  1. This week, Google activated a web privacy feature called “forward secrecy”, becoming one of the web’s first major players to put this important component in place. It’s an important step, and other sites should follow suit. In order to understand why enabling forward secrecy is so important, it’s helpful to know how HTTPS works in the first place.
  3. dieser ganze ssl/cert kram wird immer schräger. benutzern ist es ja schon länger nicht mehr zuzumuten das zu verstehen, aber jetzt sind auch die richtigen experten auszutricksen
  5. Enabling HTTP Strict Transport Security on debian servers - I just enabled HTTP Strict Transport Security (HSTS) markers on a bunch of web servers that offer HTTPS. It's an easy step to take, and it means that users of HSTS-compliant browsers (such as Chromium and the upcoming Firefox 4) or browsers with HSTS-compliant extensions (like Firefox's NoScript or HTTPS-Everywhere) will no longer be vulnerable to attacks like sslstrip once they have made one successful connection to the HSTS-enabled HTTPS web site.
  7. Your browser trusts many certification authorities and sub-authorities quietly, every time you enter an HTTPS website. This add-on for advanced users reveals when certificates are updated, so you can ensure it was a legitimate change.
  8. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including ba
