Security warnings will appear on the Daily Mail website today, if visitors are using the latest version of Google Chrome browser.
It is one of the many sites the browser will mark it because they don’t use HTTPS – the secure version of the web’s underlying data transfer protocol.
Many sites have opted for this version in order to protect visitors against theft and diversion.
Approximately 20% of the top 500 websites are using the HTTP protocol.
The Hypertext Transfer Protocol (HTTP) defines how data is transmitted over the web. The “S” in HTTPS stands for “Secure” and ensures that the data is encrypted before it travels.
In the UK, many other sites, such as Sky Sports, Argos and Boohoo have not yet adopted the HTTPS protocol.
There is no evidence that one of the sites that have not made the change to HTTPS is currently the subject of attacks that abuse the insecurity of the data.Why does it say that the sites are not secure?
This is because they do nothing to interfere with the transmission of data between you and this web site.
According to statistics gathered by the security researcher Troy Hunt, more than half of all the web of over a million sites returned no HTTPS.
Mr. Hunt has launched a site called WhyNoHTTPS? which lists the world’s most popular web sites that are not in use.
Big names on the list include the Chinese messaging company Tencent QQ, block-building game Roblox, and sports commentator ESPN.Why these warnings appear today?
This is not because anything on these sites has changed. It is because today is the day Google updated to Chrome 68 – which has been changed from flag HTTP only sites.
Google has started the process to warn people about sites that use the HTTP protocol at the beginning of 2017. At the outset, the “Non-secure” warnings were used only on the sites that collected passwords or credit cards. Firefox and Safari, added a similar system on the same time.
Now, all sites that have not changed will be flagged by google Chrome. The other major browser makers should follow soon.
Others – including governments are in the process of joining the push for HTTPS. The united KINGDOM, the National Cyber Security Centre, has recently issued a notice saying that all sites must use the HTTPS protocol.
In addition, the Let’s Encrypt project aims to make it easy for small sites to be adopted by the publication of easy-to-follow guides and tools that simplify the process.
Is my data at risk?
Mr. Hunt, and many other security experts, have demonstrated ways to divert and redirect users if they connect to a site via HTTP.
Without HTTPS, data is effectively broadcast as it travels back-and-forth across the web. There are circumstances that cyber-criminals can exploit to intercept the information, the abuse in order to steal data or insert their own malicious code or advertisements.
It is not clear how many criminals use these methods to trick users and steal data, but several successful campaigns have been identified that the use of these techniques.
There is no suggestion that the sites currently only using HTTP are subject to attacks targeting non-secure data.
Also, many sites are now rapidly adopting the HTTPS protocol as a result of a growing consensus around its use. Mr. Hunt list from the insecurity of the sites are updated regularly, but some sites, such as JustEat and Sage.com, have already adopted the HTTPS protocol.Should I avoid the sites that are marked as non-secure?
No, but beware on those that require you to register or allow you to purchase goods and services through them.
To stay safe, choose a hard to guess password and make sure that your browser and other software on your device is up to date. If there are other methods that you can use for secure transactions, such as two-factor authentication, it could be well worth adopting.
If you run your own web site, and then it became much easier to adopt the technology to help protect the visitors.