"HTTPS conversion" of the site globally advances to a big turning point


BySean MacEntee

Secure Internet communication by encrypting the content of communicationHTTPSWe are moving forward with correspondence to the whole world. Mr. Troy Hunt, a security-related expert, said the situation of change will rapidly increase in this situationTipping pointOf the total.

Troy Hunt: HTTPS adoption has reached the tipping point
https://www.troyhunt.com/https-adoption-has-reached-the-tipping-point/

Mr. Hunt first monitors the traffic of the Internet in October 2016Mozilla TelemetryShows the change in the tide by citing the page request sent via HTTPS exceeding 50% of the total.


The blue line of the graph shows the ratio of requests via HTTPS, which shows that the overall trend shows an upward trend of upward trend. However, although it is certain that this is one remarkable point, it is not always necessary to pay attention to that "half of all sites are receiving requests via HTTPS". That's why most of the traffic is for major class sites like Facebook, Twitter, Gmail. Nonetheless, it seems that it is a tough fact that the flow to HTTPS is born as a trend.


Data that supports such a trend is also made public. Analyzing traffic on the netAlexaWe periodically investigate how much of the websites on the net redirect users' access from HTTP to HTTPS. As a result, as shown in the graph below, it is clear that the redirect ratio once in the 6% range has increased to 18.4% in February 2017. Here you can see that it is a situation of rising upwards more than the graph above.


In addition, security measures at the browser level are being promoted is also one of recent trends. Mr. Hunt is investigating the actual condition of various sites and proposing correspondence, and it explains by example of Qantas Airlines of the airline.


Mr. Hunt on Qantas Airlines siteFrequent Flyer ProgramI tried to login to my account, and the message "Not Secure" appears on the URL bar. Mr. Hunt says, "I clearly sell fight for Qantas!" Although he is Mr. Hunt, it is important to reveal the fact that sufficient security has not been provided on the account login page. Please note that this screen was accessed with Chrome 56.


Furthermore, Mr. Hunt who makes public the screen when accessing with Firefox 51. In the case of Firefox, a key mark with a red diagonal line is shown next to the URL and it is obvious that it is not secure. If such a condition is exploited, it is a routine means of hackingMan-in-the-middle attack(Man - in - the - Middle: MitM) as a stepping stone.


In another case, Mr. Hunt is referring to the time when he connected to Wi-Fi provided at the hotel's accommodation. When I launched a browser and tried to access CNN's site, it took redirect processing ......


The hotel Wi-Fi login page was displayed. In such a case, the cookie information sent to the site of CNN at the beginning will be redirected to another place, which means that privacy is at risk. Meanwhile, the other site on the left of the CNN tab is in a state where HTTPS connection is in progress, the connection is stopped halfway and transmission of data including privacy information is stopped.


According to Mr. Hunt's research, it seems that many sites including New York Times, Ars Technica, The Next Web, etc. are completing HTTPS compliance. These sites are sites that announced completion of HTTPS compliance in January 2017.


Also, while there are voices saying "HTTPS is slow", in fact the speed itself is improving as well. A site that can compare the speed difference between HTTP connection and HTTPS connection "HTTP vs HTTPSAlthough you can check the difference between the two when accessing, in some cases HTTP connection may be slower in some cases as follows.


In this way, it seems to be said that promoting HTTPS compliance is becoming established as the tide of the whole web.

Related Posts:

in Security, Posted by darkhorse_log