• How to Deploy HTTPS Correctly

    I came across ‘How to Deploy HTTPS Correctly’ written by Chris Palmer of the Electronic Frontier Foundation. Chris does a great job  explaining why web site operators should use HTTPS versus just HTTP. He points out a couple of good practices that were not previously addressed in my blog post, ‘SSL Deployment Mistakes’: Scope sensitive cookies to the secure origin

        in SSL Deployment
  • HTTP Strict Transport Security (HSTS)

    I recently blogged about Firesheep, the Firefox extension that can be used to compromise a secure connection to a website that you have connected to from an open Wi-Fi hotspot. The truth is the vulnerability that Firesheep exposes is not new, but little was done about it. Not so anymore, help is on the way. HTTP Strict Transport Security (HSTS)

        in Secure Browsing, SSL Deployment