Google Chrome going to issue password warning on bad sites

[gcmartin]

Chrome 56 changes to help one's security view

[s243a]

How will chrome know the field is for a password or credit card number and couldn't someone intercept the info with javascript befor the user presses the sunmit button?

[purple379]

There has been for some time: A Firefox, Chrome and Opera Extension, HTTPS Everywhere. Admittedly not the same thing as what Chrome is going to implement, but a step in a similar connection.

Any sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS.

https://www.eff.org/https-everywhere

There is also Privacy Badger. Privacy Badger blocks spying ads and invisible trackers. https://www.eff.org/privacybadger

[s243a]

There has been for some time: A Firefox, Chrome and Opera Extension, HTTPS Everywhere. Admittedly not the same thing as what Chrome is going to implement, but a step in a similar connection.

Any sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS.

https://www.eff.org/https-everywhere

There is also Privacy Badger. Privacy Badger blocks spying ads and invisible trackers. https://www.eff.org/privacybadger

For reasons I note elsewhere

http://murga-linux.com/puppy/viewtopic. ... 685#920685

I'm not sold on HTTPS everywhere.

[bark_bark_bark]

There has been for some time: A Firefox, Chrome and Opera Extension, HTTPS Everywhere. Admittedly not the same thing as what Chrome is going to implement, but a step in a similar connection.

Any sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS.

https://www.eff.org/https-everywhere

There is also Privacy Badger. Privacy Badger blocks spying ads and invisible trackers. https://www.eff.org/privacybadger

For reasons I note elsewhere

http://murga-linux.com/puppy/viewtopic. ... 685#920685

I'm not sold on HTTPS everywhere.

To be honest I don't think your points are really all that valid; People should not be using an unpatched, unsupported system (by both 1st and 3rd parties) like Windowx XP. Also, HTTPS needs to be used more than it is. Any site that carries passwords SHOULD use HTTPS. News sites should also use it as well.

[Scooby]

Google should just forbid ads if it want to increase security.

Nowadays a popular attack vector is through bogus ads.

[Burn_IT]

Indeed!

[gcmartin]

Ads aren't just Google. AOL, Yahoo, MS, Apple, Amazon, ... and the various browsers are built by Internet standards for such. No one vendor has a lock. My bank shoots them at me when I log in, too. Its the world we live.

Yet, I do agree, clever people can use the ad vector as a means of "grabbing" our attention. This problem was acknowledged in a seminar I attended a decade ago.

FYI

[Burn_IT]

Nobody said it was.
The point was that ADS are the biggest threat to security since they are seldom checked before being published and if you are pushing or trying to sell your product on the basis of security, you cannot include ads.

[bark_bark_bark]

Nobody said it was.
The point was that ADS are the biggest threat to security since they are seldom checked before being published and if you are pushing or trying to sell your product on the basis of security, you cannot include ads.

agreed