Jump to content

Search the Community

Showing results for tags 'https'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 8 results

  1. Microsoft will integrate DNS over HTTPS in Windows 10 Microsoft revealed plans to integrate native support for DNS over HTTPS in the company's Windows 10 operating system in November 2019. The announcement was made on Microsoft's Networking blog on November 17, 2019. DNS over HTTPS is designed to improve privacy, security and the reliability by encrypting DNS queries that are handled in plaintext currently. DNS over HTTPS has been on the rise lately. Mozilla, Google, Opera as as well as several public DNS providers announced support for the standard. Support in programs, e.g. a web browser, means that the DNS queries that originate from that program are encrypted. Other queries, e.g. from another browser that does not support DNS over HTTPS or is configured not to use it, won't benefit from that integration however. Microsoft's announcement brings DNS over HTTPS support to the Windows operating system. The company plans to introduce it to preview builds of Windows 10 in the future before it releases it in a final version of the operating system. Microsoft plans to follow Google's implementation, at least initially. Google revealed some time ago that it will roll out DNS over HTTPS in Chrome, but only on systems that use a DNS service that supports DNS over HTTPS. In other words: Google won't alter the DNS provider of the system. Mozilla and Opera decided to pick a provider, at least initially, and that means that the local DNS provider may be overridden in the browser. Microsoft notes that it won't be making changes to the DNS server configuration of the Windows machine. Administrators (and users) are in control when it comes to the selection of the DNS provider on Windows and the introduction of support for DNS over HTTPS on Windows won't change that. The change may benefit users without them knowing about it. If a system is configured to use a DNS provider that supports DNS over HTTPS, that system will automatically use the new standard so that DNS data is encrypted. The company plans to introduce "more privacy-friendly ways" for its customers to discover DNS settings in Windows and raise awareness for DNS over HTTPS in the operating system. Microsoft revealed four guiding principles for the implementation: Windows DNS needs to be as private and functional as possible by default without the need for user or admin configuration because Windows DNS traffic represents a snapshot of the user’s browsing history. Privacy-minded Windows users and administrators need to be guided to DNS settings even if they don't know what DNS is yet. Windows users and administrators need to be able to improve their DNS configuration with as few simple actions as possible. Windows users and administrators need to explicitly allow fallback from encrypted DNS once configured. Closing words Microsoft did not reveal a schedule for the integration but it is clear that it will land in a future Insider build for Windows 10 first. Integration in Windows -- and other client operating systems -- makes more sense than integrating the functionality into individual programs. Users who want to use DNS over HTTPS may simply pick a DNS provider that supports it to enable the feature for all applications that run on the system. Source: Microsoft will integrate DNS over HTTPS in Windows 10 (gHacks - Martin Brinkmann)
  2. Firefox 76 gets optional HTTPS-only mode Mozilla plans to introduce an optional HTTPS-only mode in Firefox 76 which only allows connections to HTTPS sites. Most Internet sites use HTTPS already to improve the security of connections. HTTPS encrypts the connection which protects against manipulation and also blocks the logging of activity. Firefox users may soon enable an option in the web browser to allow only HTTPS connections; this sounds very similar to how HTTPS Everywhere operates. The browser extension tries to upgrade unencrypted resources to encrypted ones when enabled, and it comes with an option to block any traffic that is not encrypted. When enabled, Firefox loads HTTPS sites and resources just like before. When HTTP sites or resources are detected, the browser attempts to upgrade these to HTTPS. The site or resource is loaded if the upgraded worked; if not, it is blocked which may result in sites becoming inaccessible or partially loaded. Firefox users who run Firefox 76 or newer can activate the new HTTPS-Only mode in the browser in the following way: Load about:config in the browser's address bar. Confirm that you will be careful. Search for dom.security.https_only_mode using the search field at the top. Set the preference to TRUE to enable HTTPS-only connections in Firefox. Set the preference to FALSE to allow all connections (default). A "Secure Connection Failed" error is displayed by Firefox is a site cannot be upgraded to HTTPS after setting the preference to TRUE in the Firefox preferences. The new HTTPS-Only mode works like HTTPS Everywhere's strict mode as it blocks all insecure connections automatically. Firefox's built-in feature does not support a fallback mode (which HTTPS Everywhere supports). Is this useful? How useful is a HTTPS-only mode on today's Internet? I see some limited applications for it when combined with browser profiles. A user could enable the feature for a profile that is used exclusively for online banking or other sensitive tasks on the Internet that benefit from increased security. While most sites do support HTTPS already, Mozilla's own stats show that about 82% of all Firefox connections use HTTPS, it is quite common that HTTP-only sites or resources are accessed on the Internet. Most Internet users therefor may find the HTTPS-only mode disruptive as it blocks access to certain sites or resources on the Internet. Source: Firefox 76 gets optional HTTPS-only mode (gHacks - Martin Brinkmann)
  3. Mozilla revamps Firefox's HTTPS address bar information Mozilla plans to make changes to the information that the organization's Firefox browser displays in its address bar when it connects to sites. Firefox displays an i-icon and a lock symbol currently when connecting to sites. The i-icon displays information about the security of the connection, content blocking, and permissions, the lock icon indicates the security state of the connection visually. A green lock indicates a secure connection and if a site has an Extended Validation certificate, the name of the company is displayed in the address bar as well. Mozilla plans to make changes to the information that is displayed in the browser's address bar that all Firefox users need to be aware of. One of the core changes removes the i-icon from the Firefox address bar, another the Extended Validation certificate name, a third displays a crossed out lock icon for all HTTP sites, and a fourth changes the colour of the lock for HTTPS sites from green to gray. Why are browser makers making these changes? Most Internet traffic happens over HTTPS; latest Firefox statistics show that more than 79% of global pageloads happen using HTTPS and that it is already at more than 87% for users in the United States. The shield icon was introduced to indicate to users that the connection to the site uses HTTPS and to give users options to look up certificate information. It made sense to indicate that to users back when only a fraction of sites used HTTPS. With more and more connections using HTTPS, browser makers like Mozilla or Google decided that it was time to evaluate what is displayed to users in the address bar. Google revealed plans in 2018 to remove Secure and HTTPS indicators from the Chrome browser; Chrome 76, released in August 2019, does not display HTTPS or WWW anymore in the address bar by default. Mozilla launched changes in Firefox in 2018, hidden behind a flag, to add a new "not secure" indicator to HTTP sites in Firefox. Google and Mozilla plan to remove information that indicate that a site's connection is secure. It makes some sense, if you think about it, considering that most connections are secure on today's Internet. Instead of highlighting that a connection is secure, browsers will highlight if a connection is not secure instead. The changes are not without controversy though. For more than two decades, Internet users were told that they needed to verify the security of sites by looking at the lock symbol in the browser's address bar. Mozilla does not remove the lock icon entirely in Firefox 70 and the organization won't touch the protocol in the address bar either at this point; that is better than what Google has already implemented in recent versions of Chrome. The following changes will land in Firefox 70: Firefox won't display the i-icon anymore in the address bar. Firefox won't display the owner of Extended Verification certificates anymore in the address bar. A shield icon is displayed that lists protection information. The lock icon is still displayed, it displays certificate and permission information and controls. HTTPS sites feature a gray lock icon. All sites that use HTTP will be shown with a crossed out shield icon (previously only HTTP sites with login forms). Mozilla aims to launch these changes in Firefox 70. The browser is scheduled for a release on October 23, 2019. Firefox users may add a "not secure" indicator to the browser's address bar. Mozilla, just like Google, plans to display it for sites that use HTTP. The additional indicator needs to be enabled separately at the time of writing, it won't launch in Firefox 70. Load about:config in the Firefox address bar. Search for security.identityblock.show_extended_validation. Set the preference to TRUE to display the name of the owner of Extended Validation certificates in Firefox's address bar, or set it to FALSE to hide it. The new gray icon for HTTPS sites can be toggled as well in the advanced configuration: On about:config, search for security.secure_connection_icon_colour_gray Set the value to TRUE to display a gray icon for HTTPS sites, or set it to FALSE to return to the status quo. Source: Mozilla revamps Firefox's HTTPS address bar information (gHacks - Martin Brinkmann)
  4. Google plans to test DNS over HTTPS in Chrome 78 Google revealed plans to test the company's implementation of DNS over HTTPS (DoH) in Chrome 78. DNS over HTTPS aims to improve security and privacy of DNS requests by utilizing HTTPS. The current stable version of Chrome is 77 released on September 10, 2019. Google notes that DoH prevents other WiFi users from seeing visited websites; common attacks such as spoofing or pharming could potentially be prevented by using DoH. Google decided to test the DoH implementation in a different way than Mozilla. Mozilla selected Cloudflare as its partner in the testing phase and will use Cloudflare as the default provider when it rolls out the feature to US users in late September 2019. Firefox users have options to change the DNS over HTTPS provider or turn off the feature entirely in the browser. Google's DNS over HTTPS plan Google picked a different route for the test. The company decided to test the implementation using multiple DoH providers. The company could have used its own DoH service for the tests but decided to select multiple providers instead. Tests will upgrade Chrome installations to use DoH if the DNS service that is used on the system supports DoH. Google circumnavigates any criticism in regards to privacy that Mozilla faced when it announced the partnership with Cloudflare. Google selected the cooperating providers for "their strong stance on security and privacy" and "readiness of their DoH services" and agreement to participate in the test. The following providers were picked by the company: Cleanbrowsing Cloudflare DNS.SB Google OpenDNS Quad9 If Chrome runs on a system that uses one of these services for DNS, it will start using DoH instead when Chrome 78 launches. The experiment will run on all platforms for a fraction of Chrome users with the exception of Chrome on Linux and iOS. Chrome will revert to the regular DNS service in the case of errors. Most managed Chrome deployments will be excluded from the experiment, and Google plans to provide details on DoH policies on the company's Chrome Enterprise blog before release to provide administrators with information on configuring those. Chrome users may use the flag chrome://flags/#dns-over-http to opt in or out of the experiment. The flag is not integrated in any version of the Chrome browser yet. Secure DNS lookups Enables DNS over HTTPS. When this feature is enabled, your browser may try to use a secure HTTPS connection to look up the addresses of websites and other web resources. – Mac, Windows, Chrome OS, Android Closing Words Most Chromium-based browsers and Firefox will start to use DNS over HTTPS in the near future. Firefox provides options to disable the feature and Chrome comes with an experimental flag that offers the same. Experimental flags may be removed at one point in the future however and it is unclear at this point whether Google plans to add a switch to Chrome's preference to enable or disable the feature. Source: Google plans to test DNS over HTTPS in Chrome 78 (gHacks - Martin Brinkmann)
  5. Mozilla plans to roll out DNS over HTTPS to US users in late September 2019 Starting in late September 2019, DNS over HTTPS (DoH) is going to be rolled out to Firefox users in the United States. DNS over HTTPS encrypts DNS requests to improve security and privacy of these requests. Most DNS requests happen in the open currently; anyone listening to the traffic gets records of site and IP addresses that were looked up while using an Internet connection among other things. DoH encrypts the traffic and while that looks good on first glance, it needs to be noted that TLS still gives away the destination in plaintext. One example: Internet providers may block certain DNS requests, e.g. when they have received a court order to block certain resources on the Internet. It is not the best method to prevent people from accessing a site on the Internet but it is used nevertheless. DoH is excellent against censorship that uses DNS manipulation. Tip: check out our detailed guide on configuring DNS over HTTPS in Firefox. Mozilla started to look into the implementation of DoH in Firefox in 2018. The organization ran a controversial Shield study in 2018 to gather data that it needed for the planned implementation of the feature. The study was controversial because Mozilla used the third-party Cloudflare as the DNS over HTTPS service which meant that all user traffic flowed through the Cloudflare network. Mozilla revealed in April 2019 that its plan to enable DoH in Firefox had not changed. The organization created a list of policies that DoH providers had to conform to if they wanted their service to be integrated in Firefox. In "What's next in making encrypted DNS-over-HTTPS the Default", Mozilla confirmed that it would begin to enable DoH in Firefox starting in late September 2019. The feature will be enabled for some users from the United States and Mozilla plans to monitor the implementation before DoH is rolled out to a larger part of the user base and eventually all users from the United States. We plan to gradually roll out DoH in the USA starting in late September. Our plan is to start slowly enabling DoH for a small percentage of users while monitoring for any issues before enabling for a larger audience. If this goes well, we will let you know when we’re ready for 100% deployment. While DNS over HTTPS will be the default for the majority of Firefox installations in the United States, it won't be enabled for some configurations: If parental controls are used, DoH won't be enabled provided that Mozilla detects the use correctly. Enterprise configurations are respected as well and DoH is disabled unless "explicitly enabled by enterprise configuration". Fall back option if DNS issues or split horizon configuration cause lookup failures. Network administrations may configure their networks in the following way to highlight to Firefox that the network is unsuitable for DoH usage: DNS queries for the A and AAAA records for the domain “use-application-dns.net” must respond with NXDOMAIN rather than the IP address retrieved from the authoritative nameserver. How to block DNS over HTTPS You have two options when it comes to DoH in Firefox. You can change the default provider -- Cloudflare is the default -- to another provider (for whatever reason) or block the entire feature so that it won't be used. If you don't want to use it, set the value of network.trr.mode to 0 5 on about:config. Source: Mozilla plans to roll out DNS over HTTPS to US users in late September 2019 (gHacks - Martin Brinkmann)
  6. Microsoft Edge to add automatic HTTPS option for all domains Microsoft Edge will automatically redirect users to a secure HTTPS connection when visiting websites using the HTTP protocol, starting with version 92, coming in late July. By default, this new option will allow Edge users to switch from HTTP to HTTPS on websites that are likely to support the more secure protocol. However, users will also be able to configure the browser to upgrade all connections to HTTPS (Hypertext Transfer Protocol Secure) as the default internet communication protocol for all domains. "Starting with Microsoft Edge version 92, users will have the option to upgrade navigations from HTTP to HTTPS on domains likely to support this more secure protocol," Microsoft said. "This support can also be configured to attempt delivery over HTTPS for all domains." Blocks MITM attacks and web traffic tampering This change will further secure Edge users' web traffic against man-in-the-middle (MITM) attack attempts to snoop on data exchanged over unencrypted HTTP connections. Given that data sent and received via HTTP connections is not encrypted, malicious programs running on one's computer can easily monitor all the information sent over it, including passwords, credit card info, and various other sensitive info. Ensuring that you're always using HTTPS while browsing the Internet helps secure your data while in transit by encrypting the connection between the sites you're visiting and the web browser. HTTPS also makes sure that threat actors trying to snoop on your web traffic will not be able to alter any of the data exchanged with Internet sites without being detected. Other browsers also allow enabling HTTPS on all sites This move is part of a greater effort where browser vendors defend users from attackers attempting to intercept their unencrypted traffic by making it easier to browse the entire web over HTTPS. For instance, starting with version 90 released earlier this month, Google Chrome defaults to HTTPS for any URLs typed in the address bar if there's no protocol specified. With the release of Firefox 83, Mozilla also added an HTTPS-Only Mode that secures web browsing by automatically rewriting URLs to use the HTTPS protocol (while disabled by default, it can be enabled from the browser's settings). Until Microsoft Edge adds the Automatic HTTPS option, users can enable HTTPS for all sites with the help of the HTTPS Everywhere extension available on Microsoft's Edge Add-ons store. Source: Microsoft Edge to add automatic HTTPS option for all domains
  7. Linux documentation switches to HTTPS to boost security Several commits have been made to the Linux kernel in recent days and weeks which switch links in the kernel’s documentation from HTTP to the more secure HTTPS protocol. According to commit logs made by Alexander Klimov, the switch to HTTPS should reduce the likelihood of man-in-the-middle attacks against kernel developers. To ensure that links do not break when switched to the more secure protocol, tests were run to ensure pages loaded in the same manner. While it’s a welcome change which should boost the security of the whole Linux community, the move is a proactive one according to Phoronix which said that there has been no sign of any kernel developers being attacked recently via URLs. These new security enhancements should become available to developers once Linux 5.9 has been released, the latest version of the kernel so far is version 5.8-rc6. Depending on how things go, Linux 5.8 should be released on one of the upcoming Sundays before Linux 5.9 enters the release candidate phase for a final round of testing. Each new Linux kernel update usually brings new hardware support and new software features. New kernels are typically released every two months give or take a few weeks if more polish is needed. Source: Phoronix Linux documentation switches to HTTPS to boost security
  8. Firefox 80: HTTPS-only Mode in Settings Mozilla added an optional HTTPS-only mode to Firefox 76 Nightly back in March 2020. The organization's engineers have now added the mode to the settings of Firefox 80 Nightly, and it is likely that users of other Firefox channel versions, e.g. Firefox Stable, will be able to configure the mode once their version of the browser is updated to Firefox 80. HTTPS-Only Mode is designed to enforce HTTPS on sites. It works similarly to HTTPS Everywhere and other HTTPS upgrade extensions for browsers in that it attempts to upgrade HTTP connections, that are not secure, to HTTPS connections, which are. The core difference between the native HTTPS-Only Mode and extensions is that Mozilla's implementation attempts to upgrade every HTTP connection to HTTPS. HTTPS Everywhere uses a list for the upgrades that rewrite connections on sites that are opened in the browser. Firefox's HTTPS-Only Mode applies the upgrade to all HTTP connections, even if an HTTPS option is not available; this may lead to loading errors that can range from sites not loading at all to content on the site becoming unavailable. Firefox informs the user if the entire site could not be loaded because it does not support HTTPS. The same is not true for elements that may not be loaded on a site, though. Up until now, Nightly users had to set the value of the preference dom.security.https_only_mode to TRUE to enable the feature in the browser. A value of FALSE, the default, disables the HTTP to HTTPS upgrade enforcement in the browser. Starting in Firefox 80, that is no longer necessary but still available. Mozilla added options to control the browser's HTTPS-Only Mode in the options. Load about:preferences#privacy in the browser's address bar and scroll all the way down to the HTTPS-Only Mode group. The feature is set to "Don't enable HTTPS-Only Mode" by default. Switch it to Enable HTTPS-Only Mode in all windows to enable it everywhere, or Switch it to Enable HTTPS-Only Mode in private windows only, to only enable it for private browsing. A restart is not required. When you enable the option, Firefox will rewrite HTTP links to HTTPS automatically. Closing Words When Mozilla launched the HTTP upgrade mode in Firefox 76, I concluded that it could be useful in some situations, e.g. when using profiles in Firefox and using one of the profiles for secure activities such as online banking. The downside to enabling the mode is that it may break functionality on some sites, and some sites entirely. Since there is no simply "turn off mode on this page" option, it is quite cumbersome to deal with the issue when it is encountered. I find it puzzling that the option is added to the browser's preferences, considering that Mozilla's stance in the past was to limit user exposure to settings that could potentially impact the accessibility of sites. I think it would be better if Mozilla would integrate HTTPS Everywhere in the browser, maybe even with an option to enforce HTTPS everywhere. The extension is already included in the Tor Browser by default. Firefox 80: HTTPS-only Mode in Settings
×
×
  • Create New...