Ars Technica: Let’s Encrypt takes free “wildcard” certificates live. “In July of 2017, the nonprofit certificate authority Let’s Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free “wildcard” certificates to enable secure HTTP connections for entire domains. Today, Let’s Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.”
Ars Technica: 23,000 HTTPS certificates axed after CEO emails private keys. “A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates.” Womp womp womp wooooooompppp.
Search Engine Journal: Migrating a WordPress Website from HTTP to HTTPS: A Complete Guide. “In this post, I will share the experience I had from migrating the SEJ website to HTTPS and many other WordPress-based websites I’ve worked on. I’ll be assuming you have basic WordPress coding skills and have already installed an SSL certificate on your website, since most hosting providers offer that feature with one click.” This is VERY thorough with LOTS of screenshots.
Google Online Security Blog: A secure web is here to stay. “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure’. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’.”
Neowin: More Chrome traffic is encrypted than ever before. “Google has issued a new transparency report which details how much Chrome traffic is encrypted across different platforms. Some highlights from the data are that 64% of Chrome traffic on Android is now using HTTPS encryption compared to 42% a year ago, over 75% of Chrome traffic on ChromeOS and the Mac is now protected – that’s up from 67% and 60% respectively, and that 71 of the top 100 sites on the web now use HTTPS by default, up from 37 a year ago.”
Wired: Google Is About To Make Your Browser More Paranoid. “YOUR BROWSER IS about to become a lot more paranoid. You might not notice. But if you do, don’t freak out. At least not yet.”
Wordfence: Hackers Find Fresh WordPress Sites Within 30 Minutes. “One of the interesting presentations at DefCon this year discussed a way for attackers to quickly find new WordPress installations to target. The presentation was given by Hanno Böck, and in it he discusses a method attackers can use to find a WordPress website just 30 minutes after it has been installed for the first time.”