Despite Chrome’s pending “mark of shame,” 3 major news sites aren’t HTTPS

Despite Chrome’s pending “mark of shame,” 3 major news sites aren’t HTTPS

6 years ago
Anonymous $cyhBy-qkd5

https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/

In February, Emily Schechter, the Chrome Security Product Manager at Google, announced in a blog post that beginning with the release of Chrome version 68, "Chrome will mark all HTTP sites as 'not secure'." This means that Chrome users will see a visible warning next to the Web address for sites using unencrypted HTTP to serve up pages—a warning that Google has been rolling out slowly over the past few months, starting with pages that have forms requesting information.

Chrome 68 ships this month, so the deadline to avoid its "badge of shame" is looming. Some major sites are pressing to beat the deadline—the BBC recently made the move to HTTPS by default for its websites, as BBC News principal software engineer James Donohue recounted in a Medium post on July 6. But other major news sites—including Fox News, Time, and Newsweek—still leave their traffic unencrypted. As a result, they leave their Web content vulnerable to code insertion by Internet service providers or by malicious third parties that manage to place themselves between sites and their readers.

Despite Chrome’s pending “mark of shame,” 3 major news sites aren’t HTTPS

Jul 6, 2018, 9:43pm UTC
https://arstechnica.com/information-technology/2018/07/despite-chromes-pending-mark-of-shame-3-major-news-sites-arent-https/ > In February, Emily Schechter, the Chrome Security Product Manager at Google, announced in a blog post that beginning with the release of Chrome version 68, "Chrome will mark all HTTP sites as 'not secure'." This means that Chrome users will see a visible warning next to the Web address for sites using unencrypted HTTP to serve up pages—a warning that Google has been rolling out slowly over the past few months, starting with pages that have forms requesting information. > Chrome 68 ships this month, so the deadline to avoid its "badge of shame" is looming. Some major sites are pressing to beat the deadline—the BBC recently made the move to HTTPS by default for its websites, as BBC News principal software engineer James Donohue recounted in a Medium post on July 6. But other major news sites—including Fox News, Time, and Newsweek—still leave their traffic unencrypted. As a result, they leave their Web content vulnerable to code insertion by Internet service providers or by malicious third parties that manage to place themselves between sites and their readers.