{"id":15514,"date":"2018-08-29T16:14:24","date_gmt":"2018-08-29T20:14:24","guid":{"rendered":"http:\/\/www.thundercloud.net\/infoave\/new\/?p=15514"},"modified":"2018-08-29T16:14:24","modified_gmt":"2018-08-29T20:14:24","slug":"secure-in-chrome-browser-does-not-mean-safe","status":"publish","type":"post","link":"https:\/\/www.thundercloud.net\/infoave\/new\/secure-in-chrome-browser-does-not-mean-safe\/","title":{"rendered":"Secure in Chrome Browser Does Not Mean Safe"},"content":{"rendered":"

Secure in Chrome Browser Does Not Mean Safe<\/span><\/h1>\n

Many smaller sites, like ours , are being pushed into using secure servers or else be tagged as “dangerous”. Sites that don’t move to SSL \/ TLS (https)\u00a0 secure servers by October will display this warning to Chrome users:<\/span><\/p>\n

\"Cloudeight

<\/span> Starting in October 2018, Chrome users will see the above warning for all sites not running on a secure servers (https:\/\/).<\/span><\/em><\/p><\/div>\n

Currently, users who visit a site not using SSL \/ TLS \/ HTTPS\u00a0 or “secure servers”) see\u00a0 much milder notice like the one shown below:<\/span><\/p>\n

\"Cloudeight<\/span><\/p>\n

In September, because we want to keep our little business, we’re going to have to spend hours and dollars moving to a SSL\/TLS\/HTTPS, even though we don’t need to, because we never ask or or store any personal information. <\/span><\/p>\n

Our forms ask only for a name (can be first only if you like), and email address and information about the service your inquiring about. Any sales we make are made offsite on a secure encrypted server (PayPal). So, our site and you, when you visit us, are perfectly safe the way things are – no SSL\/TLS\/HTTPS (secure server) necessary.\u00a0 And but for Google, we’d be able to continue on with business as usual helping people, fixing computers, etc. But Google has hundreds of billions of dollars and we have very little – so you know who’s going to win the battle. <\/span><\/p>\n

We have no choice; in September will be spending many hours and dollars doing something unnecessary only to appease Google… and it will not make our site or your visits to our site one bit safer.\u00a0<\/span><\/p>\n

That’s not to say that SSL\/TLS\/HTTPS (secure servers ) are not necessary. Banks, Online Stores, Government Websites, Credit Card sites or any sites that ask for sensitive and\/or confidential information should be on secure servers. But mom & pop sites like ours or other small sites and blogs\u00a0 don’t need to be on secure servers. But we’re going to appease Google, need it or not, next month.<\/span><\/p>\n

Google doesn’t want you to know this, but “Secure” does not mean “Safe”. To learn why, please read the following article written by security expert Mark Maunder from Wordfence:<\/span><\/p>\n

\n

\u2018Secure\u2019 in Chrome Browser Does Not Mean \u2018Safe\u2019<\/span><\/h2>\n

Written by Mark Maunder<\/em><\/span><\/p>\n

Google\u2019s Chrome web browser is used by\u00a0over 50% of users<\/a>\u00a0on the web. When you visit a website that is using SSL, otherwise known as HTTPS or TLS, you see a green message in your browser location bar that says \u201cSecure\u201d.<\/span><\/p>\n

\u201cSecure\u201d in Chrome browser does not mean \u201cSafe\u201d. In this post I will explain why in terms that are easy to understand and tell you what to do about it. I\u2019ve written this\u00a0post to be easy to read. I\u2019d like to encourage you to share it with friends and family to help them stay secure.<\/span><\/p>\n

For our technical readers, here is a summary of what we discuss in this post:<\/span><\/p>\n

    \n
  1. We show that\u00a0SSL certificates are being issued by more than one certificate authority (CA) to phishing sites pretending to be Google, Microsoft, Apple and other well-known companies.<\/span><\/li>\n
  2. A valid certificate causes Chrome to show a website as \u201cSecure\u201d.<\/span><\/li>\n
  3. When a certificate is revoked once a CA realizes they should not have issued it, we show that Chrome\u00a0still shows the site as \u201cSecure\u201d. The \u201crevoked\u201d status is only visible in Chrome developer tools.<\/span><\/li>\n
  4. Malicious sites\u00a0that have been issued valid SSL certificates take some time to appear on Chrome\u2019s malicious site list. We show that the\u00a0safe browsing list can not be relied on as a backup mechanism to protect users from malicious sites with valid SSL certificates.<\/span><\/li>\n<\/ol>\n

    What does \u201cSecure\u201d actually mean in Chrome browser?<\/span><\/h3>\n

    In order for a website to be labeled as \u2018Secure\u2019 by Chrome, it needs to set up SSL on its web server. As part of that process, it needs to contact a certificate authority (CA) to get a \u2018certificate\u2019. The CA is supposed to verify that the website owner actually owns the website. This process is called \u2018domain validation\u2019.\u00a0Other than verifying that the domain owner actually owns the website, the CA is not required to do anything else.<\/span><\/p>\n

    In Chrome, when you see \u201cSecure\u201d in your browser location bar, it means that the connection between your browser and the website you are connected to is encrypted. It also means that the person who installed the certificate on the website actually owns the site domain. It does not mean that the domain is \u201cTrusted\u201d, \u201cSafe\u201d, \u201cNot malicious\u201d or anything else…<\/span><\/p><\/blockquote>\n

    Please read the rest of this article here.<\/strong><\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

    Secure in Chrome Browser Does Not Mean Safe Many smaller sites, like ours , are being pushed into using secure servers or else be tagged as “dangerous”. Sites that don’t move to SSL \/ TLS (https)\u00a0 secure servers by October will display this warning to Chrome users: Currently, users who visit a site not using SSL \/ TLS\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":14407,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2574,1433,1,1426,1656,1674],"tags":[344,159,154,156,2626,2627],"_links":{"self":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/15514"}],"collection":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/comments?post=15514"}],"version-history":[{"count":1,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/15514\/revisions"}],"predecessor-version":[{"id":15515,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/posts\/15514\/revisions\/15515"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media\/14407"}],"wp:attachment":[{"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/media?parent=15514"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/categories?post=15514"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.thundercloud.net\/infoave\/new\/wp-json\/wp\/v2\/tags?post=15514"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}