[www.kde.org] [Bug 346292] People get confused by the https version of developer.kde.org

Ganton kubry at gmx.com
Fri May 8 09:48:02 UTC 2015


https://bugs.kde.org/show_bug.cgi?id=346292

--- Comment #14 from Ganton <kubry at gmx.com> ---
Last week news have shown us new attacks and measures.

Speaking about the question that Albert Astals Cid made about HTTPS security,
it's important to beware of another kind of unexpected automatic attacks that
are used if e.g. HTTPS connections are not used:
    Websites are used effectively as a botnet because attackers are able to
intercept and modify javascript sent via HTTP.
    HTTPS stops a lot of threats, even if you're a hobbyist; HTTPS ensures that
an attacker can't just intercept your page and put there his javascript and a
bunch of exploit kits.
   
http://googleonlinesecurity.blogspot.com.es/2015/04/a-javascript-based-ddos-attack-as-seen.html

and last week news about Mozilla:
    Mozilla Security Blog -- Deprecating non-secure HTTP
    https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
    Today we are announcing our intent to phase out non-secure HTTP. [...]

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the kde-www mailing list