It is a well-known fact that unprotected HTTP protocol is prone to hijacks, HTTPS provides better security. However, while some web sites support HTTPS protocol, only HTTP is set as default. Some web sites provides HTTPS protocol support but the pages also contain links to unprotected HTTP pages.
Today’s featured browser extension is HTTPS Everywhere, one that forces your Firefox and Chrome web browser to use HTTPS protocol on supported web sites.
HTTPS Everywhere: Auto-rewrite of Requests to HTTPS
HTTPS Everywhere has a Firefox add-on as well as a Chrome extension. What it does is to automatically re-write all requests to unsecured HTTP pages to HTTPS, if HTTPS is supported. Currently over 1400 web sites are supported, on these web sites this tool knows where to enable HTTPS on all supported parts of the site. In other words, HTTPS Everywhere does not create the security features, it only enables them when available, so that you don’t have to find the link to secured log-in or the option to enable HTTPS protocol.
The new Chrome extension is currently in beta version. The Firefox version has one particularly useful feature that is yet to appear in Chrome, Decentralized SSL Observatory. This function, once enabled, detects encryption weaknesses and tells you when you browse a web site with a security vulnerability. In other words, it points out security issued as you surf. This is useful to web surfers as well as web designers who could quickly identify potential security holes.
Official Site: https://www.eff.org/https-everywhere
Some web sites support both HTTP and HTTPS protocols. If you are unsure what they are, a brief explanation is that the HTTP is a network communication protocol that the web uses, and HTTPS is the combination of HTTP and SSL/TLS protocol (something for encrypted communication). In even simpler terms, HTTPS generally gives better data protection.
If you wish to force Chrome to open web sites in https protocol (provided that the web site supports it), apart from installing extensions, here is another method:
- open chrome://net-internals/ in the address bar
- go to the HSTS tab
- under Add domain, enter the domain name which you want Chrome to always open with https protocol (for example, dropbox.com)
- check Include subdomains
If for some reasons you want to cancel this, scroll a bit down on the same page, find the Delete domain section, enter the domain name you want to remove from the https list and click Delete.
source +Andy WU, via Chromi
Currently if you see the above on the address bar, it is a notification by Chrome telling you that the web site you are viewing has mixed scripts.
Since the first Chrome 14 canary release (14.0.785.0) this insecure script blocking feature has been enabled by default.
According to thechromesource, this feature was first found in Internet Explorer. Google copying from Microsoft? Yes.
source Google Online Security Blog, via thechromesource
(Image via Google Chrome Blog)
Google released Chrome 12, the latest version of its popular Chrome browser. Google has been releasing a major update once every 6 weeks (Chrome 10 on 3 Mar and Chrome 11 on 28 Apr).
The first major change is an improvement to the Safe Browsing technology. From now on Chrome would warn you if you are trying to download a malicious file. This is done behind the scene, Chrome or Google does not know the URL you are visiting or the file you download, thus privacy is protected.
Google also added an option to remove data that extensions left, including Flash player (local shared objects, LSO). These flash cookies, if improperly exposed, may let other people know which flash video you have watched or which flash game you have played. In the past removal of these data could only be done through Adobe’s website. It is now enabled in Chrome browser.
The final major change in Chrome is the support for hardware-accelerated 3D CSS. You get “snazzier” experience when browser web pages and using web apps that enabled hard-accelerated 3D effects. You can try it through this experimental web site on Windows Vista or Mac OS X 10.6 or above.
As usual the browser updates itself so users are not required to download this update (unless you are using portable versions created by others).
via Google Chrome Blog