A really handy command-line tool that scans your site for mixed content — very useful if you’re making the switch from http to https.
Even using a strict cookie policy won’t help when Facebook and Google are using TLS to fingerprint users. Time to get more paranoid:
HTTPS session identifiers can be disabled in Mozilla products manually by setting ‘security.ssl.disablesessionidentifiers’ in about:config.
One more reason to make the switch to HTTPS.
Remember when I mentioned that you can get free certificates from Amazon now? Well, Oliver has written an in-depth step-by-step description of how he got his static site all set up with HTTPS.
More of this please! Share your experiences with moving to TLS—the more, the better.
All the books, Montag.
If we want a 100% encrypted web then we need to encrypt all sites, despite whether or not you agree with what they do/say/sell/etc… 100% is 100% and it includes the ‘bad guys’ too.
Things are looking good for HTTPS.
Changing defaults in browsers …someday.
Breaking the web for security.
Security or access: choose one.
The super-sexy title is because this stuff tends to be super-specific to the server setup.
The browser beatings will continue until morale improves.