cutting from article
FallibleInc’s “A practical security guide for web developers” tries to help developers build more secure, less vulnerable solutions. While they claim that it’s by no means a comprehensive guide, it covers stuff based on the most common issues they’ve discovered in the past.
We know that HTTPS is not super-secure. That’s why lately a lot of bugs were fixed in the software implementations and a lot of techniques like HSTS and HPKP were added. But sometimes all of this won’t help. Recently, an attack was discovered that can be carried out by operators of just about any type of network, including public Wi-Fi networks, which arguably are the places where people need HTTPS the most. There are also hints that this type of attack is already in use by at least the NSA and therefore likely by a lot of other people, too. Please never trust TLS only for your own security but use a VPN for public networks.
HTTPS protection
Even when the Wi-Fi can’t be trusted, people rely on HTTPS to secure their connection. A fallacy, as a recently-discovered attack shows. (Image credit: Ars Technica)
Congratulations @olt! You have received a personal award!
Click on the badge to view your Board of Honor.
Congratulations @olt! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!