Security

Posted by on May 15, 2016 in Short notes | 3 Comments

Thank to Andrej and his help, I have increase so called security of this blog of mine. If all is working well you should be browsing these pages only over secure connection https and you should see padlock icon in your browser.

It all started when you received new post notification with links over secure https. Those links didn’t work properly, mainly because the certificate which was in use has been created and signed by myself and therefore not trusted. As a first step, I needed to get real certificate. You may heard about initiative called Let’s encrypt.¬†They provide simple way to get real certificate. It is not really any huge security, but get’s me certificate which is recognized by all up to date browsers. This means if your browser complains about certificate, you may need to update it.

Second step was not to have any links to unsecure http connection linked from my pages. This was and still is quite challenging. WordPress, the system which is backend of this blog, for what a crazy reasons, is not very good in keeping consistent use of absolute or relative paths. It mostly use hardcoded urls. Anyway I tried to find most of the situations. Now I would like to ask you for a help. If you come to situation when something is not loaded properly, image perhaps, or the padlock in browser disappears or gets crossed, let me know which page (URL) it is and I will try to fix it.

As a side effect Google should start rating these pages of mine higher, because they supposed to be seen as secured and trusted. On the other hand all this encryption require extra CPU power, which lack of may be seen by you as little longer time to download the page.

We shall see how all this will reflect, but one thing is clear internet is heading for this direction so I may as well.

Thank you for your kind help with reporting all the thing you may encounter in the following days.

security

3 Comments

  1. andrej
    Sun, 15. May , 2016

    Thanks to Richo’s cooperation the transport security of this page is at top level now.

    No network provider, government or any other villain can read and (which is more important) change what we are reading and writing here.

    This may look paranoid, but the transport security is the basic step of end user security too. No one will be able to change traffic and upload malware that will look like coming from Richo’s page. Sitting in the Europe this may sound paranoid but there are regimes outside punishing people for reading about so-called activities and the little green paddlock at the address bar is another barrier protecting free speech for everyone.

    Reply
    • Richard Vanek
      Sun, 15. May , 2016

      Andrej, your writing is all correct, but dont you feel that sound a bit as Google propaganda?

      Reply
      • andrej
        Sun, 15. May , 2016

        Richo, I am not sure this have anything to do with Google. The network security is not Google’s core business (although they are gently pushing the net to use encrypted traffic for example through prioritizing the search results from https domains you mentioned before).

        Having only unencrypted communication anyone can see your network traffic so every barrier counts.

        On the other way – the people are victims of man in the middle attacks now and then and (thanks to Google Chrome’s hard-coded certificate thumbprints) the Chrome users were able to detect the Chinese government man in the middle attack in 2014. More details here https://en.greatfire.org/blog/2014/sep/authorities-launch-man-middle-attack-google (long story short – Chinese government issued https certificates for google.com signed by one of Chinese top level certificate authorities do prople talking to https:://www.google.com/ were talking to Chinese government proxy and that server was decrypting the communication, logging all stuff and forwarding it to real google servers. People searching for Tienanmen massacre https://en.wikipedia.org/wiki/Tiananmen could be tracked and sent to prison).

        The question is – will this happened again? And the answer is – yes, of course.

        Reply

Leave a Reply