Terence Eden. He has a beard and is smiling.

Terence Eden’s Blog

Theme Switcher:

A quick look inside the HSTS file

· 3 comments · 450 words · Viewed ~914 times

Glowing computer text showing dot com dot info etc.

You type in to your browser's address bar example.com and it automatically redirects you to the https:// version. How does your browser know that it needed to request the more secure version of a website? The answer is... A big list. The HTTP Strict Transport Security (HSTS) list is a list of domain names which have told Google that they always want their website served over https. If the user …

Should you use Let's Encrypt for internal hostnames?

· 29 comments · 500 words · Viewed ~35,180 times

A padlock engraved into a circuit board.

Julien Savoie has written a brilliant post explaining how you can enable https on your intranet. This is useful for several reasons. It means your employees aren't constantly fighting browser warnings when trying to submit stuff internally. All your http traffic is encrypted. You don't need to install a self-generated root certificate on devices. Lovely! But there's a downside. Every TLS…

Path - Privacy & Security Problems

· 2 comments · 250 words · Viewed ~296 times

I'm trying out the new Android app for Path - the new social networking service. I've discovered something rather troubling... Most of the app's communication with the Path servers is over SSL. This means that no-one can see the data you're sending and receiving. If there are snoops on your network, they will only be able to see the encrypted data flowing back and forth. In general, this is…

A (Minor) Twitter Privacy Bug?

· 1 comment · 500 words · Viewed ~202 times

The Twitter logo.

Quick Summary Twitter's secure API hides the contents of the tweets you are reading. But it doesn't hide the images of those you converse with. Raised as Issue 2175. A Bit More Detail Twitter has a secure (HTTPS) and insecure (HTTP) API. When calling the secure API, all the content of the returned message (tweets) are encrypted. Eavesdroppers only see the cipher-text - essentially garbage. …