/ DevOps Zone
Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Here’s why you can’t trust SSL logos on HTTP pages (even from SSL vendors)

DZone's Guide to

Here’s why you can’t trust SSL logos on HTTP pages (even from SSL vendors)

by
Troy Hunt
·
May. 09, 13 · DevOps Zone
Free Resource

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

The Nexus Suite is uniquely architected for a DevOps native world and creates value early in the development pipeline, provides precise contextual controls at every phase, and accelerates DevOps innovation with automation you can trust. Read how in this ebook.

A couple of days ago I wrote about Why I am the world’s greatest lover (and other worthless security claims) and it  really seemed to resonate with people. In short, whacking a seal on your website that talks about security awesomeness in no way causes security awesomeness. Andy Gambles gets that and shared this tweet with me:

@troyhunt so when an SSL vendor is saying stuff like this http://st.cm/18WVy6O does that give us any hope?

So let’s check out exactly what’s going on here and you really need video to understand the fatal flaw in the logic of SSL logos coming down over HTTPS:

So there you go – it can be that simple. How I MiTM’d the page so easily is not really the point, the point is that an SSL logo on an unprotected page is as good as worthless (and frankly they’re not much good on protected pages either).

The DevOps Zone is brought to you in partnership with Sonatype Nexus.  See how the Nexus platform infuses precise open source component intelligence into the DevOps pipeline early, everywhere, and at scale. Read how in this ebook

Like This Article? Read More From DZone

GraphQL End-Point Middleware for ASP.NET Core
The Cloudcast #301: SRE and Infrastructure Operations [Podcast]
An Introduction to Python Sets

Free DZone Refcard

Continuous Integration
DOWNLOAD
Topics:

Comment (0)

Save
Tweet
{{ articles[0].views | formatCount}} Views

Published at DZone with permission of Troy Hunt, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

DevOps Partner Resources

The Ultimate Monitoring Tools Landscape
The How and Why of Minimum Viable Runbooks
Jenkins, Docker and DevOps: The Innovation Catalysts
Automate Security in Your DevOps Pipeline
Starting and Scaling DevOps in the Enterprise
DevOps Incident Management Buyer’s Guide
Start Your DevOps Journey
Take the Forrester DevOps Maturity Assessment Test
The DevOps Journey - From Waterfall to Continuous Delivery
Agile and DevOps: Friends or Foes?
Accelerate DevOps Early, Everywhere at Scale
Solve the 4 Major Problems with Text Data

DevOps Partner Resources

The Ultimate Monitoring Tools Landscape
The How and Why of Minimum Viable Runbooks
Jenkins, Docker and DevOps: The Innovation Catalysts
Automate Security in Your DevOps Pipeline
THE DZONE NEWSLETTER

Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

X

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.linkDescription }}

{{ parent.urlSource.name }}
by {{ parent.authors[0].realName || parent.author}}
· {{ parent.articleDate | date:'MMM. dd, yyyy' }} {{ parent.linkDate | date:'MMM. dd, yyyy' }}
· {{ parent.portal.name }} Zone