If you’re a Microsoft Edge user, be aware. Beginning in July, with the release of Edge 92, the browser will automatically redirect users to a secure HTTPS connection any time they visit a website via the HTTP protocol.
Microsoft is not alone in this, and in fact, is coming a bit late to the party. Chrome 90, released earlier this month, already does the same thing, as does Firefox 83.
All of this is a result of, and a response to, a number of high profile man in the middle attacks last year. Those attacks saw hackers taking advantage of the fact that traffic via HTTP is insecure and can thus be intercepted. When those attacks occurred, browser vendors sprang into action and began devising plans to better protect users. The default to HTTPS was the solution that the major players in the browser market settled on. Since then, all the browser makers have been marching toward that goal.
This, of course, is part of a larger drama that has been playing out on the web since its earliest days. Hackers find a new exploit, and software vendors and security experts rush to patch it to prevent abuse. Then, the hackers move onto another, newly discovered weakness and the cycle continues.
Although the default to HTTPS is an unquestioned good, it’s just a matter of time before some new exploit makes its way into the headlines. Then, the cycle will repeat.
Even so, kudos to Microsoft, Google, Mozilla, Apple and all the other browser vendors for fighting the good fight and working hard to keep their users secure. IT security professionals have plenty on their plates and no shortage of things to worry about, but it is nice anytime one of those concerns gets removed from the board altogether.