Filed under 'ssl'
➠ October 24, 2010
Firesheep
This is A Big Deal. Makes stealing session cookies from other computers on your local network as easy as clicking a button. Will be interesting to see how big sites respond. Are we finally going to see HTTPS deployed on all pages?
➠ December 30, 2008
MD5 considered harmful today
MD5 collisions can be used to make SSL certificates that modern browsers will trust for any domain. This is a: Bad Thing.
➠ February 22, 2007
prooveme.com: strong authentication for openid
OpenID provider which uses SSL client certificates, not passwords, to authenticate. Doesn’t work terribly well (I haven’t successfully logged in anywhere with it!), but a clever idea for an unphishable OpenID. [Update: I’ve got it working a couple of places now. Not clear at whose end the remaining bugs lie.]
➠ November 19, 2005
EV1Servers - RapidSSL
This isn’t a bad deal at all: $15 for an SSL certificate recognized as valid by any moderately-recent webbrowser. Perfect for your home-run webmail server.