Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Google Engineering Lead on Lessons Learned From Chrome's HTTPS Push
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
8/13/2018 | 11:37:53 AM
Re: Internet bullying.
You both make some valid points; but I think the choice of vendors is less free than assumed.  There are certainly restrictions in the corporate and academic environments (some choices are not allowed, others forced - as they are necessary to certain, required, applications).  Even for individuals, many will use the browser best suited to their OS, or will choose to stay with their OS's browser so as not to provide even more data to yet another IT mega-corporation.  Are you going to go through the process of reconfiguring and learning new habits, every time your current browser vendor changes its policies or practices (assuming you'll even be aware of it)?  Maybe "bullying" isn't the right word, but "heavy-handed" - definitely. 
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
8/13/2018 | 11:09:44 AM
Re: Who decides?
There are just too many self-serving motivations for any individuals or corporate, political or activist entities, to be trusted with being the guardians of the cyber-universe, to dictate what is or isn't moral, ethical or otherwise acceptable behavior.  Yet, there is a dire need to hold individuals, groups, transient associations and other entities responsible for clear violations of the most fundamental principles of moral and ethical behavior.  Perhaps the problem lies in the tendency to redefine those traditional principles to suit whatever self-serving motivations currently serve us best.     
dmatos123
50%
50%
dmatos123,
User Rank: Apprentice
8/13/2018 | 10:40:08 AM
Re: Internet bullying.
I guess we'll agree to disagree on this.  My thoughts on a browser update regarding a security alert doesn't amount to bullying.  Users are free to download and use any other browser besides chrome.  If, on the other hand, google had a monopoly on browsers, the point could be made that it's heavy-handed.  
BPID
0%
100%
BPID,
User Rank: Strategist
8/9/2018 | 6:09:02 PM
Re: Internet bullying.
It is not the site which is insecure, but the communucations: from your browser to that site which, by the way Google is monitoring and deciding good/bad. Reality is the internet is not secure. We see daily sites and large corporations, Experion, Target, Facebook, etc., for example, as having HTTPS and insecure with data breaches. Facebook having HTTPS is before congress to explain why they are insecure.

A notification that any data to and from a site is not secure, means that Google is monitoring users activity. That alone should make you nervous. If it finds a site without HTRTPS, it can exclude it from it's search engine. That should be sufficient. But Google doesn't define insecure as having poor data security it defines dangerous as not having HTTPS.

Google is, in it's own discretion, is marking innocnt users of the internet as insecure and also in it's own hubris decided that it is the internet's sole policeman. If it wants to define a site as insecure it should strt with sites that don't protect data.
dmatos123
50%
50%
dmatos123,
User Rank: Apprentice
8/9/2018 | 1:44:54 PM
Re: Internet bullying.
I disagree.  The reality is that "normal" users have little insight into what HTTPS means vs HTTP and how the transmissions differ regarding their personal and identifying information when using the web.  An extra click or so to get to the content of an "insecure" site which also advises users that a site isn't secure is good for everyone.  It forces sight owners to comply with basic security measures to protect user information in transit - especially in light of today's environment.  It also educates users on the inherent threats in HTTP.  To claim censorship is stretching a bit.  #IMHO
BPID
25%
75%
BPID,
User Rank: Strategist
8/9/2018 | 1:17:10 PM
Internet bullying.
There is no doubt that securing data in transmission is a good thing. However. Google's dominant position does not give them the right to block or interrupt a user from reaching any site.

Though you may give your browser instructions to bypass their "WARNING" it still amounts to disruption of business, and a form of censorship.

In simple terms, no matter how good the intention, Google is bullying. It is internet bullying; it is a form of censorship and no matter who or why it is wrong to deny or impede legitimate and legal entities from conducting discource.

 


COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
The Problem with Artificial Intelligence in Security
Dr. Leila Powell, Lead Security Data Scientist, Panaseer,  5/26/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13693
PUBLISHED: 2020-05-29
An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.
CVE-2020-13173
PUBLISHED: 2020-05-28
Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing...
CVE-2019-6342
PUBLISHED: 2020-05-28
An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4.
CVE-2020-11082
PUBLISHED: 2020-05-28
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.
CVE-2020-5357
PUBLISHED: 2020-05-28
Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability. The vulnerability is limited to the Dell Dock Firmware Update Utilities during the time window while being executed by an administrator. During this time wi...