Google I/O 2014 – HTTPS Everywhere (video)
Excellent, essential and game-changing talk by Ilya Grigorik and Pierre Far (both of Google), explaining why you should always use HTTPS, not only on “security-related requests”. The talk also features prices and sources of certificates, have a look on the free ones (!) for non-commercial and open-source sites, a quick guideline on how to migrate to HTTPS, why you should use protocol-less URIs in your sites and how this can actually make your sites faster.
Interesting additional information:
- Wikipedia article of SPDY, the HTTP-“modification”, allowing to handle all requests over one connection.
- The article Google’s Online Security Blog – HTTPS as a ranking signal regarding the importance of HTTPS-only-sites in Google’s ranking algorithm.
- Wikipedia article of TLS, the “attacks”-section might be interesting in this context.
This article was written quite a while ago (6 years), please keep this in mind when using the information written here. Links, code and commands might be outdated or broken.
Random articles
Hacked french TV channel exposed passwords in TV interview (video, screenshots, links)
Dangerous Performance Myths in the Web (video talk by Thomas Lohner, PHPUG Latvia)
DEF CON 18 – When your computer got stolen and you can still SSH into it: “Pwned by the 0wner” (22min conference talk)
Hacking ATMs – A conference talk about the current security state of Windows XP driven cash machines
How major web companies (and banks) handle passwords quite wrong
Interesting stats on SONY’s hacked passwords
A preinstalled Vagrant box with PHP HipHop / HHVM and Ubuntu 12.04 (Precise Pangolin)
GitHub rolls out .PSD diff and viewing
How to use the PHP 5.5 password hashing functions