CNET: Chrome’s HTTP warning seeks to cut web surveillance, tampering. “The Hypertext Transfer Protocol lets your web browser fetch a web page from the server that hosts it. HTTP has had a good run, but it has a problem: It doesn’t protect communications with encryption that blocks eavesdropping and tampering. That’s why Google, Mozilla and other tech industry allies have been pushing websites everywhere to switch to the secure version, called HTTPS. And it’s why, starting with the release of Chrome 68 on Tuesday, Google’s browser will warn you whenever it loads an unencrypted HTTP website.”
Gizmodo: Firefox May Soon Start Publicly Shaming Sites With Crappy Security. “In the constant battle to ensure your privacy online, there are some precautions you can take to protect yourself, such as avoiding clicking random links and using different passwords for every site. But other measures require some help from the websites you visit, and based on a hidden option found in the latest Firefox beta, Mozilla may start publicly shaming websites that are still clinging on to HTTP.”
Engadget: The EFF wants to make email servers more secure. “The Electronic Frontier Foundation (EFF) launched HTTPS-encryption initiative Let’s Encrypt two years ago with Mozilla and Cisco. Now it’s turning its attention to email servers with a new project called STARTTLS Everywhere, which aims to help server admins run STARTTLS emails servers properly. Because according to the EFF, most aren’t.”
Ars Technica: Let’s Encrypt takes free “wildcard” certificates live. “In July of 2017, the nonprofit certificate authority Let’s Encrypt promised to deliver something that would put secure websites and Web applications within reach of any Internet user: free “wildcard” certificates to enable secure HTTP connections for entire domains. Today, Let’s Encrypt took that promised service live, in addition to a new version of the Automated Certificate Management Environment (ACME) protocol, an interface that can be used by a variety of client software packages to automate verification of certificate requests.”
Ars Technica: 23,000 HTTPS certificates axed after CEO emails private keys. “A major dust-up on an Internet discussion forum is touching off troubling questions about the security of some browser-trusted HTTPS certificates when it revealed the CEO of a certificate reseller emailed a partner the sensitive private keys for 23,000 TLS certificates.” Womp womp womp wooooooompppp.
Search Engine Journal: Migrating a WordPress Website from HTTP to HTTPS: A Complete Guide. “In this post, I will share the experience I had from migrating the SEJ website to HTTPS and many other WordPress-based websites I’ve worked on. I’ll be assuming you have basic WordPress coding skills and have already installed an SSL certificate on your website, since most hosting providers offer that feature with one click.” This is VERY thorough with LOTS of screenshots.
Google Online Security Blog: A secure web is here to stay. “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure’. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’.”