Tag: HTTPS

Facebook Improves Online Security, Upgrades Links to HTTPS

Facebook Improves Online Security, Upgrades Links to HTTPS

Facebook engineer John Millican said earlier this week that the company recently completed its security upgrades to the platform which includes HSTS preloading.   HTTP Strict Transport Security (HSTS) automatically converts HTTP links to HTTPS, which is a more secure protocol that can prevent the exposure of user traffic and Man-in-The-Middle (MITM) attacks. Millican further advised website owners to support HTTPS and enable HSTS, and those looking for a guide can start with Let’s Encrypt, a certificate authority which provides free digital certificates required for enabling HTTPS on website domains. Source: ZDNet

Phishing Sites Now Abusing Extended Validation (EV) Certificates to Gain User Trust

Phishing Sites Now Abusing Extended Validation (EV) Certificates to Gain User Trust

New research released last Wednesday established that Extended Validation (“EV”) SSL certificates may not protect from online fraud and are increasingly being abused to create convincing phishing sites.    Phish Labs said in their report last week that one out of four phishing sites now use HTTPS. In addition to this, researcher Ian Carroll proved that it is fairly easy to obtain an EV SSL certificate using the name of an existing legitimate business when he incorporated a business called “Stripe, Inc.” in Kentucky. While the real company is incorporated in Delaware, browsers would display the identical company name which […]

Federal Agencies Instructed to Ramp Up Cybersecurity Measures

Federal Agencies Instructed to Ramp Up Cybersecurity Measures

In an effort to increase cybersecurity in all areas of the government, the US Homeland Security has instructed federal agencies to use greater web and email security features. According to a binding operational directive, the agencies will be given 3 months to deploy email validation system DMARC on their networks, and 4 months to use HTTPS web encryption. Democratic Senator Ron Wyden lauded the effort, calling it a “good, basic step”. He added that using STARTTLS encryption and DMARC is a cheap, yet effective way to secure one’s email, and he hopes that other government agencies and the private sector […]