Categories
Anti-malware

HTTPS Certificate Revocation is broken, and it’s time for some new tools

Certificate Transparency and OCSP Must-Staple can’t get here fast enough.

Scott Helme (US) –

 

We have a little problem on the web right now and I can only see it becoming a larger concern as time goes by: more and more sites are obtaining certificates, vitally important documents needed to deploy HTTPS, but we have no way of protecting ourselves when things go wrong.

 

Certificates

 

We’re currently seeing a bit of a gold rush for certificates on the Web as more and more sites deploy HTTPS. Beyond the obvious security and privacy benefits of HTTPS, there are quite a few reasons you might want to consider moving to a secure connection that I outline in my article Still think you don’t need HTTPS?. Commonly referred to as “SSL certificates” or “HTTPS certificates”, the wider Internet is obtaining them at a rate we’ve never seen before in the history of the web. Every day I crawl the top one million sites on the Web and analyze various aspects of their security and every 6 months I publish a report. You can see the reports here, but the main result to focus on right now is the adoption of HTTPS.

 

                  Percentage of top one million sites on HTTPS.

 

Full Article.

Take a look at the best antivirus, anti-malware, anti-spy, etc. software

Powered by WPeMatico