Tag Archive for: Google security

Sites Without HTTPS May Be Marked as Non-Secure in Chrome Soon

, , ,

Google HTTPS Warning

Google is making some changes to protect users’ sensitive information online, and it could lead to your site being marked as non-secure by Google’s web browser at the end of this month.

Google released a warning that as of the end of January 2017, Chrome will mark sites without HTTPS as non-secure if they collect private information like passwords or credit cards.

Google #NoHacked HTTPS

“Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS.”

The company has encouraged implementing HTTPS in the past by making it a (very minor) search ranking signal. Now, from the sound of the alert, the company says an entire site will need to be HTTPS if any pages collect payment or sensitive information.

Switching over to HTTPS is an easy process, but you should begin preparing to make the switch now if your site fits the criteria. Otherwise, you are likely to be flagged as non-secure in February and lose a large amount of your web traffic.

/0 Comments

Google Beefs Up Its Defense Against Clickjacking

, , , ,

banner-1000935_640

Google is continuing its efforts to combat online display advertising fraud, with new defenses against a scam technique known as clickjacking.

If you’ve ever tried to press play on a video, open a link, or start a song and wound up on another page unexpectedly, clickjacking is most likely the culprit.

This is done by overlaying an essentially transparent layer over a legitimate web page. This way everything looks normal, but as soon as you try to take any form of action you trigger a behavior on the transparent overlay. The action may be used to trigger one-click orders from Amazon, take you to malware-laden sites, gain Facebook or Twitter likes, commit ad fraud, or any number of malicious behavior.

To fight back against this, Google is removing publishers engaged in clickjacking from its network entirely. The company has also developed a new filter specifically to exclude invalid traffic on display ads from clickjacked pages on both mobile and desktop.

In a blog post about the new efforts to fight clickjacking, Andres Ferrate, Chief Advocate of Ad Traffic Quality at Google, explained:

When our system detects a Clickjacking attempt, we zero-in on the traffic attributed to that placement, and remove it from upcoming payment reports to ensure that advertisers are not charged for those clicks.

/0 Comments