My Blog List

Thursday, 2 August 2012

Website security indicators For Google Chrome



When you connect to a website, Google Chrome can show you details about your connection and alert you if it’s unable to establish a fully secure connection with the site. Learn about Google Chrome's security settings.
See if the site is using a secure connection (SSL)
If you’re entering sensitive personal information on a page, look for a lock icon to the left of the site’s URL in the address bar to see if the site uses SSL. SSL is a protocol that provides an encrypted tunnel between your computer and the site you’re viewing. Sites can use SSL to prevent third parties from interfering with the information traveling through the tunnel.
The site isn't using SSL. Most sites don’t need to use SSL because they don’t handle sensitive information. Avoid entering sensitive information, such as usernames and passwords, on the page.

Google Chrome has successfully established a secure connection with the site.Look for this icon and check the URL if you’re required to log in to the site or enter sensitive information on the page. 

If a site uses an Extended Validation SSL (EV-SSL) certificate, the organization's name also appears next to the icon in green text. Make sure the browser is set to check for server certification revocation to identify sites with EV-SSL certificates. bellow
EV-SSL certificates

Set Google Chrome to check for server certification revocation. These steps apply to Google Chrome on Windows, Mac, Linx, and Chrome OS:
  1. Click the wrench  icon  on the browser toolbar.
  2. Select Options (Preferences on Mac and Linux; Settings on Chrome OS).
  3. Click the Under the Hood tab.
  4. Select the “Check for server certificate revocation” checkbox.
If you still don't see the organization's name, it may be due to one of the following conditions:
  • The website might not use an EV-SSL certificate. EV certificates provide extra assurance as to the identity of the website, but not all websites using SSL use EV-SSL certificates.
  • The website might contain security errors, such as mixed content or expired certificates.
  • The certificate revocation information may be temporarily unavailable from the server.


 The site uses SSL, but Google Chrome has detected insecure content on the page.Be careful if you’re entering sensitive information on this page. Insecure content can provide a loophole for someone to manipulate the page.

 The site uses SSL, but Google Chrome has detected either high-risk insecure content on the page or problems with the site’s certificate. Don’t enter sensitive information on this page. Invalid certificate or other serious https issues could indicate that someone is attempting to tamper with your connection to the site.

See more details about the site
Click the   icon or the lock icon to see even more details about the site’s identity, your connection, and your visit history for the site.
Site identity
Sites using SSL present security certificates to the browser to verify their identity. Anyone can set up a website pretending to be another site, but only the real site possesses a valid security certificate for the URL you’re trying to reach. Invalid certificates could indicate that someone is attempting to tamper with your connection to the site.

The site’s certificate is valid and its identity has been verified by a trusted third-party authority.
The site has not provided the browser with a certificate. This is normal for regular HTTP sites (look for the   icon in the address bar), because certificates are usually provided only if the site uses SSL.
Google Chrome has detected problems with the site’s certificate. You should proceed with caution because the site may be pretending to be another site in order to trick you into sharing personal or other sensitive information with them.

Your connection to the site
Google Chrome lets you know whether your connection is fully encrypted. If your connection is insecure, third parties might be able to view or tamper with the information you provide on the site.
Your connection to the site is not encrypted. This is normal for regular HTTP sites (look for the  icon in the address bar).
Your connection to the site is encrypted, but Google Chrome has detected mixed content on the page. Be careful if you’re entering information on this page. Mixed content can provide a loophole for someone to manipulate the page. This content could be third-party images, videos, or ads embedded on the page. 

If you’re connected to the Internet via a public wireless network, mixed content is especially risky because wireless networks are easier to tamper with than wired networks.