Mozilla intends to deprecate Non-Secure HTTP

Posted by with Tags
The author Hemant Saxena is a post-graduate in technology and has an immense interest in following Microsoft and other technology developments around the world. Quiet by nature, he is an avid Lacrosse player.

One Comment

  1. Dan

    Mozilla already uses its own cert store so that if by DNS spoofing/proxying someone attempts MTM, any resolved pages won’t load; unfortunately, this seems to affect VPNs which have a search engine other than the one put in Mozilla’s browser store the first time you used it without VPN…this does not serve encryption issues by itself.

    Odds for safety certainly improve where all connected-to sites must be encrypted, but will all sites have at least 256 AES…a number of prominent security sites have said up to 74% of sites vulnerable to the RC4-based “Heartbleed” attack are still so vulnerable. Then, how well do highly connection-secure sites police downloadable content…Google Store extension debacles come to mind.

    Until all sites have the kind of security one can find in a good VPN, it’s no sure thing you’ll be absolutely safe via global encryption. Again, encryption is a good base to expand security, but to cold-turkey shut out non-https sites for Mozilla acting alone makes them a browser already lower in popularity which sites can ignore; citing in your article what sort of time/cash scale projects require, for now, for Google to promote better-financed https sites over others seems somehow a contribution to the erosion of net neutrality….especially hwen “better” sites remain vulnerable to the most publicized of simple attacks.

    Thanks for a great article, and have a great weekend!

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 6 =