Google I/O 2014 – HTTPS Everywhere (video)
Excellent, essential and game-changing talk by Ilya Grigorik and Pierre Far (both of Google), explaining why you should always use HTTPS, not only on “security-related requests”. The talk also features prices and sources of certificates, have a look on the free ones (!) for non-commercial and open-source sites, a quick guideline on how to migrate to HTTPS, why you should use protocol-less URIs in your sites and how this can actually make your sites faster.
Interesting additional information:
- Wikipedia article of SPDY, the HTTP-“modification”, allowing to handle all requests over one connection.
- The article Google’s Online Security Blog – HTTPS as a ranking signal regarding the importance of HTTPS-only-sites in Google’s ranking algorithm.
- Wikipedia article of TLS, the “attacks”-section might be interesting in this context.
This article was written quite a while ago (4 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.
Random articles
Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
How major web companies (and banks) handle passwords quite wrong
DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)
Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines
Interesting stats on SONY’s hacked passwords
Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)
EOL lists of Ubuntu, Debian and CentOS for your server plannings
The SSL Heartbleed bug explained in 30 seconds
Serious hard-to-fix bug in OAuth and OpenID discovered, lots of major sites affected