• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » HSTS, Cloud Security, IOT and Google

By Abhishek Ghosh December 18, 2014 12:53 pm Updated on December 18, 2014

HSTS, Cloud Security, IOT and Google

Advertisement

HSTS is a Standard Which is Safer than Plain HTTPS. We Have Pointed Out the Falsehood of the Big Giants in Post PRISM Era With HSTS Preload List. Those who are not aware about HTTP Strict Transport Security (HSTS) Preload List can read the linked article. This article is a guide to Nginx Configuration for Enabling HSTS Preload. There are more things like CORS header. After Snowden revealed the Governmental Spyware Activities aka PRISM, many flaw with Free Softwares started to being revealed, like ShellShock, Heartbleed, issue with Virtualization softwares. Rackspace kept the bugs as secret and erratically rebooted the servers. That is basically headache of the webmaster, but today we are presenting some shocking truths about Google, Twitter like Giants about HSTS. Google to get their brand value back, started to talk about security. Google has a kind of human-like robot – Matt Cutts. A person with Phd., an educated person lied so much in life that possible God is not interested about him. It is very tiring to read this article because many stuffs has been explained for a basic user.

 

HSTS, Cloud Security, IOT and The Lier : Why Authorship Was Introduced

 

Google delivered a false promise named “Authorship”. Few Million Webmasters, Few Hundred Developers works rentlessly to add rel='me', rel='author' etc. stuffs. reality is a kind of micro format which included in semantic web, makes the end nodes understanding the relationship. In this webpage, just scroll down to check a named linked “Corrine”. As both of us know each other for many years and practically or virtually like relatives, there is a defined rel. Google randomly picked me as an experimental animal in this Authorship test. Ultimately Google announced that rel stuffs has failed and it was an experiment. For Page verification, practically validating once works fine now.

When rel stuffs were introduced, plus.google.com was younger. When you are using rel=me, how you can use rel=nofollow? This is like a forced situation from the idea of getting footer links from so called Free Software like WordPress who has not upgraded their License to current version. All basically removes but very less removes from the login pages. In other words, to get huge backlinks towards the new social network plus.google.com – this exploit was introduced. There were definitely other reasons as well. Many webmaster still are not even aware that rel=me should become a Javascript link to stop flow of outgoing links. There are many ways to give links to the reader like in this way – fsf.org. This is although not great to give credit but actually safer as the reader will copy the url and paste on desired browser. We are referring, that will not be traced.

Advertisement

---

 

HSTS, Cloud Security, IOT : Unknown Stuffs

 

Practically, the facts was revealed quite accidentally. One can read about differences of HSTS and HTTPS, Standard etc. on various neutral websites. As most of the technology web blogs shows examples with the tool cURL to check the header, for various examples; most high end coding websites have the headers. Just like cURL, there can be many such examples all of us used. It is an assumption – Technology Blogs usually get highly penalized by Google and Matt Cutts abnormal testing. After getting penalized years after years, people ultimately stops blogging. Yes, may be the desired action – deletion of the documents. 25% Websites on Windows Vista which are DMOZ listed has died. What we talk inside DMOZ, that is not publicly available. The data is of publicly visible page. We often say – “DMOZ regularly checks for quality”, yes we basically decrapify the categories to remove many seem-to-be-died to fully died websites.

So there are old relationships – if we have not told you, you would never analyze yourself. Our topic is HSTS, Cloud Security, IOT and The Lier. We told you about Friendships. The importance of IoT with these stuffs are many – Protocol, Privacy and Security among a huge list.

 

HSTS, Cloud Security, IOT : Most Secure Website Will Get Better SERP

 

This is a gossip magazine style coverup by Google and possible commission from the SSL certificate providers towards Google. As the response to PRISM and NSA Spyware Activities went huge, probably 70% Internet users understood Google’s (mainly) bad intentions – “Real People” in Google Plus was nothing but to collect personal data. It is quite abnormal that “Real People” are required for just a social network. “Real People” automatically publishes their details on Professional Networks. Doctors, Lawyers even need to manually verify.

Google’s one Lawyer first published a G+ post which Matt Cutts Shared. The topic was HSTS. It was shared by Matt Cutts. Best way to get full header is to run a simple curl command :

Vim
1
curl -I https://thecustomizewindows.com

HSTS, Cloud Security, IOT and Google

You will get this output :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 18 Dec 2014 12:10:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=3qoa62e22fqviv0lmedtvmsfh3; path=/
Expires: Tue, 09 Aug 2016 12:10:29 GMT
Cache-Control: public, max-age=51840000
Last-Modified: Wed, 16 Apr 2014 20:33:56 GMT
X-Pingback: https://thecustomizewindows.com/xmlrpc.php
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 443:npn-spdy/3
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

This one – Strict-Transport-Security: max-age=31536000; includeSubDomains; preload is very important. This tells it is a HSTS Preloaded website. What it does not tell you is the custom rules :

Vim
1
https://github.com/EFForg/https-everywhere

This is the thing which I have pulled, added my rules and pushed. That basically I know, although the data is public, is to difficult to find me and my commit :

Vim
1
https://github.com/EFForg/https-everywhere/network/members

That is what you will get easily here :

Vim
1
https://www.eff.org/https-everywhere/atlas/domains/thecustomizewindows.com.html

Where is HSTS against mail.google.com ?

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
curl -I https://mail.google.com
HTTP/1.1 200 OK
Cache-Control: private, max-age=604800
Expires: Thu, 18 Dec 2014 12:19:47 GMT
Date: Thu, 18 Dec 2014 12:19:47 GMT
Refresh: 0;URL=https://mail.google.com/mail/
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 234
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 443:quic,p=0.02

Google’s ruleset is very complex :

Vim
1
https://www.eff.org/https-everywhere/atlas/domains/google.com.html

Most nice ruleset is from Paypal :

Vim
1
https://www.eff.org/https-everywhere/atlas/domains/paypal.com.html

If you see Google’s security with SSL Labs, you will become very sad :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=google.com

Individual security is far from perfect :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=google.com&s=74.125.239.142&hideResults=on

Test ours :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=thecustomizewindows.com&latest

As our main front-end node is for thecustomizewindows.com, it is only nicely optimized. www.thecustomizewindows.com is handled by different node, rating does not matter, it is for doing a 301. IP can get changed but A+ will remain constant against the main domain. Inconsistent server configuration is not really error, there are 9 name servers, there is mismatch in details for using different DNS providers.

Like Google, Twitter’s quality is same :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=twitter.com

Same for Facebook :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=Facebook.com

And yes, Microsoft :

Vim
1
https://www.ssllabs.com/ssltest/analyze.html?d=microsoft.com

So, our main server is A+ but Google, Facebook, Microsoft all has so bad software engineers that they need to go back to B Grade? It is agreeable that SSL Labs do not understand 301 and failed to merge two nodes, but Google, Facebook, Microsoft – all has main nodes with B Grade, with this data, is it agreeable that ‘Most Secure Website Will Get Better SERP’? Major question is that, why Google is shouting with HTTPS Everywhere with so poor grade servers, mail server with no HSTS. mail.google.com had HSTS once (yes). There are websites who did curl for other reasons, they have the header response in post. Google usually penalizes the Technology websites. Why that Matt Cutts knows. May be, all are spammy. Charity, essentially begins at home.

This Article Has Been Shared 359 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to HSTS, Cloud Security, IOT and Google

  • Cloud and SaaS : Is Cloud Based SaaS Becoming the Mainstream ?

    Cloud Computing is becoming the dominant global trend not only in enterprise IT but also in Private Small Sectors. Better,faster,cheaper is pushing Cloud ahead.

  • Installing WordPress on Free Cloud VPS from Host1Free

    Installing WordPress on Free Cloud VPS from Host1Free will follow the same principle as installing on any server with root access from Command Line Interface.

  • Juju on Rackspace Cloud Server : Test Drive with Ubuntu 12.04

    Juju on Rackspace Cloud Server is a test drive in real time. It is some what like driving a F1 car on a busy avenue for the first time in life. Start the Cloud. And the ride is too without wearing helmet – on an Operating System without any smartness – Windows 7 with PuTTY. […]

  • Installing NeuroDebian Packages on Cloud Server for Neuroscience

    Installing NeuroDebian Packages on Cloud Server for Neuroscience has various advantages including endless resource for computing,using VNC to work from Tablet.

  • GoDaddy Buys Media Temple : Thoughts and Ideas

    GoDaddy Buys Media Temple – four days has been passed since we all know about the acquisition. Thoughts and Helps for the old Clients and technical notes.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023

About This Article

Cite this article as: Abhishek Ghosh, "HSTS, Cloud Security, IOT and Google," in The Customize Windows, December 18, 2014, February 5, 2023, https://thecustomizewindows.com/2014/12/hsts-cloud-security-iot-and-google/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT