As browsers move away from unsecured HTTP, SSL certification has become an increasingly more public topic. Free services such as Let's Encrypt simplify the process of acquiring certificates, but the likes of Symantec still offer pay-for options if it makes you feel better. Except it shouldn't, as security researcher Hanno Böck recently discovered.
Domain registrar and web hosting company GoDaddy has been forced to revoke SSL certificates for over 6000 customers after it discovered a bug in its domain validation system. The company is now working to re-issue SSL certificate for affected customers. Here's what you need to know.
By the end of 2017, it's almost a certainty that the Google-developed Chrome browser will flag all non-HTTPS sites as "non-secure". Currently, only HTTPS sites lacking certificates (or out-of-date or incorrectly configured ones) earn the red triangle of doom. But what if Google flicked the switch now? What would the web look like?
Google's inexorable march towards "a more secure web" continues, with the internet giant recently posting an update regarding the next steps it will take with Chrome to flag "non-secure" websites. 2017 looks like the year things will get serious, with sites featuring data-sensitive form fields and no HTTPS support in the crosshairs.
The proper use of secure internet protocols is a subject you want major sites to take seriously. So you can imagine how disappointed Google software engineer Eric Lawrence was when he discovered Pandora was not only inconsistent with its use of HTTP over TLS (better known as HTTPS) but its service department didn't seem to care.
eBay has already killed off SSL 3.0 connections to its website, one of undoubtedly many major companies clamping down on the now-insecure transport protocol. If you'd like to be proactive about the problem, it is possible, using the proper options, to disable or reject SSL connections right from your browser.
With the furore over Heartbleed and the seemingly regular database intrusions we hear about these days, all manner of companies are taking security a little more seriously. eBay, for instance, recently stepped up its game, killing support for SSL 3.0. It doesn't mean much to the daily experience, but it's a step in the right direction.
Security researchers have discovered a serious vulnerability in OpenSSL, the cryptographic software library that protects many web sites on the internet. Here's what that means for you, the average user.
Android: HTTPS Everywhere, one of our favourite privacy-protecting browser extensions, now protects your surfing on your Android phone as well, as long your primary browser on Android is Firefox. The Electronic Frontier Foundation (EFF) has made the add-on available to mobile users, and it works like a charm.
