to retweet certain topics, favorite a tweet or follow anyone who follows them.

Development

Contributing to an open source project can be a struggle. So we love this write-up about on how to contribute to open source without being a [jerk]. A note that the language in the article is a little blue, but the line of thinking is more than noteworthy.

Take a look at RemoteIE, which allows you to test the latest Internet Explorer on Windows, Mac OS X, iOS and Android. It’s a free service from Microsoft, and the key is you’re able to run the latest version of IE on the Windows 10 Technical Preview without the need to run a new OS or heavyweight virtual machine on your device. According to IE’s Program Manager, “We know that developers on Windows 7 want a way to test on the latest builds of IE and that the broader development community is eager to have the latest Internet Explorer available on other platforms”

Could you use another GIT cheatsheet? The people at CodeKarate.com have you covered with this one, which we think fits the bill rather nicely.

Misc

Sticking with the imaginary front, humor us and check out these Superheroes and supervillains reimagined as 16th century aristocrats. You might be taken aback just to how well some of them make the transition. Batman and Wonder Woman somehow appear as if they could fit seamlessly into Game of Thrones. As for The Hulk, well…Um. Hmmm.

We all know it isn’t Thanksgiving until we see tiny hamsters eating a traditional meal. Luckily the crew at Denizen has us covered with this year’s installment. There aren’t any surprising plot twists, which is perfect, as it delivers exactly what we all continue to crave: tiny hamsters eating tiny intricately-prepared meals.


Well, that concludes our big “pre-holiday” meal for this week. Time to stretch-out on that couch and passively watch that football game while passively listening to that uncle of yours talk politics. But we do hope you save-up some room for our next edition. Like the holidays, it will be here sooner than you think.