With Chrome 70, hundreds of popular websites are about to break

A lot of secure sites are set to grind to a halt with security error messages in the next version of Google  Chrome, after the browser will drop trust for a major HTTPS certificate provider following a series of security incidents.

Chrome 70 is expected to be released on or around October 16, when the browser will start blocking sites that run older Symantec  certificates issued before June 2016, including legacy branded Thawte, VeriSign, Equifax, GeoTrust and RapidSSL certificates.

Yet despite more than a year to prepare, many popular sites are not ready.

SEE: WINDOWS 10’S LATEST UPDATE IS DELETING SOME USERS’ DOCUMENTS

Security researcher Scott Helme found 1,139 sites in the top one million sites ranked by Alexa, including CitrusSSRN, the Federal Bank of IndiaPantone, the Tel-Aviv city governmentSquatty Potty and Penn State Federal to name just a few.

FerrariOne Identity and Solidworks were named on the list but recently switched to new certificates, escaping any future outages.

You can check any website by pulling up the console in Chrome on any website.

HTTPS certificates encrypt the data between your computer and the website or app you’re using, making it near-impossible for anyone — even on your public Wi-Fi hotspot — to intercept your data. Not only that, HTTPS certificates prove the integrity of the the site you’re visiting by ensuring the pages haven’t been modified in some way by an attacker.

SEE: CALIFORNIA PASSES LAW THAT BANS DEFAULT PASSWORDS IN CONNECTED DEVICES

Most websites obtain their HTTPS certificates from a certificate authority, which abide by certain rules and procedures that over time become trusted by web browsers.

If you screw that up and lose their trust, the browsers can pull the plug on all of the certificates from that authority.

That’s exactly why Google called it quits on Symantec certificates last year. The search giant, and others, accused Symantec of issuing misleading and wrong certificates — and later, it was discovered that Symantec allowed non-trusted organizations to issue certificates without the required rigorous oversight. That has forced thousands of sites to trash their paid-for certificates and replace them with new ones to prevent their site from flagging up with error messages once the Chrome 70 deadline hits.

But, just as much as browsers can lose trust in a certificate authority, it can also gain the trust of new ones.

Let’s Encrypt, a provider of free HTTPS certificates, gained trust from all the major browser makers — including Apple, Google, Microsoft and Mozilla — earlier this year. To date, the non-profit has issued more than 380 million certificates.

 

 

SOURCE

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *