WordPress.com Makes SSL Enabled By Default
from the good-move dept
While we’ve already announced our move to go 100% SSL, it’s great to see Automattic announce that it is now making all WordPress.com accounts default as SSL. That’s for the sites that Automattic itself hosts, not necessarily sites that have self-installed copies of WordPress. Either way, it’s still great to see more sites moving to enable SSL by default.
Filed Under: default, privacy, protection, reset the net, ssl, wordpress
Companies: automattic
Comments on “WordPress.com Makes SSL Enabled By Default”
openSSL
This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.
Re: openSSL
This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.
There will always be flaws discovered in stuff, at least until computers take over the writing of stuff.
Also, read the vulnerability report, both the client and the server need to be running vulnerable versions of OpenSSL (which isn’t likely to be the case unless the web browser you use is compiled against OpenSSL,) and the attacker has to be in the middle of the stream in order to perform the attack. Significantly more difficult to accomplish than just asking the server to give you the contents of its memory. Really nasty? Absolutely. Earth shattering to the point that we should just turn off our computers and descend to the dark ages. Probably not.
Re: Re: openSSL
Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?
I think you missed those. OpenSSL has been a mess since day 1. All we can hope now is for a horrible death and LibreSSL to come out soon.
Re: Re: Re: openSSL
Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?
There were 5 other ones, not 6. And most of them were DoS attacks. And most of the other ones were not common configurations and thus only affected a small portion of the users.
All we can hope now is for a horrible death and LibreSSL to come out soon.
And LibReSSL will have flaws discovered in it too. Theo is a wonderful programmer, but he is one man, with a small team that is spread out over many software branches. And his reputation speaks for itself, but there are still flaws discovered occasionally in OpenBSD/OpenSSH/etc.
Writing software isn’t easy. But instead of bitching and moaning, why don’t you help out. OpenSSL hasn’t been a mess since day 1 because it was a mess, it has been a mess since day one because it was 2 guys writing software to scratch an itch and there was nothing else around at the time that could solve, and instead of pitching in and helping out, people just leeched on it.
Is it a big flaw, yes. Nobody is dismissing it. Apply the patch and move on.
Re: Re: Re:2 openSSL
You’re right except for the fact that Theo is not working on this alone.
I invite you to check Bob Beck’s presentation on it thus far:
https://www.youtube.com/watch?v=GnBbhXBDmwU
OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.
Re: Re: Re:3 openSSL
OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.
OpenSSL is no more commercial than OpenBSD is. You are welcome to pay for support from OpenSSL in the same way that you are to pay for support from OpenBSD.
They are both distributed using a BSD or BSD-derivative license.
Great.
The Internet Has Become A Haven For Terrorists
Snowden should die a death of a million firing squads, one for each site that goes SLL. Thats how much damage he has done to our National Security.
I say we should do away with Anonymity on the Internet. What have all you people got too hide? If the Internet cannot use real Identities, shut it down.
Re: The Internet Has Become A Haven For Terrorists
So you don’t have curtains or blinds on the windows of your house? You leave your doors unlocked day and night regardless of whether anyone is home? You prefer your bank statement come on a postcard? Do you believe all WiFi should be open WiFi?Do you remove the passwords on all (both?) of your devices? Surely you don’t have a safe deposit box or locks on anything in your home. After all, someone might want to see what you’re hiding!
Re: Re: The Internet Has Become A Haven For Terrorists
Yeah… I’m pulling the satire card.
50 points from House Woods for not getting it…
Re: Re: The Internet Has Become A Haven For Terrorists
whooooosh…..
It’s rather incredible that these companies (not TD or F64 but rather big hosts, like Google and WP) have not adopted this before the NSA scandal. I mean, seriously. Those of us that have been doing it since the 90’s have been laughing our asses off at the complete lack of social responsibility these companies have.
It’s sad really, that the big companies are so reactive to everything and never proactive. WP.com could have bought a 100$ wildcard SSL years ago for an extra very basic security layer, but chose not to. Why? It makes no sense.
The up side is that it provides a good insight into those companies’ thoughts: “Oh, scandal, let’s spin this our way!” instead of “let’s prevent security issues with very basic security measure that’s been around since 1995.
Boy am I glad I don’t host sites there. Security though public outcry. How nice.
The Internet Has Become A Haven For Terrorists
what is your name mister “Mr Big Content”
good point for @Jeff Woods
Re: The Internet Has Become A Haven For Terrorists
double whoooosh….