Security Checklist
Exactly what it sounds like: a checklist of measures you can take to protect yourself.
Most of these require a certain level of tech-savviness, which is a real shame. On the other hand, some of them are entirely about awareness.
We need more phishing sites on HTTPS!
All the books, Montag.
If we want a 100% encrypted web then we need to encrypt all sites, despite whether or not you agree with what they do/say/sell/etc… 100% is 100% and it includes the ‘bad guys’ too.
Related links
Extended Validation is Broken
How a certificate with extended validation makes it easier to phish. But I think the title could be amended—here’s what’s really broken:
On Safari, the URL is completely hidden! This means the attacker does not even need to register a convincing phishing domain. They can register anything, and Safari will happily cover it with a nice green bar.
Troy Hunt: HTTPS adoption has reached the tipping point
Things are looking good for HTTPS.
Certified Malice – text/plain
Following from that great post about the “zone of death” in browsers, Eric Law looks at security and trust in a world where certificates are free and easily available …even to the bad guys.
The Guardian has moved to https 🔒 | Info | The Guardian
Details of The Guardian’s switch to HTTPS.
Related posts
Insecure …again
Breaking the web for security.
Insecure
Security or access: choose one.
Switching to HTTPS on Apache 2.4.7 on Ubuntu 14.04 on Digital Ocean
The super-sexy title is because this stuff tends to be super-specific to the server setup.
This is for everyone with a certificate
The browser beatings will continue until morale improves.
HTTPS
Doing the right thing.