March 13, 2018
With 4 months to switch on HTTPS, are web hosting companies ready?
By Mark Stockley
Like it or not, if your website isn’t using HTTPS (the encrypted version of the web’s HTTP protocol) by July then you’re likely to lose traffic.
That’s because in July 2018 Google Chrome, the world’s most popular browser, will start warning users that web pages served over HTTP are not secure (they aren’t).
This isn’t an empty threat, Chrome has been turning the screw on HTTP for a number of years and Google Search already gives sites with HTTPS a boost in its search rankings. You should expect other browsers to follow Chrome’s lead.
In other words, if you’re buying web hosting you’re going to want HTTPS. I wondered if the major web hosting companies were standing by, ready to help.
TLS/SSL
Turning on HTTPS means installing an SSL certificate. (These days they’re actually TLS certificates but the old term, SSL, has stuck and it’s the one the hosting industry uses, so I’ll be using it for the rest of this article.)
With four months to go before Google starts warning users about HTTP being insecure, I wanted to see if the big web hosting companies are making it easy for new customers to dodge this bullet.
I wanted to know what a new, non-technical customer would be faced with: are the hosting companies using terms that buyers spooked by Chrome’s deadline might have seen – terms like SSL, TLS or HTTPS; is SSL now mandatory or opt-out by default in their hosting packages; and what, in a world where free SSL certificates are easily obtained, are the hosting companies charging for SSL?
In short – does the path of least resistance lead non-technical customers to a site protected by HTTPS?
Read more at https://nakedsecurity.sophos.com/2018/03/12/with-4-months-to-switch-on-https-are-web-hosting-companies-ready/
Fake news travels faster than truth on Twitter, and we can’t blame bots
By Lisa Vaas
People would rather spread juicy lies rather than the truth, according to new research from the Massachusetts Institute of Technology (MIT).
Last week, in a writeup of the research, Science reported that claims that are demonstrably false – as in, tweets related to news that had been investigated by six independent fact-checking organizations, including PolitiFact, Snopes and FactCheck.org – are 70% more likely to be retweeted. Bogus claims about politics spread further than any other category of news included in their analysis.
Must be those meddlesome bots, eh? That’s what the researchers preliminarily assumed. But it turned out that it was humans, relishing new (false) information that they hadn’t seen before. The team arrived at its conclusion by using bot-detection technology to weed out social media shares generated by bots.
Even without the busybody bots, fake news still spread at about the same rate and to the same number of people. Specifically, the researchers had found that truth rarely reached more than 1000 Twitter users. The most outlandish fake news, on the other hand, routinely reached well over 10,000 people.
One example was the false reports about the boxer Floyd Mayweather wearing a Muslim headscarf and challenging people to fight him at a Donald Trump rally during the 2016 US presidential election. It originated on a sports comedy website, catching fire as people took it seriously. Fairy tales such as the Mayweather concoction routinely reach over 10,000 Twitter users.
Soroush Vosoughi, a data scientist at MIT, told Science that it was the viral posts after the Boston Marathon bombings – posts that spread rumors about a missing Brown University student thought to be a bombing suspect (he later turned out to have committed suicide for reasons unrelated to the bombing) – that really brought home to him what an effect fake news can have on real lives.
[That’s when I realized] that these rumors aren’t just fun things on Twitter, they really can have effects on people’s lives and hurt them really badly.
If we can’t blame bots for fake news going viral, his team thought, perhaps it has to do with how many followers a disseminating account has?
Read more at https://nakedsecurity.sophos.com/2018/03/12/fake-news-travels-faster-than-truth-on-twitter-and-we-cant-blame-bots/
FBI: we don’t want a backdoor; we just want you to break encryption
By Lisa Vaas
“We’re not looking for a ‘back door'” that breaks encryption, the FBI said on Wednesday. Don’t even know what that is, really, said director Christopher Wray: He thinks it’s some type of “secret, insecure means of access” – is that right?
No, that’s not what the FBI is after, he said during a speech (here are his prepared remarks) at the Boston College/FBI Boston Conference on Cyber Security.
Rather, what law enforcement wants is a secure means to access evidence on devices once they’ve shown probable cause and have a warrant, he said. How that gets done is up to you smart people in technology, the “brightest minds doing and creating fantastic things.”
I’m open to all kinds of ideas. But I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens.
You’ve got to hand it to Wray: his tone was far more flattering – “brightest minds?” nice! – than when FBI forensic expert Stephen Flatley called Apple a bunch of “jerks” and “evil geniuses” for encrypting iPhones.
Read more at https://nakedsecurity.sophos.com/2018/03/12/fbi-we-dont-want-a-backdoor-we-just-want-you-to-break-encryption/