https:// – PrivaSecTech Wed, 13 Nov 2019 18:33:21 +0000 en-US hourly 1 Google now offering secure search Sat, 22 Oct 2011 01:28:48 +0000 Continue reading Google now offering secure search]]> It’s not often we’ve given Google credit for privacy or security steps, but this week is one of them. Following the steps by Facebook and Twitter we announced back in May, five months later, Google has just announced they are now offering SSL searches! Mind you this is a more significant step than that of Facebook or Twitter, as those involved in SEO/optimization will quickly realize that search keyword data is no longer provided to you as the web manager (They’ll provide you the top 1000 through their webmaster tools). And while optimization folks won’t be pleased, on behalf of the privacy and security community, I would like to give credit where credit is due, thanks Google!

Tech tip: Both and work now, update all of your Google bookmarks, so others between you and Google can’t quietly see what you’re searching anymore!

Ich Sun is back, claiming the #MostSophisticatedHackOfAllTime Tue, 06 Sep 2011 19:47:47 +0000 Continue reading Ich Sun is back, claiming the #MostSophisticatedHackOfAllTime]]> You may have read my comodogate article back in March where I reported that the comodogate hacker, going by the name Ich Sun told me “…there is a lot of vulnerable CAs, I got some other stuff”. Well, in the last 24 hours he claims to have been responsible for the DigiNotar compromise and a few minutes ago provided another update; in these updates he reveals that as a 21 year old Iranian, he has compromised another 4 certificate authorities (CAs) as well as reverse engineered windows update (update your windows here). What do these hacks do? He can impersonate any secure website he wishes, which includes impersonating google and gmail which has already been seen in the wild using these certificates. The certificate authority model that secures the internet as we know it today will change as a result of this, so it has some serious impact.

What can you do?

If you’re on twitter, I’ve found the most interesting discussion on the topic between Kevin S McArthur, Moxie Marlinspike and Marsh Ray, although it’s fairly technical in nature due to the complexity of this attack. Otherwise, stay tuned here for updates, or ask us your questions.
Using a secure connection where possible Thu, 12 May 2011 21:17:48 +0000 Continue reading Using a secure connection where possible]]> I received a lot of feedback after my post yesterday about creating a permanent SSL (https://) connection to Facebook. It’s most important to use SSL anywhere you don’t want people to see what you’re doing/looking at. For example, anything with a form that asks for personal information, or when you login to a site using your password, or where you enter your credit card or banking information. At a minimum, all of these things should be https://. Anything not using https:// (SSL) can be sniffed (it’s plain text so people can watch/read/log what you’re doing).
If you can’t find it on your favourite website, contact them and ask them to to make SSL always on. Here is an example of how to do this on Twitter, for example:

twitter - https

What other websites can you find this setting on? Also, make sure your bookmarks are for the https:// version of the website, and not the http:// version.


Tech Tip: Secure connection to Facebook Wed, 11 May 2011 22:59:10 +0000 Continue reading Tech Tip: Secure connection to Facebook]]>  

This tip is to create a permanent secure connection to Facebook. You can tell you’re using SSL if the URL starts with https:// instead of http://. When you’re logged into Facebook, go to

Account – Account Settings – Account Security, and then click on the “Change” link.

There you will see a check box followed with “Browse Facebook on a secure connection (https) whenever possible”. Make sure this checkbox is checked, and then click on “save”. Now log out and back into Facebook, and you should never see http:// at the top for Facebook again.

Facebook - Always https

Why is there so much fear about …? Thu, 18 Nov 2010 23:58:51 +0000 Continue reading Why is there so much fear about …?]]> This is my first Q&A post. If you have a question about anything Privacy, Security or Technology related, contact us on our website or ask as on twitter

Today’s question comes from Jordan_Keats on  twitter “Why is there so much fear about Paypal transactions? Why hasn’t it been accepted as a evolution of $?”

Hi Jordan,

I get asked this question fairly often. Also related, “How do I know my inline banking is safe?” and “Would you shop online?”, and I think the answer goes back a lot further than the switch to digital currency. People are resistant to change.

Take a look at the fraud departments of Paypal, and Credit Card companies. They’re are now a well oiled machine when it comes to fraud.

The only thing to remember when doing anything concerning your personal information, including financial transactions, is to make sure in the URL bar at the top of your browser there is always an https:// at the beginning as opposed to an http://, this means the connection between you and the website in question is secure.

You are a lot more likely to have your information compromised on your own computer, or at the other end, than during the transaction. And even if this happens, so what?

I use paypal, shop online, and do all my banking online. Give it a try, you won’t go back.