- Server related
- By Catalin Cimpanu
- August 26th, 2016
Mozilla Launches Free Website Security Testing Service
Observatory code is open source and available on GitHub
- Security
- By Catalin Cimpanu
- August 5th, 2016
HEIST Attack Can Steal Data from HTTPS-Encrypted Traffic
Attack relies only a piece of malicious JavaScript code
- Security
- By Catalin Cimpanu
- August 3rd, 2016
Google Adds HSTS Support to YouTube, HTTPS Traffic Reaches 97 Percent
Google makes YouTube safer to navigate thanks to a massive amount of work to support technologies like HTTPS and HSTS
- Security
- By Catalin Cimpanu
- July 31st, 2016
Google Adds HSTS Support to Google.com Domain
Google secures the secure HTTPS with HSTS
- Security
- By Catalin Cimpanu
- July 27th, 2016
Attack with WPAD Protocol and PAC Files Can Leak HTTPS Traffic
Attackers can collect your HTTPS Web traffic history
- Security
- By Catalin Cimpanu
- July 25th, 2016
Amazon Silk Browser Exposed Users by Forcing Google to Work via HTTP
Browser was blocking redirections to Google's HTTPS version
- Security
- By Catalin Cimpanu
- July 4th, 2016
Flaws in Free SSL Tool Allowed Attackers to Get SSL Certificates for Any Domain
StartSSL faces another issue that lets attackers obtains SSL certificates for domains they don't own
- Security
- By Catalin Cimpanu
- June 23rd, 2016
ISRG Accuses Comodo of Illegally Trying to Trademark the "Let's Encrypt" Name UPDATED
Comodo files three trademark applications for the "Let's Encrypt" brand, to which it never contributed
- Security Blog
- By Catalin Cimpanu
- June 8th, 2016
GitHub Pages Gets HTTPS Support
GitHub will force all new GitHub Pages to use HTTPS starting June 15, but not those running on custom domains
- Server related
- By Catalin Cimpanu
- May 27th, 2016
Companies Are Slow to Patch Latest OpenSSL Flaw
37.42 percent of the Alexa 10,000 sites remain vulnerable
- Security Blog
- By Catalin Cimpanu
- May 3rd, 2016
Google Turns HTTPS On by Default for All Blogger Sites
Only subdomain blogs are supported for now
- Security
- By Catalin Cimpanu
- April 12th, 2016
Let's Encrypt Launched Today, Currently Protects 3.8 Million Domains
Let's Encrypt project leaves beta, available for all
- Security Blog
- By Catalin Cimpanu
- April 8th, 2016
WordPress Enables Free HTTPS for All Blogs Using Let's Encrypt Certificates
All WordPress.com sites can now be fully HTTPS (in theory)
- Security Blog
- By Catalin Cimpanu
- April 3rd, 2016
Node.js Package Manager npm Goes Fully HTTPS
npm will deliver content only in HTTPS from now on
- Security
- By Catalin Cimpanu
- March 31st, 2016
PHP, Python and Google Go Fail to Detect Revoked TLS Certificates
API interfaces remain insecure after all these years
- Security
- By Catalin Cimpanu
- March 28th, 2016
Flaw in StartSSL Validation Allowed Attackers to Get SSL Certs for Any Domain
Crooks could get SSL certificates for Google or Facebook
- Security
- By Catalin Cimpanu
- March 24th, 2016
Only 0.09 Percent of HTTPS Sites Are Using Certificate Pinning
The complexities of HPKP leave many websites exposed