3 Apr

london  7.41am sunny 8.5C monday 2017

i just saw an article that makes me afraid for the security of the https:// system. i trust google chrome to provide security against virus and such and they only allow websites with the https:// prefix. it will show the url with a green padlock so i thought that is all right then, i am protected. but it seems this article says a company is allowing people to convert their urls into https:// for free. in the past it costs a lot of money to get that certificate. so now phishing websites are converting to this https:// and because everyone thinks the https:// makes everything secure, they are not so careful and let their guard down.

it seems there is even a website with the https that simply infect u with a virus, when u visit it, even if u dont click on anything inside there. and it will lock your laptop and demand a ransom . theoretically you would expect your antivirus to spot it and stop it. but it seems it does not always do so.


Now we say, you should always use HTTPS, but you shouldn’t always trust it as a marker for your safety. Because now people really, really need to know that HTTPS doesn’t equal legitimate safety, as they’ve been led to believe. It’s important to remember that checking the link they click for validity, spelling, and malfeasance needs to take priority over the need to check against making sure Chrome says “Secure.” Because it’s not.

lets Encrypt is the website company that does it and they say they wont police it either, by cancelling the certificate they issue when chrome or others warn them of the dodgy websites. usually these are associated with fake paypal . they argue that the internet servers’ antivirus etc programs  should be able to detect them and block them.

 if it is free, i wonder how lets Encrypt make money but obviously they do. so they will continue with it. it is amazing that they are allowed to do it and undermine the whole https:// thing. perhaps in the end, chrome just have to make their security system airtight and just block any dodgy site at the slightest hint of any irregularity. if it is legit it can complain to chrome and go through hoops to prove it is legit. in the meantime we users of chrome wont get that website but all of us wont mind, i am sure.

but perhaps the secure they are talking about with https is

that Shifting to HTTPS means that while ISPs will know you’re browsing an adult site, they won’t be able to see what you were browsing. 


so it is not a ‘secure’ against viruses. for that your own antivirus program or chrome if u are using chrome, or apple or other internet browsers should be able to protect u. so perhaps that is why lets Encrypt is allowed to do what they do.

this report is interesting, when u receive a chrome message blocking the url and saying this connection is not private. usually when i get it i simply go back. but it seems if u want to know why it is blocked u can click advance and find out. but as i said, it is a moot point with me. if chrome wont let me go in, i wont. that is that. i am using a chrome book, so all that other factors of an antivirus program which u have loaded onto your laptop blocking it does not apply to me. 


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: