- Arte e Informatica
- Blog sulla sicurezza online
As of January 2017, Google Chrome (ver. 56 or later) will mark pages that collect passwords, emails or credit card data , which are not published with the HTTPS protocol (green lock) as " Unsafe ". The new Chrome warning is only the first step in a long-term plan to mark all pages published over the unencrypted HTTP protocol as " Unsafe ".
The installation of an SSL certificate is important not only for security reasons and compliance with privacy directives, but also for the purpose of improving SERP indexing (position on your site in google searches). It becomes essential today to prevent visitors to our Website from receiving warnings of the lack of security of the same.
The SSL (Secure Sockets Layer) certificates guarantee the identity through a validation process performed by a certification body and protect the data transmitted by encryption and are divided into:
- Domain Validation DV (Domain Validation) : SSL certificates with domain validation belong to the category of "entry-level" certificates and can be issued in a very short time at a low price.
- Validation of the Organization (OV) / full organization : The SSL (Secure Sockets Layer) certificates validated on the Organization confirm to the user that the Company that owns the Certified site is legitimate and its identity has been confirmed.
- Extended Validation (EV) and Green Bar : The EV (Extended Validation) SSL certificates are the most complete certificates, they activate the green bar in the latest generation browsers and display the company name, creating a level of trust and d ' higher reliability than all other types of certificates.
Protect yourself from Identity Theft
A new viral security warning depopulated on FaceBook, again based on a foundation of truth: IDENTITY THEFT , but giving false information on the precautions to be taken and how to defend yourself. IDENTITY THEFT is a criminal offense that has existed long before the Internet and before FaceBook. In the worst case it is used to borrow money in the name of someone else who will then go through a judicial ordeal to prove its strangeness.
How to know if your identity has been stolen?
In the case of Facebook, there is nothing simpler if looking for your name you find another profile in your name, with your data and your photos, unless you created it, it is a real theft. of identity. Similarly if you read comments on your behalf that you are not the author of.
It is more difficult to discover identity theft for the purpose of scam, in this case beware of:
- Unusual or unexpected withdrawals on the current account;
- Receiving invoices for products or services that you do not have;
- Problems with credit cards.
Now don't rush to open the first attachment that arrived with a suspicious email about a banking movement you know nothing about, it is more likely to be ransomware. Just keep an eye on your checking accounts and credit cards.
How to defend yourself?
As for Facebook it is very simple , as soon as you realize that someone uses your name and your photo just report the fact to Facebook within a few minutes the profile will be closed. If it reappears before redoing the operation, a copy of the profile page must be made, a screenshot is not enough as the time and authenticity proof is needed for this purpose use HASHBOT: https://www.hashbot.com/ and make a report to the Postal Police.
Use only the report, do not argue with who has stolen your identity and do not start alerting your contacts. It is useless and especially if it is a Troll he will find the reaction amusing.
For identity theft for fraud purposes:
- Pay attention to your sensitive data, do not simply provide copies of your documents for example. Especially if you enter your credit card details, check that the connection is protected by SSL (https: //) even if it is the website of a company you know, the normal connection (http: //) does not protect against any data interception.
- Do not provide your access passwords and pay attention to where you enter them: a tactic used by hackers (phising) is to send a fake email from your bank inviting you to confirm a transaction or reset your PW by clicking on a link which opens a page that looks just like that of your credit institution. In this case, pay attention to the page address and above all that it is protected by SSL protocol, i.e. it is an https: // address and that something similar to a padlock appears on the browser.
- Keep current accounts and credit cards under control: I personally prefer services that provide a warning for each access to your profile (regardless of whether you make an operation or not) through an email or SMS communication that combined with a strong password make it difficult to any malicious person gaining access without our knowledge.
How to recognize a secure connection?
In addition to the https: // protocol , a padlock appears on the address bar, clicking on it will display information relating to the type of connection ( secure connection ) and the certifying body [See image above]. In the normal connection, however, neither the padlock nor the protocol (https: //) will be displayed, instead it will be displayed (http: // without the s) or simply the address [See image below].
If you are visiting a page to consult information, the fact that it is not protected via SSL is irrelevant, but if you are asked to enter sensitive data such as your credit card number and the connection is not secure, the provision of the same data is at risk regardless of the seriousness and honesty of the owner of the page itself. Many sites, especially e-commerce sites, protect financial transactions in SSL, precisely because it is in this phase that sensitive data is entered that it is good to protect from any interception.
This is heading element
Author: Loris Modena