Do browsers know domains that are supposed to be encrypted?

Do browsers have a list with sites that are supposed to be encrypted?

Could a man in the middle attack be performed by presenting a user a http site instead of an https site? That way the server would not need to provide a certificate.

It wouldn’t show up as a secure site in the browser but I think most people wouldn’t notice it. And it wouldn’t warn the user, because there are legitemate sites who don’t use https.

Would such an attack be possible or does the browser notice that the site is supposed to use https but doesn’t?

Effect of Firefox’s “Responsive Design Mode” on the browser’s fingerprint

Today I switched ON the "Responsive Design Mode" under the "Web Developer" Section of the Firefox menu, and from the dropdown menu selected "iPhone X/XS iOS 12".

So now every webpage I visited was being sent the request that the screen size of my device was "375×812".

My question is that, can this method enhance my protection against browser fingerprinting(assuming I also take some other precautions)? Because the websites now wouldn’t be able to know my original aspect ratio/screen resolution, and above 2 iPhones are quite common too(I am using a laptop).

I earlier tried to scale the Firefox window to nearly the aspect ratio of a mobile phone, but that didn’t make any differnce at all.

Note:

(i) In the context of this question my adversaries are only the companies and their websites,and not the Governments & ISPs.

(ii) I am just asking about the effect of this method on my browser’s fingerprint, that is, whether it will increase or decrease the fingerprint. Be advised: I am not using this as the only method.

(iii) Firefox version: 78.0.2

(iv) OS: some linux distro.

Why are browsers makeing PUT requests for static assets on my site?

Our site hosts static assets at /assets/…. In debugging a font-related issue, I looked through our logs for unusual activity. I found a bunch of requests like these

method path                         referer PUT     /assets/js/40-8b8c.chunk.js https://mysite.com PUT     /assets/fonts/antique.woff2 https://mysite.com/assets/css/mobile-ef45.chunk.css 

The requests come from lots of different IP addresses all over the world. I don’t see any pattern in the User-Agents. The only HTTP methods are HEAD (odd, but fine), GET (expected), and PUT (very suspicious).

I haven’t been able to identify any code in our system that would cause a browser to make PUT requests to these paths.

I have no evidence that this activity is malicious. It could certainly be a broken browser plugin.

Has anyone seen this sort of behavior?

How to remove hao.360.cn which hijacks the homepage of various browsers

This has been really getting my nerve. My friend installed some freeware which, in turn, hijacked the homepage of various browsers. The latter include chrome, edge, internet explorer, etc.

Here is the basic information on system hardware and software .

Hardware: Dell XPS13 9360 OS: Microsoft Windows Pro 10.0.18363 Anti-virus installed: Kaspersky 20.0.14 

When the problem first occurred, the homepages of all the browsers were hijacked. I attempted and managed to fix the problem with chrome and edge by googling and trying. In the case of Chrome, I simply brutally removed all the newly added files, then remove the software and reinstall it. In the case of edge, the problem is solved by simply alter the software configuration.

However, the case of ie seems more complicated. From google, I found some thread that discussed the issue. It indicates that the malware hijacked some system dynamic library entries and one needs to restore those carefully. I only followed the most simple approaches, namely, verifying the ie shortcut, resetting the ie configurations, and looking to system register setup for “start page” “homepage” etc. The above approaches do not work.

Althoug Kaspersky did not issue any warning, some google pages point to install certain malware remover. However, some of these, such as SpyHunter, might be potentially a scam themselves. Therefore, I question is

Is there a trustworthy malware remover I should try? or What should I do?

Many thanks in advance!

CSS Button effects not working across browsers

Having a few issues with a CSS Button effects not working across browsers.

It displays as I would like it in Chrome, but not Firefox.

Can't seem to find the root of the problem. Here is what I have.

Fiddle

<a class="soft">Button</a>
Code (markup):

a.soft {display: inline-block;font-family:'Varela Round', sans-serif;padding:2rem3rem;font-size:1.25vw;box-shadow:-10px-10px20px0#E6E6E6,10px10px20px0#ABABAB, inset 10px10px20px0#E6E6E6, inset...
Code (CSS):

CSS Button effects not working across browsers