Unsafe Internet

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
Did you know more than half of all website visits come from automated software/services of which oftentimes is malicious?

Some bots are useful like Facebook, Google and other web crawlers. Other bots flood load requests to effectively cause a DoS (Denial of Service) or when there is a controller involved that triggers a huge list of bots to attack a specific service, a DDoS (Distributed Denial of Service). There are even bots detecting web server software versions or ones that scan web applications for insecure code to try gaining access.

Websites are hacked daily, tens of thousands. Keep yourself and others safer by using DNSSEC like we do, enable HTTPS to encrypt web traffic and use a VPN especially if using a public WiFi network.


Let us know how you stay safe online!

HTTP is inherently insecure, I would consider it a security mistake. The protocol automatically trusts everyone with all web-related transmission information. The second we started transmitting secure or confidential information, we screwed up largely and implemented what we use today, HTTPS. HTTP should be deprecated, there is no good reason in 2018 to enable unsafe web transmission. I will be starting a petition targeting: IETF, ITU, IEEE, ICANN, IANA, W3C, IRTF. The petition will be primarily aimed at abandoning HTTP support for a globally safer Internet. As modern browsers no longer support HTTP connections, web servers and web apps will be made secure and not by choice. Force security because swimming in volcanoes melts your skin!

For anyone concerned --- we have deprecated SSL protocols but are not deprecating HTTP? What... the current deprecation method is lightweight; weak. Security sometimes needs to come with haste. Both Mozilla and Google Chrome are helping to push HTTP away as shown here. With a petition, enough momentum could lead web browsers to properly deprecate HTTP. We should be seeing "This website could be insecure, are you sure? Yes, No" and not even making it past port 80 is open and listening. Even more, HTTPS (443... etc) should be tried first. We have cipher orders but our browsers do not automatically upgrade insecure web traffic if possible? Quack heads

We should not be automatically trusting non-certified websites in everyday browsers used by everyday people. Most humans are not security experts. Plus, this could be the start of a massive push for greater security focus in IT departments worldwide, something we have needed for a long time.
 
Last edited:

Jackbox

Active Member
Jan 2, 2016
197
96
74
Video has been updated and TeamSpeak.com lacks HTTPS enforcement via HSTS. Easy fix to the problem, do they know security though? We will see if they fix it.
 
Top