Wired: Google Is About To Make Your Browser More Paranoid. “YOUR BROWSER IS about to become a lot more paranoid. You might not notice. But if you do, don’t freak out. At least not yet.”
Wordfence: Hackers Find Fresh WordPress Sites Within 30 Minutes. “One of the interesting presentations at DefCon this year discussed a way for attackers to quickly find new WordPress installations to target. The presentation was given by Hanno Böck, and in it he discusses a method attackers can use to find a WordPress website just 30 minutes after it has been installed for the first time.”
Ars Technica: Encrypt all the webpages: Let’s Encrypt to offer wildcard certificates for free. “Let’s Encrypt, the free and open certificate authority (CA) launched as a public service by the Internet Security Research Group (ISRG), says it will begin providing free “wildcard” certificates for Internet domains in January 2018. Wildcard certificates allow anyone operating a domain to link a single certificate to multiple subdomains and host names within a domain.”
Smashing Magazine: A Complete Guide To Switching From HTTP To HTTPS. “Setting up HTTPS can be a bit intimidating for the inexperienced user — it takes many steps with different parties, it requires specific knowledge of encryption and server configuration, and it sounds complicated in general. In this guide, I will explain the individual components and steps and will clearly cover the individual stages of the setup. Your experience should be easy, especially if your hosting provider also supplies HTTPS certificates — chances are you will be able to perform everything from your control panel quickly and easily.” Very extensive.
Motherboard: Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship. “‘Knowledge is power,’ as the old saying goes, so it’s no surprise that Wikipedia—one of the largest repositories of general knowledge ever created—is a frequent target of government censorship around the world. In Turkey, Wikipedia articles about female genitals have been banned; Russia has censored articles about weed; in the UK, articles about German metal bands have been blocked; in China, the entire site has been banned on multiple occasions. Determining how to prevent these acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption.”
The Register: Phishing scum going legit to beat browser warnings. “Browser-makers’ decision to put big red warning lights in the faces of users when they hit sites too slack to use HTTPS is backfiring a little, as crooks are accelerating their use of encryption.”
Engadget: Chrome warns you when typing anything into non-secure sites. “As part of Google’s quest to compel all websites to use the more secure HTTPS protocol, Chrome 62 will flash more warnings when you visit HTTP sites. A few months ago, Chrome 56 (rightly) started labeling unencrypted sites as ‘not secure’ right next to their URLs in the address line if they’re asking for passwords and credit card details. As the Chrome Security Team’s blog post said, though, passwords and credit card numbers aren’t the only types of data worth protecting.”