Ars Technica: Encrypt all the webpages: Let’s Encrypt to offer wildcard certificates for free. “Let’s Encrypt, the free and open certificate authority (CA) launched as a public service by the Internet Security Research Group (ISRG), says it will begin providing free “wildcard” certificates for Internet domains in January 2018. Wildcard certificates allow anyone operating a domain to link a single certificate to multiple subdomains and host names within a domain.”
Smashing Magazine: A Complete Guide To Switching From HTTP To HTTPS. “Setting up HTTPS can be a bit intimidating for the inexperienced user — it takes many steps with different parties, it requires specific knowledge of encryption and server configuration, and it sounds complicated in general. In this guide, I will explain the individual components and steps and will clearly cover the individual stages of the setup. Your experience should be easy, especially if your hosting provider also supplies HTTPS certificates — chances are you will be able to perform everything from your control panel quickly and easily.” Very extensive.
Motherboard: Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship. “‘Knowledge is power,’ as the old saying goes, so it’s no surprise that Wikipedia—one of the largest repositories of general knowledge ever created—is a frequent target of government censorship around the world. In Turkey, Wikipedia articles about female genitals have been banned; Russia has censored articles about weed; in the UK, articles about German metal bands have been blocked; in China, the entire site has been banned on multiple occasions. Determining how to prevent these acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption.”
The Register: Phishing scum going legit to beat browser warnings. “Browser-makers’ decision to put big red warning lights in the faces of users when they hit sites too slack to use HTTPS is backfiring a little, as crooks are accelerating their use of encryption.”
Engadget: Chrome warns you when typing anything into non-secure sites. “As part of Google’s quest to compel all websites to use the more secure HTTPS protocol, Chrome 62 will flash more warnings when you visit HTTP sites. A few months ago, Chrome 56 (rightly) started labeling unencrypted sites as ‘not secure’ right next to their URLs in the address line if they’re asking for passwords and credit card details. As the Chrome Security Team’s blog post said, though, passwords and credit card numbers aren’t the only types of data worth protecting.”
PC World: Some HTTPS inspection tools might weaken security. “Companies that use security products to inspect HTTPS traffic might inadvertently make their users’ encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.”
Ars Technica: Firefox, Chrome start calling HTTP connections insecure. “The non-secure labelling will occur on pages delivered over HTTP that include forms. Specifically, pages that include password fields, and in Chrome, credit card fields, will put warnings in the address bar to explicitly indicate that the connection is not secure.”