Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Meaningless Drivel Search Coderanch
Advance search Google search
Register / Login
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

chrome marking http as insecure starting july

 
Jeanne Boyarsky
author & internet detective
Posts: 41911
909
I like...
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
Chrome is marking http (vs https) as insecure starting July. I hope this doesn't scare non-technical users too much!
Source

[OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2

 
Stephan van Hulst
Saloon Keeper
Posts: 15620
366
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
It should scare non-technical users, and that's exactly the point. It will force websites that wish their users not to be scared to make their site HTTPS only.
 
Bear Bibeault
Sheriff
Posts: 67748
173
I like...
posted 6 years ago
  • 3
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
My (haven't-really-read-much-about-it) opinion is that it seems a bit heavy-handed. Why should sites that handle no sensitive information be forced to put up with expense and bother of certificates?

[Asking smart questions] [About Bear] [Books by Bear]

 
Stephan van Hulst
Saloon Keeper
Posts: 15620
366
posted 6 years ago
  • 1
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
They shouldn't. But they're not secure. Men in the middle can still serve content that's different from what the server intended to serve. If the end-user is fine with that, they can ignore the "Not secure" label.
 
Stephan van Hulst
Saloon Keeper
Posts: 15620
366
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
Also note that even if the original web page doesn't deal with sensitive information, the man in the middle can inject a page that seemingly does.
 
Stephan van Hulst
Saloon Keeper
Posts: 15620
366
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
As an example, say I have created a website with the goal of informing people about the health risks of some kind of substance, and nothing more. A man in the middle can intercept the request and add a link to a page the spoofs the user's healthcare provider's page, containing a login section that's intended to capture passwords and stuff.
 
Bear Bibeault
Sheriff
Posts: 67748
173
I like...
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
Good point, but it's not something most of my clients with just "meet and greet" pages would worry too much about (and want to shell out $$$ for).

If Google wants to "foster" this on the web, they should be doing something to make certificates less expensive, and a lot less hassle to deal with.

[Asking smart questions] [About Bear] [Books by Bear]

 
Pete Letkeman
Bartender
Posts: 1868
81
I like...
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
I'm not too sure that the cost is that much.
You can get a certificate from RapidSSL, a division of GeoTrust, which itself is a division of Symantec,
for $60 USD a year as seen here https://www.rapidssl.com/buy-ssl/ssl-certificate/.
This should make the "meet and greet" sites secure enough for Chrome not to complain.
At $60 a year is only $5 a month, and many people spend at least that on non essentials each month.
That said using HTTPS does require more from the server hardware and someone does need to install the certificate.

“The strongest of all warriors are these two — Time and Patience.” ― Leo Tolstoy, War and Peace

 
Tim Moores
Saloon Keeper
Posts: 7597
177
posted 6 years ago
  • 1
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
I thought Let's Encrypt essentially makes the cost of certificates go away (for non-commercial). Not so?
 
Pete Letkeman
Bartender
Posts: 1868
81
I like...
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send

Tim Moores wrote:I thought Let's Encrypt essentially makes the cost of certificates go away (for non-commercial). Not so?

Interesting, I did not know about Let's Encrypt before this.

Looks like anyone can use Let's Encrypt

Let's Encrypt Community wrote:Commercial users are welcome to use Let’s Encrypt for commercial and for-profit purposes.
This is an intended use; we don’t have any desire to restrict the use of our services to non-profit or non-commercial purposes.

https://community.letsencrypt.org/t/are-they-limitations-on-who-can-use-lets-encrypt/687/2

I do see one drawback to it, which is that each certificate is only good for 90 days as noted here https://letsencrypt.org/2015/11/09/why-90-days.html.
There is a path for most major servers to automatically renew the Let's Encrypt certificate, simply Google "letsencrypt auto renew yourWebServer" to find guides/info.

“The strongest of all warriors are these two — Time and Patience.” ― Leo Tolstoy, War and Peace

 
Norm Radder
Rancher
Posts: 5008
38
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
Another input:


Chrome’s Plan to Distrust Symantec Certificates


https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
 
Jeanne Boyarsky
author & internet detective
Posts: 41911
909
I like...
posted 6 years ago
  • Number of slices to send:
    Optional 'thank-you' note:
    Send
Isn't $5 a month a lot in some countries?

[OCP 17 book] | [OCP 11 book] | [OCA 8 book] [OCP 8 book] [Practice tests book] [Blog] [JavaRanch FAQ] [How To Ask Questions] [Book Promos]
Other Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, TOGAF part 1 and part 2

 
Don't get me started about those stupid light bulbs.
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...
vceplus-200-125    | boson-200-125    | training-cissp    | actualtests-cissp    | techexams-cissp    | gratisexams-300-075    | pearsonitcertification-210-260    | examsboost-210-260    | examsforall-210-260    | dumps4free-210-260    | reddit-210-260    | cisexams-352-001    | itexamfox-352-001    | passguaranteed-352-001    | passeasily-352-001    | freeccnastudyguide-200-120    | gocertify-200-120    | passcerty-200-120    | certifyguide-70-980    | dumpscollection-70-980    | examcollection-70-534    | cbtnuggets-210-065    | examfiles-400-051    | passitdump-400-051    | pearsonitcertification-70-462    | anderseide-70-347    | thomas-70-533    | research-1V0-605    | topix-102-400    | certdepot-EX200    | pearsonit-640-916    | itproguru-70-533    | reddit-100-105    | channel9-70-346    | anderseide-70-346    | theiia-IIA-CIA-PART3    | certificationHP-hp0-s41    | pearsonitcertification-640-916    | anderMicrosoft-70-534    | cathMicrosoft-70-462    | examcollection-cca-500    | techexams-gcih    | mslearn-70-346    | measureup-70-486    | pass4sure-hp0-s41    | iiba-640-916    | itsecurity-sscp    | cbtnuggets-300-320    | blogged-70-486    | pass4sure-IIA-CIA-PART1    | cbtnuggets-100-101    | developerhandbook-70-486    | lpicisco-101    | mylearn-1V0-605    | tomsitpro-cism    | gnosis-101    | channel9Mic-70-534    | ipass-IIA-CIA-PART1    | forcerts-70-417    | tests-sy0-401    | ipasstheciaexam-IIA-CIA-PART3    | mostcisco-300-135    | buildazure-70-533    | cloudera-cca-500    | pdf4cert-2v0-621    | f5cisco-101    | gocertify-1z0-062    | quora-640-916    | micrcosoft-70-480    | brain2pass-70-417    | examcompass-sy0-401    | global-EX200    | iassc-ICGB    | vceplus-300-115    | quizlet-810-403    | cbtnuggets-70-697    | educationOracle-1Z0-434    | channel9-70-534    | officialcerts-400-051    | examsboost-IIA-CIA-PART1    | networktut-300-135    | teststarter-300-206    | pluralsight-70-486    | coding-70-486    | freeccna-100-101    | digitaltut-300-101    | iiba-CBAP    | virtuallymikebrown-640-916    | isaca-cism    | whizlabs-pmp    | techexams-70-980    | ciscopress-300-115    | techtarget-cism    | pearsonitcertification-300-070    | testking-2v0-621    | isacaNew-cism    | simplilearn-pmi-rmp    | simplilearn-pmp    | educationOracle-1z0-809    | education-1z0-809    | teachertube-1Z0-434    | villanovau-CBAP    | quora-300-206    | certifyguide-300-208    | cbtnuggets-100-105    | flydumps-70-417    | gratisexams-1V0-605    | ituonline-1z0-062    | techexams-cas-002    | simplilearn-70-534    | pluralsight-70-697    | theiia-IIA-CIA-PART1    | itexamtips-400-051    | pearsonitcertification-EX200    | pluralsight-70-480    | learn-hp0-s42    | giac-gpen    | mindhub-102-400    | coursesmsu-CBAP    | examsforall-2v0-621    | developerhandbook-70-487    | root-EX200    | coderanch-1z0-809    | getfreedumps-1z0-062    | comptia-cas-002    | quora-1z0-809    | boson-300-135    | killtest-2v0-621    | learncia-IIA-CIA-PART3    | computer-gcih    | universitycloudera-cca-500    | itexamrun-70-410    | certificationHPv2-hp0-s41    | certskills-100-105    | skipitnow-70-417    | gocertify-sy0-401    | prep4sure-70-417    | simplilearn-cisa    |
http://www.pmsas.pr.gov.br/wp-content/    | http://www.pmsas.pr.gov.br/wp-content/    |