Google Online Security Blog: A secure web is here to stay. “For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as ‘not secure’. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as ‘not secure’.”
Neowin: More Chrome traffic is encrypted than ever before. “Google has issued a new transparency report which details how much Chrome traffic is encrypted across different platforms. Some highlights from the data are that 64% of Chrome traffic on Android is now using HTTPS encryption compared to 42% a year ago, over 75% of Chrome traffic on ChromeOS and the Mac is now protected – that’s up from 67% and 60% respectively, and that 71 of the top 100 sites on the web now use HTTPS by default, up from 37 a year ago.”
Wired: Google Is About To Make Your Browser More Paranoid. “YOUR BROWSER IS about to become a lot more paranoid. You might not notice. But if you do, don’t freak out. At least not yet.”
Wordfence: Hackers Find Fresh WordPress Sites Within 30 Minutes. “One of the interesting presentations at DefCon this year discussed a way for attackers to quickly find new WordPress installations to target. The presentation was given by Hanno Böck, and in it he discusses a method attackers can use to find a WordPress website just 30 minutes after it has been installed for the first time.”
Ars Technica: Encrypt all the webpages: Let’s Encrypt to offer wildcard certificates for free. “Let’s Encrypt, the free and open certificate authority (CA) launched as a public service by the Internet Security Research Group (ISRG), says it will begin providing free “wildcard” certificates for Internet domains in January 2018. Wildcard certificates allow anyone operating a domain to link a single certificate to multiple subdomains and host names within a domain.”
Smashing Magazine: A Complete Guide To Switching From HTTP To HTTPS. “Setting up HTTPS can be a bit intimidating for the inexperienced user — it takes many steps with different parties, it requires specific knowledge of encryption and server configuration, and it sounds complicated in general. In this guide, I will explain the individual components and steps and will clearly cover the individual stages of the setup. Your experience should be easy, especially if your hosting provider also supplies HTTPS certificates — chances are you will be able to perform everything from your control panel quickly and easily.” Very extensive.
Motherboard: Wikipedia’s Switch to HTTPS Has Successfully Fought Government Censorship. “‘Knowledge is power,’ as the old saying goes, so it’s no surprise that Wikipedia—one of the largest repositories of general knowledge ever created—is a frequent target of government censorship around the world. In Turkey, Wikipedia articles about female genitals have been banned; Russia has censored articles about weed; in the UK, articles about German metal bands have been blocked; in China, the entire site has been banned on multiple occasions. Determining how to prevent these acts of censorship has long been a priority for the non-profit Wikimedia Foundation, and thanks to new research from the Harvard Center for Internet and Society, the foundation seems to have found a solution: encryption.”