Tag: https

how to tell if a website is secure

How Can I Tell If a Website Is Safe? Look For These 5 Signs

Every website owner should take responsibility for ensuring the safety of its visitors, but unfortunately, some websites just aren’t secure. An unsafe website can spread malware, steal your information, send spam, and more. To protect yourself and your personal information, it’s important to know that a website takes your safety seriously – but how can you tell? Look for these four signs that a website is safe:

1. Look for the “S” in HTTPS

If HTTPS sounds familiar, it should – many URLs begin with “https” instead of just “http” to indicate that they are encrypted.This security is provided by an SSL certificate, which protects sensitive information entered into that site as it travels from the site to a server. Without an SSL certificate, that information is exposed and easily accessible by cybercriminals. It’s important to note that HTTPS isn’t the only thing a website can – or should do – to protect its visitors, but it’s a good sign that the website owner cares about your safety. Whether you’re logging in, making a payment, or just entering your email address, check that the URL starts with “https.”

Read More

Ask a Security Pro: What Is Encryption?

Over the last year I’ve led a multitude of security workshops aimed to educate entry-level WordPress users about website security. Some of the questions I regularly field in these workshops are related to the mechanics of SSL certificates, and their role in protecting website data from prying eyes. As you may know, the installation of an SSL certificate on a web server allows the server to accept traffic on the hypertext transfer protocol (secure), or simply ‘HTTPS,’ the primary form of encrypted data transfer between websites and visitors. I’d like to share the answers to some of the most frequently asked questions I’ve had on the subject.

HTTPS and SSL Certificates

SSL is the Armored Truck

The first thing I’d like to clarify on the subject of HTTPS and SSL certificates specifically is that the use of SSL certificates and HTTPS do not in any way, shape, or form protect the data on your website itself. HTTPS encrypts data in transit only. Neither does it protect data resting on visitors’ computers. You should consider HTTPS the armored truck of websites, not the bank vault. It acts as the protection against adversaries while data travels from point ‘A’ to point ‘B’.

Read More

WordPress security

Increased WordPress Security On Hosted Websites

A recent article reported that WordPress.com is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.

If you’re a WordPress.com user, one way to take advantage of WordPress’s exemplary efforts is to go further and enhance the security of your WP.com site with protection services.

Visit wpdistrict.sitelock.com for the full story.

https encryption

Logjam’s Effect On HTTPS Encryption

What Is Logjam?

Transport Layer Security, or TLS, is the protocol commonly used in HTTPS connections.   Logjam is the code name for a cryptographic weakness in the Diffie-Helman key exchange algorithm used by TLS. The Diffie-Helman Exchange (DHE) allows two parties – a browser and server in our case – to exchange prime numbers in a secure manner which are then used to create a shared secret used to encrypt a session.

A team of computer scientists and security researchers found that precomputing the prime number groups that DHE uses allows faster computation of the discrete logs used to find the shared secret. With academic-level resources, the researchers precomputed a 512-bit group used by 82% of vulnerable servers. The researchers posit that nation-state level resources could precompute 1024-bit Diffie-Helman groups, affecting even larger swaths of the internet.

Read More

Powered by WordPress & Theme by Anders Norén