Apple announced that it will increase Safari’s security of its secure website from September 1. From that date, the browser will only accept HTTPS certificates issued within the last 13 months. It should provide better protection against two separate risks…HTTPS is a secure version of the standard Web protocol HTTP. This means that communication between the user and the server is encrypted in both directions. HTTPS prevents so-called “man-in-the-middle” attacks, where someone creates a WiFi hotspot with a name that sounds innocent and then captures all traffic through it. With normal HTTP, everything, including usernames and passwords, is in plain text. With HTTPS, everything an attacker gets is garbled. In order for the browser to connect to the HTTPS website, it checks that the site has a valid security certificate. This is essentially proof of third-party auditing, indicating that the site is indeed encrypted. The certificate only shows that the site uses the latest HTTPS encryption standards when it is published, so the earlier the release date means that the site is no longer using the latest security, the greater the risk. There is also the danger that an attacker will break the certificate and render it worthless. Reducing the validity of certificates also reduces this risk. Apple announces increased security for Safari used to accept certificates issued 825 days ago. As TNW reported, the company said certificates issued over 398 days, or 13 months, would be rejected from September 1. This means Safari will warn you that the certificate has expired and recommend that you not connect to the site. While it’s safer for users to do so, some argue that Apple’s plan could have unintended consequences. It has been argued that this makes websites more dependent on third-party services. Even if these services are free, there is a risk that the services will be compromised or compromised. However, many sites are hosted on large cloud sites such as WordPress, where the hosting company is responsible for the hosting of certificates, so this may not be an important issue for most sites.
Apple has announced plans for September to improve Safari security on websites that use HTTPS.
