BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Architecture & Design Follow 607 Followers

Stack Overflow Becomes HTTPS by Default

by Andrew Morgan Follow 0 Followers on  Jun 06, 2017

Nick Craver, architecture lead at StackOverflow, has published a blog announcing StackOverflow's migration to HTTPS. Some of the technical challenges along the way included supporting hundreds of domains, migrating URL’s, user generated content, and meeting the sites stringent performance requirements.

DevOps Follow 227 Followers

Google Pushing for HTTPS

by Manuel Pais Follow 6 Followers on  Dec 11, 2016

Google wants to push for HTTPS everywhere with a combination of deprecating existing Chrome features in non-secure sites, as well as new features only supported in HTTPS.

Development Follow 141 Followers

Lawyer.com: Early Adopter of HTTP/2, Speaks to InfoQ

by Michael Redlich Follow 7 Followers on  Nov 30, 2016

Lawyer.com recently announced that they are adopting the HTTP/2 protocol. Gerald Gorman, tech entrepreneur, CEO, and co-founder of Lawyer.com, spoke to InfoQ about their technology implementation, their position on microservices and lightweight containers, their unique search engine, and their use of social media.

Architecture & Design Follow 607 Followers

Postponing the Retirement of SHA-1

by Jeff Martin Follow 5 Followers on  Dec 29, 2015

The need to retire SHA-1 faces obstacles with the access needs of users who have yet to upgrade. Facebook, Twitter, and CloudFlare have proposed an interim solution for users of these legacy devices.

Development Follow 141 Followers

Internet Security, TLS, and HTTP/2: A Q&A with ThoughtWorks’ Vuksanovic and Gibson

by Daniel Bryant Follow 137 Followers on  Oct 24, 2015

InfoQ recently sat down with Marko Vuksanovic and Sam Gibson from ThoughtWorks, and asked about their recent study of TLS/HTTPS and HTTP/2 that was published in the ThoughtWorks P2 magazine. Both Vuksanovic and Gibson shared their expertise on a range of security-focused topics, including ubiquitous computing, the workings of TLS/HTTPS, certificate trust, and the security implications of HTTP/2.

Followers

Symantec Accidentally Leaks Multiple Google SSL Certificates

by Jeff Martin Follow 5 Followers on  Sep 21, 2015

Symantec’s Thawte unit admits that flawed internal practices allowed multiple Google SSL certificates to be released in an unauthorized manner.

Followers

AWS s2n: Open-source TLS Implementation in Less than 6,000 Lines

by Sergio De Simone Follow 5 Followers on  Jul 01, 2015

Amazon Web Services has recently introduced s2n, short for “signal to noise”, an open-source implementation of the TLS/SSL protocols that aims to be “simple, small, fast, and with security as a priority”.

Followers

Netflix Releases Open Source Message Security Layer

by Chris Swan Follow 106 Followers on  Nov 24, 2014

Netflix have announced the release of the Message Security Layer protocol (MSL), which they describe as ‘A Modern Take on Securing Communication’. The project is available on github under the Apache 2.0 license, with implementations in Java and JavaScript.

Followers

Google to remove support for SSL 3.0

by Alex Blewitt Follow 2 Followers on  Oct 14, 2014 7

Google have announced that they will remove support for the obsolete SSL 3.0 after discovering vulnerabilities that may be exploitable by forcing clients or servers to downgrade. Removing SSL 3.0 may also unlock stalled negotiations with HTTP2. Read on for more details.

Followers

CloudFlare Universal SSL - Free Web Security for All

by Chris Swan Follow 106 Followers on  Oct 08, 2014 1

CloudFlare have made SSL available to all free subscribers to its content delivery network (CDN) with Universal SSL. The move addresses both cost and complexity issues that have previously confronted web site and application owners wanting to deploy SSL. CloudFlare takes care of issuing a certificate at no cost to the end user, and enabling SSL becomes a selection from a dropdown menu.

Followers

GitHub, BitBucket, Twitter and other Secure Services Affected on Mac OS X By Expired SSL Certificate

by Dio Synodinos Follow 2 Followers on  Jul 27, 2014

On Saturday July 26th, an intermediate certificate issued by DigiCert that was used by online services like GitHub, BitBucket, etc expired. Since this certificate was widely cached in the keychains of many Mac OS X users, this expiration caused any connection via browser or API to raise certificate chain errors.

Followers

Android 4.1.1 Vulnerable to Reverse Heartbleed

by Sergio De Simone Follow 5 Followers on  Apr 15, 2014

Google announced last week that Android 4.1.1 is susceptible to the Heartbleed OpenSSL bug. While Android 4.1.1 is, according to Google, the only Android version vulnerable to Heartbleed, it remains in use in millions of smartphones and tablets. Android 4.1.1 devices have been shown to leak significant amount of data in a "reverse Heartbleed" attack.

Followers

Microsoft to Stop Honoring SHA1 Certificates for SSL and Code Signing

by Jonathan Allen Follow 125 Followers on  Nov 20, 2013

Following recommendations by the US National Institute of Standards and Technology, Microsoft intends to stop honoring SHA1 for SSL and Code Signing certificates. This policy will begin in 2017 and applies to Windows Vista, Windows Server 2008, and later operating systems.

Followers

Researchers Expose SSL Vulnerabilities in Libraries and Their Usage in Popular Non-Browser Services

by Jeevak Kasarkod Follow 2 Followers on  Oct 31, 2012

A recent publication in the ACM CCS'12 proceedings titled "The Most Dangerous Code in the World:Validating SSL Certificates in Non-Browser Software" exposes critical vulnerabilities in the creation and usage of SSL libraries in non-browser applications. The lessons learnt and the ensuing recommendations to developers and testers are shared in this news item.

Followers

Will SSL Collapse Under its Own Weight?

by Jean-Jacques Dubray Follow 3 Followers on  Feb 02, 2011 6

Lori MacVittie from F5 Networks provided an analysis of the recent adoption of NIST SSL Deployment Guidelines by the US Government as of January 2011. Since all commercial certificate authorities now issue only 2048-bit keys, the capacity of a server to process SSL is severely impacted and invalidates the general belief that SSL is not computationally expensive.

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT