Chrome devs hatch plan to mark all HTTP traffic insecure
-
-
Scott and I have bumped heads a few times on this topic. I do realize that requiring SSL on all webpages does add some overhead to those servers, but does it really add enough overhead to warrant not doing it?
Though the next question that comes to mind, what else will break by adding this?
-
@Dashrender After the first of the year, I will be educating and encouraging all of our internet marketing clients to move to SSL.
I believe that this will also be a good time to offer our other services like backup and updates as well as encouraging all owners to get a Goggle and Bing webmasters account.
I depends on the platform on what will break but it appears that there isn't too much to "fix" on WordPress.
-
I am thinking they need to tell you what is not using SSL when SSL is turned on in a site. Like on facebook or some bank sites. When it says "other resources that are not secure" I want to know what is that resources and can I tell it to not use it.
-
To me this is like the US terror level. Call everything insecure and suddenly nothing is.
-
I don't see the point. There might be a short period of time where things are secure but that will spawn two things:
- Complacency
- Everything old is new again (the same attacks will still happen, just the delivery method will be slightly altered)
-
@nadnerB said:
I don't see the point. There might be a short period of time where things are secure but that will spawn two things:
- Complacency
- Everything old is new again (the same attacks will still happen, just the delivery method will be slightly altered)
This is the reality of security - If you want to live with your head in the sand, why bother doing anything security related at all?
-
@scottalanmiller said:
To me this is like the US terror level. Call everything insecure and suddenly nothing is.
I don't follow.
-
@Dashrender said:
@scottalanmiller said:
To me this is like the US terror level. Call everything insecure and suddenly nothing is.
I don't follow.
In the US they started these new "terror threat levels" after 9/11. But the lowest was "orange". Green was supposed to be the baseline but they never used it. It took weeks before the US adjusted to see orange as the new green. Instead of putting the country on alert, all we did was make it impossible to actually have thread levels. Once you make "everyday" an alert, it's not an alert anymore and just noise.
-
@scottalanmiller said:
@Dashrender said:
@scottalanmiller said:
To me this is like the US terror level. Call everything insecure and suddenly nothing is.
I don't follow.
In the US they started these new "terror threat levels" after 9/11. But the lowest was "orange". Green was supposed to be the baseline but they never used it. It took weeks before the US adjusted to see orange as the new green. Instead of putting the country on alert, all we did was make it impossible to actually have thread levels. Once you make "everyday" an alert, it's not an alert anymore and just noise.
^that's a better version of what I was trying to say. @Dashrender
I had a case of the dumbs that day
