We’re exercising our freedom and taking off the 3rd to celebrate the 4th. See you Monday!Hide

WordPress.com Makes SSL Enabled By Default

from the good-move dept

While we've already announced our move to go 100% SSL, it's great to see Automattic announce that it is now making all Wordpress.com accounts default as SSL. That's for the sites that Automattic itself hosts, not necessarily sites that have self-installed copies of Wordpress. Either way, it's still great to see more sites moving to enable SSL by default.

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Whatever, Jun 5th, 2014 @ 8:59pm

    openSSL

    This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Jun 5th, 2014 @ 10:12pm

    Great.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Mr Big Content, Jun 5th, 2014 @ 10:38pm

    The Internet Has Become A Haven For Terrorists

    Snowden should die a death of a million firing squads, one for each site that goes SLL. Thats how much damage he has done to our National Security.

    I say we should do away with Anonymity on the Internet. What have all you people got too hide? If the Internet cannot use real Identities, shut it down.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Jeff Woods (profile), Jun 6th, 2014 @ 12:43am

    Re: The Internet Has Become A Haven For Terrorists

    So you don't have curtains or blinds on the windows of your house? You leave your doors unlocked day and night regardless of whether anyone is home? You prefer your bank statement come on a postcard? Do you believe all WiFi should be open WiFi?Do you remove the passwords on all (both?) of your devices? Surely you don't have a safe deposit box or locks on anything in your home. After all, someone might want to see what you're hiding!

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Jay (profile), Jun 6th, 2014 @ 3:55am

    Re: Re: The Internet Has Become A Haven For Terrorists

    Yeah... I'm pulling the satire card.

    50 points from House Woods for not getting it...

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Jun 6th, 2014 @ 4:27am

    It's rather incredible that these companies (not TD or F64 but rather big hosts, like Google and WP) have not adopted this before the NSA scandal. I mean, seriously. Those of us that have been doing it since the 90's have been laughing our asses off at the complete lack of social responsibility these companies have.

    It's sad really, that the big companies are so reactive to everything and never proactive. WP.com could have bought a 100$ wildcard SSL years ago for an extra very basic security layer, but chose not to. Why? It makes no sense.

    The up side is that it provides a good insight into those companies' thoughts: "Oh, scandal, let's spin this our way!" instead of "let's prevent security issues with very basic security measure that's been around since 1995.

    Boy am I glad I don't host sites there. Security though public outcry. How nice.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    not clever, Jun 6th, 2014 @ 6:21am

    Re: The Internet Has Become A Haven For Terrorists

    what is your name mister "Mr Big Content"

    good point for @Jeff Woods

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Easily Amused (profile), Jun 6th, 2014 @ 9:13am

    Re: Re: The Internet Has Become A Haven For Terrorists

    whooooosh.....

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Easily Amused (profile), Jun 6th, 2014 @ 9:14am

    Re: Re: The Internet Has Become A Haven For Terrorists

    double whoooosh....

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    ltlw0lf (profile), Jun 6th, 2014 @ 9:16am

    Re: openSSL

    This of course on a day when ANOTHER problem with OpenSSL is found, making millions of sites vulnerable again to a man in the middle attack.

    There will always be flaws discovered in stuff, at least until computers take over the writing of stuff.

    Also, read the vulnerability report, both the client and the server need to be running vulnerable versions of OpenSSL (which isn't likely to be the case unless the web browser you use is compiled against OpenSSL,) and the attacker has to be in the middle of the stream in order to perform the attack. Significantly more difficult to accomplish than just asking the server to give you the contents of its memory. Really nasty? Absolutely. Earth shattering to the point that we should just turn off our computers and descend to the dark ages. Probably not.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Jun 6th, 2014 @ 9:23am

    Re: Re: openSSL

    Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?

    I think you missed those. OpenSSL has been a mess since day 1. All we can hope now is for a horrible death and LibreSSL to come out soon.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    ltlw0lf (profile), Jun 6th, 2014 @ 10:08am

    Re: Re: Re: openSSL

    Ok, now what about the other 6 exploits that do NOT require both clients and servers to be vulnerable?

    There were 5 other ones, not 6. And most of them were DoS attacks. And most of the other ones were not common configurations and thus only affected a small portion of the users.

    All we can hope now is for a horrible death and LibreSSL to come out soon.

    And LibReSSL will have flaws discovered in it too. Theo is a wonderful programmer, but he is one man, with a small team that is spread out over many software branches. And his reputation speaks for itself, but there are still flaws discovered occasionally in OpenBSD/OpenSSH/etc.

    Writing software isn't easy. But instead of bitching and moaning, why don't you help out. OpenSSL hasn't been a mess since day 1 because it was a mess, it has been a mess since day one because it was 2 guys writing software to scratch an itch and there was nothing else around at the time that could solve, and instead of pitching in and helping out, people just leeched on it.

    Is it a big flaw, yes. Nobody is dismissing it. Apply the patch and move on.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Jun 6th, 2014 @ 10:48am

    Re: Re: Re: Re: openSSL

    You're right except for the fact that Theo is not working on this alone.

    I invite you to check Bob Beck's presentation on it thus far:
    https://www.youtube.com/watch?v=GnBbhXBDmwU

    OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    ltlw0lf (profile), Jun 6th, 2014 @ 11:09am

    Re: Re: Re: Re: Re: openSSL

    OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.

    OpenSSL is no more commercial than OpenBSD is. You are welcome to pay for support from OpenSSL in the same way that you are to pay for support from OpenBSD.

    They are both distributed using a BSD or BSD-derivative license.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Deals
Techdirt Insider Chat
Techdirt Reading List
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.