Recommended Agency

text controls: text only | A A A

Find out more about Google's changing stance on secure sites in our latest blog post https://t.co/Jfw1kYy2hR #SSL https://t.co/0s3dYMos6R, posted 4 months ago

RSS feed icon What is RSS?

blog.

articles tagged with: ssl


Displaying all 4 articles

Google's changing stance on secure sites

We posted at the end of last year about Google’s preferential treatment of secure sites and in 2017 they have extended their public warning system a step further. 

 

 

As of January 2017, Google is now clearly marking all websites that do not have an SSL certificate with an information icon (i) that informs the user that the website should not be used for entering personal details (below). 

 

 

 

 

On any pages that do have fields for entering payment details, personal information or passwords but the address is HTTP not HTTPS, this message changes to NOT SECURE with a warning symbol. As you can imagine this can make visitors to websites wary, especially as Google specifies that this information “could be stolen by attackers”. 

 

 

 

 

Chrome plan to eventually display a Not Secure red triangle on all HTTP pages, whether they contain sensitive input fields or not. Ideally all sites will have migrated to HTTPS for all pages by the time this happens.

 

It is not certain how the other market leading browsers will monitor SSL certificate usage but so far it looks as though Firefox, Safari, Internet Explorer and Opera are all rolling out a very similar systems.

 

Although there is no real threat to the user if no information is entered into the website, the only real way to avoid triggering these messages is to acquire an SSL certificate from a reputable supplier, and make sure that any pages that deal with sensitive information (passwords, financial details) are secure. Fortunately this is quite straightforward and not as daunting as it may at first seem.

 

If you’d like to have a chat about SSL changes and what they mean for your website get in touch.

 

You can see Google’s original post on the changes.

You can find out more about SSL, what it means and how it’s monitored
here and here 

Frances Smolinski
Frances

Created on Monday August 21 2017 09:08 AM


Tags: blog google ssl http


Comments [0]








What does SSL mean?

With 2017 seeing Google continue their campaign against insecure web sites (read my blog to find out more), we thought this was a good opportunity to look behind the abbreviations and discover what SSL and HTTPS mean and the impact they have on everyday web site visitors.

1. SSL stands for ‘Secure Sockets Layer.’ In layman’s terms, this is a secure way of sending information over the Internet. Any data transferred 'over SSL' - such as web page content from a server to your browser - gets encrypted prior to being sent over the web for viewing.

2. Many websites use SSL for secure areas of their sites, particularly user accounts and online checkouts. As information is encrypted, the theory is that even if someone unwelcome gets hold of it, they'll be unable to do anything with it.

3. SSL is applied to your website – or parts of your website – by way of a digital certificate, which is purchased and added to your domain to demonstrate its security to users. It also ensures any content from that domain is encypted.

4. When you visit a website whose address starts with ‘https’, the ‘s’ after the ‘http’ indicates the website is secure, and has SSL. You should also see a padlock before the https, like below:

5. SSL keeps personal data such as your name, address or credit card information between you and the merchant who you are sending it to.

6. If you want to find out more information about a site’s security, by clicking the ‘i’ icon, or right-clicking the padlock, you can get more details.

7. Like everything in life, there's a wide range of SSL certificates available and they vary in features and price. Some are free but will require ongoing administration, others are more expensive but offer the tightest security including the strongest encyption algorithms and verification checks. 

SSL is likely to be a hot topic in 2017 with Google's planned warnings for insecure web sites.

If you’d like to know more about SSL, securing your site and how to get an SSL certificate, please get in touch.

Annette Ryske
Annette

Created on Tuesday December 13 2016 01:30 PM


Tags: website google ssl security


Comments [0]








Google and Secure Sites

Google are big believers in HTTPS and SSL - they've been focused on making the web 'more secure' for all of us for some time now. One way in which they do this is to prioritise secure web sites in their search results, and another is showing a site's security status in the address bar within their native browser, Chrome.

2017 will see Google continue this campaign with some significant new features. Early in the year, Chrome will start to display additional security warnings for specific pages on web sites that are not secure – so HTTP, not HTTPS. These warnings will be fairly stark, as shown, and aPicture of Google non-secure warnings you can imagine, not the most reassuring sight for a visitor to your web site.

As time passes, Google have said that their criteria will gradually become stricter and the warnings will also be added to all non-secure pages - the aim is, by some point in 2017, to mark all HTTP sites as ‘non-secure’ with a red security indicator.

This is likely to have considerable impact. Google Chrome currently accounts for 47% of all UK web users, so these warnings are going to be seen by a lot of people. Equally, Google will continue to rank non-secure sites lower in their search results. And history has shown that what Google does, others follow, and we're likely to see a similar approach adopted by other browsers such as Safrari, Firefox and Internet Explorer. 

Web site owners who have or do not move to SSL will suffer not just the effect on web traffic and performance, but there is a risk to jeopardising customer trust.

If your website does not yet have SSL / HTTPS, or you’d like to know more about how to make your website more secure – and therefore more favourable with Google – please get in touch.

Google’s official article about these changes is available on their blog.

You may also like to read my blog which explains what SSL and HTTPS really means.

Annette Ryske
Annette

Created on Tuesday December 13 2016 01:28 PM


Tags: google chrome ssl security


Comments [0]








Heartbleed OpenSSL Vulnerability

Heartbleed OpenSSL Vulnerability

By now, you may have heard of "Heartbleed", a security issue that was announced earlier this week in OpenSSL, which provides the https/SSL security to a significant percentage of the internet's websites (and email services etc.)

It's estimated that Heartbleed affected about 17% of all secure websites at the time of its announcement, and it's a bad issue - it theoretically means that someone can read secure SSL-protected data.

First of all, from a This Is Focus viewpoint, we can confirm that only a very small number of sites we host were ever affected, and those were upgraded within a few hours of the fix's availability - meaning that they're no longer vulnerable. Remember, this issue only affects you if you're running an https:// (SSL) website.

So what does Heartbleed mean? Without going into too much technical detail, it effectively means secure websites were potentially only as secure as non-secure websites - an attacker could see details passing between you and the website whilst they were "in transit" between them.

That's still fairly secure, to be honest - an attacker couldn't see your password unless they were either on the same network as you, your website, or somewhere in between. If you're on your own network (and not, say, on public WiFi), it's still difficult to achieve for a casual attacker - it's only practical for serious, large-scale attackers.

Having said that, the problem has affected a lot of very popular websites - including, but not limited to, Google, Facebook, Yahoo, Dropbox and Pinterest - so it's theoretically possible that someone could have grabbed your passwords for those sites. All those sites have swiftly applied fixes, however. So it's not a bad idea (it's never a BAD idea!) to change your password on those sites, as well as any other sites where you use the same password. (Which ideally, you shouldn't!)

So in summary, everyone should have applied these fixes by now - we have, and all the sites mentioned above have - but it's worth asking/checking if you rely on the security of any other sites.

And this could be a good reminder to change your passwords!

Neil Smith
Neil

Created on Friday April 11 2014 10:10 AM


Tags: website ssl security


Comments [0]