Google Chrome Soon to Label Sites Not Using HTTPS as 'Not Secure'

Today’s topics include Google Chrome labeling sites using HTTP as insecure starting July; Microsoft adding report sharing to Power BI; new reports showing cyber-security threats and fraud are growing; and a new Microsoft Windows 10 S build eliminating passwords.

As part of a long-standing effort by Google to get websites to use encryption to protect against online attacks, Google's Chrome browser will start labeling any site and any web page still using HTTP as "not secure" starting July.

Hypertext Transfer Protocol Secure, or HTTPS, is a variant of the standard web transfer protocol that adds a layer of security on the data in transit through a Secure Sockets Layer or Transport Layer Security protocol connection.

"For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption," said Chrome Security Product Manager Emily Schechter. She said 68 percent of Chrome traffic on Windows and Android systems and nearly 80 percent of Chrome traffic on the Chrome OS and Mac is protected through HTTPS. Meanwhile, 81 of the 100 biggest websites are now using HTTPS.

While users of Microsoft’s Power BI business analytics service have long been able to share dashboards with other users, reports had to be published to the web or shared as a static PDF file. Now, report sharing is available in an update to Power BI's underlying cloud service.

Power BI Program Manager Nikhil Gaekwad said, "The feature works just like dashboard sharing. Simply head to any report, look for the 'Share' option in the top bar, and … select the recipients that you want to share the report with."

Also just like dashboards, users can now bookmark individual reports, enabling quick access from a desktop PC or the Power BI Mobile apps. Additionally, when mobile users tap on website links that are embedded in custom visualizations, those links will now directly open in a browser.

A number of reports were released last week generally agreeing that cyber-security threats continue to grow, as are the cost and complexity of detecting threats.

In its 2018 Identity Fraud study, Javelin Strategy and Research reported that there were 16.7 million victims of identity fraud in 2017, up by 1.3 million from 2016, with costs reaching $16.8 billion for the year. As part of its Q4 2017 Cybercrime report, ThreatMetrix reported a 113 percent year-over-year increase in cybercrime activity in last year’s fourth quarter.

A Bromium report showed organizations spend $345,300 per year on detection-based security tools, and while those tools generate over one million alerts per year, 750,000 are false positives. Finally, PagerDuty released its State of IT Work-Life balance report, which found that 49 percent of respondents in the U.S. had their personal life interrupted between 11 and 30 times a week by an IT-related issue.

In Microsoft’s Windows 10 preview release 17093, available to folks enrolled in the Windows Insider early-access and feedback program, Microsoft is making it possible for users of Windows 10 S to go password-free. Aimed at students, Windows 10 S is a streamlined version of the operating system that is restricted to running apps from the Microsoft Store in order to improve security and make devices easier to manage in school settings.

Dona Sarkar, head of the Windows Insider Program, and Brandon LeBlanc, senior program manager at Microsoft, said, "Just download the Authenticator App and use it to set up your Windows 10 S PC. … Set up Windows Hello and access all your favorite apps and services—all without ever having to enter your password.”

Once configured, password fields disappear from the Windows experience, including the lock screen.