A new version of Google Chrome is now available that marks websites that don’t use HTTPS encryption as ‘not secure’.
The ACSC advises all website owners to configure their website to serve web content only via the encrypted HTTPS protocol, and not via the unencrypted HTTP protocol.
The ACSC acknowledges that some website owners are in the process of transitioning from HTTP to HTTPS. Nevertheless, as a general principle, ACSC recommends that website owners only serve web content via HTTPS, since HTTPS is designed to:
- help prevent malicious third parties from performing a ‘person-in-the-middle attack’ or otherwise modifying or observing web content sent between web browsers and websites
- help ensure that website visitors are communicating with the website they intended to visit, rather than a fake malicious website.
For more information, visit the Google blog.