SoylentNews is people
SoylentNews
From PC World:
More than two dozen U.S. government websites should be urgently upgraded to use encryption, as whistleblowers are potentially at risk, according to the American Civil Liberties Union.
At least 29 websites that can be used for reporting abuse and fraud don't use encryption, the ACLU said in a letter sent on Tuesday to the U.S.'s top technology chief, CIO Tony Scott.
There has been a broad push recently to move websites to using SSL/TLS (secure sockets layer/transport security layer) encryption. Most e-commerce sites use SSL/TLS, but the case has grown stronger for its broader adoption because of a surge in state-sponsored espionage and cybercriminal activity.
The government plans to upgrade all of its websites within two years to use encryption, signified by "https" in a browser's URL bar. It prevents data that is exchanged between a computer and a website from being read if it is intercepted or tampered with during a man-in-the-middle attack.
The ACLU said that the timeline "is not soon enough for some sensitive sites," which it said included the Justice Department, Treasury Department and the Department of Homeland Security.
(Score: 0) by Anonymous Coward on Sunday April 19 2015, @08:24AM
Small attackers, as a rule, don't have access to the resources needed to sniff your traffic anyway.
Trojans and spyware are bigger threats to typical end-users than HTTP interception by the small-timers.
Wake me when someone gets Firefox and the other browsers to play nice with self-signed HTTPS certificates so we can finally start the worthwhile fight to get end-users familiar with certificate-pinning addons and decentralized webs-of-trust.
(Score: 2) by maxwell demon on Sunday April 19 2015, @10:53AM
In the times of — often unencrypted — public wireless networks, snooping on traffic of someone without technical knowledge is easy.
The Tao of math: The numbers you can count are not the real numbers.