Comments
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
8/13/2018 | 11:37:53 AM
Re: Internet bullying.
You both make some valid points; but I think the choice of vendors is less free than assumed.  There are certainly restrictions in the corporate and academic environments (some choices are not allowed, others forced - as they are necessary to certain, required, applications).  Even for individuals, many will use the browser best suited to their OS, or will choose to stay with their OS's browser so as not to provide even more data to yet another IT mega-corporation.  Are you going to go through the process of reconfiguring and learning new habits, every time your current browser vendor changes its policies or practices (assuming you'll even be aware of it)?  Maybe "bullying" isn't the right word, but "heavy-handed" - definitely. 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
8/13/2018 | 11:09:44 AM
Re: Who decides?
There are just too many self-serving motivations for any individuals or corporate, political or activist entities, to be trusted with being the guardians of the cyber-universe, to dictate what is or isn't moral, ethical or otherwise acceptable behavior.  Yet, there is a dire need to hold individuals, groups, transient associations and other entities responsible for clear violations of the most fundamental principles of moral and ethical behavior.  Perhaps the problem lies in the tendency to redefine those traditional principles to suit whatever self-serving motivations currently serve us best.     
dmatos123
50%
50%
dmatos123,
User Rank: Apprentice
8/13/2018 | 10:40:08 AM
Re: Internet bullying.
I guess we'll agree to disagree on this.  My thoughts on a browser update regarding a security alert doesn't amount to bullying.  Users are free to download and use any other browser besides chrome.  If, on the other hand, google had a monopoly on browsers, the point could be made that it's heavy-handed.  
BPID
0%
100%
BPID,
User Rank: Strategist
8/9/2018 | 6:09:02 PM
Re: Internet bullying.
It is not the site which is insecure, but the communucations: from your browser to that site which, by the way Google is monitoring and deciding good/bad. Reality is the internet is not secure. We see daily sites and large corporations, Experion, Target, Facebook, etc., for example, as having HTTPS and insecure with data breaches. Facebook having HTTPS is before congress to explain why they are insecure.

A notification that any data to and from a site is not secure, means that Google is monitoring users activity. That alone should make you nervous. If it finds a site without HTRTPS, it can exclude it from it's search engine. That should be sufficient. But Google doesn't define insecure as having poor data security it defines dangerous as not having HTTPS.

Google is, in it's own discretion, is marking innocnt users of the internet as insecure and also in it's own hubris decided that it is the internet's sole policeman. If it wants to define a site as insecure it should strt with sites that don't protect data.
dmatos123
50%
50%
dmatos123,
User Rank: Apprentice
8/9/2018 | 1:44:54 PM
Re: Internet bullying.
I disagree.  The reality is that "normal" users have little insight into what HTTPS means vs HTTP and how the transmissions differ regarding their personal and identifying information when using the web.  An extra click or so to get to the content of an "insecure" site which also advises users that a site isn't secure is good for everyone.  It forces sight owners to comply with basic security measures to protect user information in transit - especially in light of today's environment.  It also educates users on the inherent threats in HTTP.  To claim censorship is stretching a bit.  #IMHO
BPID
25%
75%
BPID,
User Rank: Strategist
8/9/2018 | 1:17:10 PM
Internet bullying.
There is no doubt that securing data in transmission is a good thing. However. Google's dominant position does not give them the right to block or interrupt a user from reaching any site.

Though you may give your browser instructions to bypass their "WARNING" it still amounts to disruption of business, and a form of censorship.

In simple terms, no matter how good the intention, Google is bullying. It is internet bullying; it is a form of censorship and no matter who or why it is wrong to deny or impede legitimate and legal entities from conducting discource.

 


Devastating Cyberattack on Email Provider Destroys 18 Years of Data
Jai Vijayan, Freelance writer,  2/12/2019
Up to 100,000 Reported Affected in Landmark White Data Breach
Kelly Sheridan, Staff Editor, Dark Reading,  2/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-1695
PUBLISHED: 2019-02-15
IBM QRadar SIEM 7.2 and 7.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 134177.
CVE-2018-1701
PUBLISHED: 2019-02-15
IBM InfoSphere Information Server 11.7 could allow an authenciated user under specialized conditions to inject commands into the installation process that would execute on the WebSphere Application Server. IBM X-Force ID: 145970.
CVE-2018-1727
PUBLISHED: 2019-02-15
IBM InfoSphere Information Server 9.1, 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 147630.
CVE-2018-1895
PUBLISHED: 2019-02-15
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ...
CVE-2019-4059
PUBLISHED: 2019-02-15
IBM Rational ClearCase 1.0.0.0 GIT connector does not sufficiently protect the document database password. An attacker could obtain the password and gain unauthorized access to the document database. IBM X-Force ID: 156583.