One step further towards a better encrypted internet: HTTPS vs HTTP

With its latest release of version 68, the Chrome browser is now labelling as "Not Secure" all HTTP (unencrypted) websites.

As stated on their security blog Google explains that:

"For the past several years, we've moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we've also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as "Not Secure"

The Chrome 68 omnibox will now show the "Not Secure" label for all HTTP pages, instead of the small "i" icon. This label will not only highlight the unsecured nature of the HTTP pages but will also push publishers to move over to HTTPS from HTTP.

To help drive adoption of a more secure internet, AdSecure is adding a new detection feature on its platform: "SSL non-compliant". This new feature will help ad-platforms and publishers detect HTTPS banner tags which are loading HTTP resources that lead to generating mixed content errors on the publishers' websites. Such a problem can cause information leakage, hence the importance of monitoring ad tags.

Here are the different elements AdSecure checks when analyzing the banner tags for SSL compliance:

  • Ensuring that the SSL and certificate version match
  • Flagging suspicious certificates: expired, revoked, untrusted (based on CA), self-signed
  • Checking mixed-content for externally loaded resources (scripts, css, img, etc…)
  • Detecting invalid CAs
  • Verifying protocol and cipher strength to reduce the risk of information leakage

AdSecure provides next-gen defenses that protect publishers and ad platforms against a wide range of attacks. To test how AdSecure can help your organization detect, investigate and respond to advanced malvertising attacks, sign up for a free trial.

Recommended Posts