Computer security news is usually pretty dismal. But today the web got safer in a very important way.| WIRED
| blog.serverfault.com
Let’s Encrypt has improved how we manage Online Certificate Status Protocol (OCSP) responses by deploying Redis and generating responses on-demand rather than pre-generating them, making us more reliable than ever. About OCSP Responses OCSP is used to communicate the revocation status of TLS certificates. When an ACME agent signs a request to revoke a certificate, our Let’s Encrypt Certificate Authority (CA) verifies whether or not the request is authorized and if it is, we begin publishi...| letsencrypt.org
Let’s Encrypt helps to protect a huge portion of the Web by providing TLS certificates to more than 235 million websites. A database is at the heart of how Let’s Encrypt manages certificate issuance. If this database isn’t performing well enough, it can cause API errors and timeouts for our subscribers. Database performance is the single most critical factor in our ability to scale while meeting service level objectives. In late 2020, we upgraded our database servers and we’ve been ve...| letsencrypt.org
We are excited to announce that, starting in Firefox 91, Private Browsing Windows will favor secure connections to the web by default. For every website you visit, Firefox will ...| Mozilla Security Blog
In my blog post, “The Quiet HTTPS Revolution,” I noted that almost every network connection from my phone and laptop is protected by the…| Medium
Let’s Encrypt protects a vast portion of the Web by providing TLS certificates to over 550 million websites—a figure that has grown by 42% in the last year alone. We currently issue over 340,000 certificates per hour. To manage this immense traffic and maintain responsiveness under high demand, our infrastructure relies on rate limiting. In 2015, we introduced our first rate limiting system, built on MariaDB. It evolved alongside our rapidly growing service but eventually revealed its lim...| letsencrypt.org
This report performs the first public analysis of MMTLS, the main network protocol used by WeChat, an app with over one billion users. The report finds that MMTLS is a modified version of TLS, however some of the modifications have introduced cryptographic weaknesses.| The Citizen Lab
You go to war with the algorithms you have, not the ones you wish you had| educatedguesswork.org
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine apps identified contained vulnerabilities that could be exploited to completely reveal the contents of users’ keystrokes in transit. We estimate that up to one billion users could be vulnerable to having all of their keystrokes intercepted...| The Citizen Lab
Random ramblings about programming, tech, and anything else really.| bart.degoe.de
For more than 10 years, EFF’s HTTPS Everywhere browser extension has provided a much-needed service to users: encrypting their browser communications with websites and making sure they benefit from the protection of HTTPS wherever possible. Since we started offering HTTPS Everywhere, the battle to...| Electronic Frontier Foundation
DNS Security, Part I: Basic DNS| educatedguesswork.org
I talk about how HTTPS works, what SSL certificates are, and how to deploy HTTPS on your website for free.| Freshman — Articles and Tutorials on Software Development
HTTPS is the cornerstone of all security on the internet, making possible much of what we take for granted being able to do on the internet.| Proton
You really shouldn't have to trust the network you're on, but you kind of do| educatedguesswork.org
