Yahoo turning on SSL
Yahoo is jumping on the SSL bandwagon to help secure their users’ email.
Facebook Steps up SSL Game
A year and a half ago, I wrote a blog, Nice Try Facebook. This was my response to Facebook’s turning on of HTTPS for users. Probably a response to mitigate the new Firesheep attack. (BTW, happy second birthday Firesheep; more than 2.4 million downloads in two years.) My issue with Facebook was the HTTPS feature [Read More...]
Happy Birthday, Firesheep!
It’s been a whole year since Firesheep was released. One year old and more than 1.9 million downloads of the Firefox plugin that allows an attacker to take over improperly secured accounts when accessed from a Wi-Fi hotspot. The solution to the problem is website operators need to secure everything in the session starting from [Read More...]
Do you want to make the Internet a safer place? Maybe this is something for you. Internet activists, Electronic Frontier Foundation (EFF) and Access have teamed to launch HTTPS Now, an international campaign aimed at soliciting consumers to help make web surfing safer. HTTPS Now comprises three initiatives: Individuals are encouraged to use HTTPS Everywhere, [Read More...]
Nice Try Facebook
The good news? Facebook is enabling you to experience their social media site entirely over HTTPS. The bad news is that HTTPS is not turned on by default. So if you want HTTPS, then you will have to figure it out yourself. Although probably already in the works when Firesheep was released, it appears that [Read More...]
SSL is about assurance
Troy Hunt, in his article “SSL is not about encryption,” says that SSL is about assurance and “establishing a degree of trust in a site’s legitimacy.” I have mixed feelings about the title, but agree with the points that Hunt makes. Here are some highlights: Users assume that high-profile sites (e.g., Facebook, Twitter, Dropbox) provide [Read More...]
Monday, 29 November 2010 is Cyber Monday. What is Cyber Monday you might ask? Personally I had to get my terms straight between Black Friday, Cyber Monday, and Black Monday. Here’s a short refresher: Black Friday is the Friday after the US Thanksgiving holiday when the Christmas holiday shopping season unofficially kicks off. It’s called [Read More...]
HTTP Strict Transport Security (HSTS)
I recently blogged about Firesheep, the Firefox extension that can be used to compromise a secure connection to a website that you have connected to from an open Wi-Fi hotspot. The truth is the vulnerability that Firesheep exposes is not new, but little was done about it. Not so anymore, help is on the way. [Read More...]
Firesheep wake-up call
Much has been written this past week about Firesheep. The bottom line: website operators must properly deploy SSL end-to-end security. Firesheep is a Firefox extension written by Eric Butler and was presented by Butler and security consultant, Ian Gallagher, this past weekend at ToorCon hacker conference in San Diego. Firesheep takes advantage of a known [Read More...]