Smashing Magazine: A Complete Guide To Switching From HTTP To HTTPS. “Setting up HTTPS can be a bit intimidating for the inexperienced user — it takes many steps with different parties, it requires specific knowledge of encryption and server configuration, and it sounds complicated in general. In this guide, I will explain the individual components and steps and will clearly cover the individual stages of the setup. Your experience should be easy, especially if your hosting provider also supplies HTTPS certificates — chances are you will be able to perform everything from your control panel quickly and easily.” Very extensive.
Motherboard: Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship. “‘Knowledge is power,’ as the old saying goes, so it’s no surprise that Wikipedia—one of the largest repositories of general knowledge ever created—is a frequent target of government censorship around the world. In Turkey, Wikipedia articles about female genitals have been banned; Russia has censored articles about weed; in the UK, articles about German metal bands have been blocked; in China, the entire site has been banned on multiple occasions. Determining how to prevent these acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption.”
Engadget: Keybase brings seamless encrypted chats to anyone on the web. “Keybase is on a mission to make end-to-end encryption as easy as possible, everywhere you go online. After launching frictionless encrypted file sharing last year, the open-source security company rolled out Keybase Chat, a desktop and mobile chat app that allows users to send encrypted messages to anyone on the internet using just their Twitter, Facebook or Reddit username. Today, Keybase announced a few new launches that will make it even easier to send encrypted messages to anyone — even if your recipient isn’t set up to receive them yet.”
The Register: Phishing scum going legit to beat browser warnings. “Browser-makers’ decision to put big red warning lights in the faces of users when they hit sites too slack to use HTTPS is backfiring a little, as crooks are accelerating their use of encryption.”
The Intercept: NYU Accidentally Exposed Military Code-breaking Computer Project To Entire Internet. “In early December 2016, Adam was doing what he’s always doing, somewhere between hobby and profession: looking for things that are on the internet that shouldn’t be. That week, he came across a server inside New York University’s famed Institute for Mathematics and Advanced Supercomputing, headed by the brilliant Chudnovsky brothers, David and Gregory. The server appeared to be an internet-connected backup drive. But instead of being filled with family photos and spreadsheets, this drive held confidential information on an advanced code-breaking machine that had never before been described in public. Dozens of documents spanning hundreds of pages detailed the project, a joint supercomputing initiative administered by NYU, the Department of Defense, and IBM. And they were available for the entire world to download.”
CBR: Symantec dealt major blow as Google loses trust in security certificates. “Google are aiming to boost the confidence of Chrome users with engineers announcing plans to reduce trust in Symantec certificates. This gradual shift is set to reach a point in early 2018 when Chrome 64 will only trust certificates that are issued from Symantec for 279 days or less. The scale of the misissuance by Symantec has exploded from an initial 127 certificates under scrutiny, to a figure noted as at least 30,000.”
PC World: Some HTTPS inspection tools might weaken security. “Companies that use security products to inspect HTTPS traffic might inadvertently make their users’ encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.”