WordPress.com Makes SSL Enabled By Default
from the good-move dept
While we've already announced our move to go 100% SSL, it's great to see Automattic announce that it is now making all Wordpress.com accounts default as SSL. That's for the sites that Automattic itself hosts, not necessarily sites that have self-installed copies of Wordpress. Either way, it's still great to see more sites moving to enable SSL by default.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: default, privacy, protection, reset the net, ssl, wordpress
Companies: automattic
Reader Comments
Subscribe: RSS
View by: Time | Thread
openSSL
[ link to this | view in chronology ]
Re: openSSL
There will always be flaws discovered in stuff, at least until computers take over the writing of stuff.
Also, read the vulnerability report, both the client and the server need to be running vulnerable versions of OpenSSL (which isn't likely to be the case unless the web browser you use is compiled against OpenSSL,) and the attacker has to be in the middle of the stream in order to perform the attack. Significantly more difficult to accomplish than just asking the server to give you the contents of its memory. Really nasty? Absolutely. Earth shattering to the point that we should just turn off our computers and descend to the dark ages. Probably not.
[ link to this | view in chronology ]
Re: Re: openSSL
I think you missed those. OpenSSL has been a mess since day 1. All we can hope now is for a horrible death and LibreSSL to come out soon.
[ link to this | view in chronology ]
Re: Re: Re: openSSL
There were 5 other ones, not 6. And most of them were DoS attacks. And most of the other ones were not common configurations and thus only affected a small portion of the users.
All we can hope now is for a horrible death and LibreSSL to come out soon.
And LibReSSL will have flaws discovered in it too. Theo is a wonderful programmer, but he is one man, with a small team that is spread out over many software branches. And his reputation speaks for itself, but there are still flaws discovered occasionally in OpenBSD/OpenSSH/etc.
Writing software isn't easy. But instead of bitching and moaning, why don't you help out. OpenSSL hasn't been a mess since day 1 because it was a mess, it has been a mess since day one because it was 2 guys writing software to scratch an itch and there was nothing else around at the time that could solve, and instead of pitching in and helping out, people just leeched on it.
Is it a big flaw, yes. Nobody is dismissing it. Apply the patch and move on.
[ link to this | view in chronology ]
Re: Re: Re: Re: openSSL
I invite you to check Bob Beck's presentation on it thus far:
https://www.youtube.com/watch?v=GnBbhXBDmwU
OpenSSL is commercial software that provide a source code. LibreSSL will truly be open source and a drop-in replacement for OpenSSL with a solid experienced team.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: openSSL
OpenSSL is no more commercial than OpenBSD is. You are welcome to pay for support from OpenSSL in the same way that you are to pay for support from OpenBSD.
They are both distributed using a BSD or BSD-derivative license.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The Internet Has Become A Haven For Terrorists
I say we should do away with Anonymity on the Internet. What have all you people got too hide? If the Internet cannot use real Identities, shut it down.
[ link to this | view in chronology ]
Re: The Internet Has Become A Haven For Terrorists
[ link to this | view in chronology ]
Re: Re: The Internet Has Become A Haven For Terrorists
50 points from House Woods for not getting it...
[ link to this | view in chronology ]
Re: Re: The Internet Has Become A Haven For Terrorists
[ link to this | view in chronology ]
It's sad really, that the big companies are so reactive to everything and never proactive. WP.com could have bought a 100$ wildcard SSL years ago for an extra very basic security layer, but chose not to. Why? It makes no sense.
The up side is that it provides a good insight into those companies' thoughts: "Oh, scandal, let's spin this our way!" instead of "let's prevent security issues with very basic security measure that's been around since 1995.
Boy am I glad I don't host sites there. Security though public outcry. How nice.
[ link to this | view in chronology ]
Re: The Internet Has Become A Haven For Terrorists
good point for @Jeff Woods
[ link to this | view in chronology ]
Re: Re: The Internet Has Become A Haven For Terrorists
[ link to this | view in chronology ]