Update (2015-05-01): Since there are some common threads in the comments, we’ve put together a FAQ document with thoughts on free certificates, self-signed certificates, and more. https://blog.mozilla.org/security/files/2015/05/HTTPS-FAQ.pdf
Ping with HTTP requests, see http://www.vanheusden.com/httping/
httping -l -K
Falcon is a minimalist WSGI library for building speedy web APIs and app backends. We like to think of Falcon as the Dieter Rams of web frameworks.
When it comes to building HTTP APIs, other frameworks weigh you down with tons of dependencies and unnecessary abstractions. Falcon cuts to the chase with a clean design that embraces HTTP and the REST architectural style.
We, the Chrome Security Team, propose that user agents (UAs) gradually change their UX to display non-secure origins as affirmatively non-secure. We intend to devise and begin deploying a transition plan for Chrome in 2015. || Bonne idée en complément de Let's encrypt https://letsencrypt.org/
When an app communicates with a server, more often than not, that communication happens over HTTP. HTTP was developed for web browsers: when you enter http://www.objc.io into your browser, the browser talks to the server named www.objc.io using HTTP
What started as a dream for a worldwide library of sorts, has transformed into not only a global repository of knowledge but also the most popular and widely deployed Application Platform: the World Wide Web.
The poster child for Agile, it was not developed as a whole by a single entity, but rather grew as servers and clients expanded it's capabilities. Standards grew along with them.
While growing a solution works very well for discovering what works and what doesn't, it hardly leads to a consistent and easy to apply programming model. This is especially true for security: where ideally the simplest thing that works is also the most secure, it is far too easy to introduce vulnerabilities like XSS, CSRF or Clickjacking.
Because HTTP is an extensible protocol browsers have pioneered some useful headers to prevent or increase the difficulty of exploiting these vulnerabilities. Knowing what they are and when to apply them can help you increase the security of your system.
I was curious what kind of information my computer was sending to the outside world so I whipped up a simple HTTP POST analyzer/logger.
Introducing HTTP Nowhere.
HTTP Nowhere is a Firefox browser extension I recently wrote to implement this idea. You can install it from the Firefox Add-Ons site, and check out the source at github. Beyond what is discussed above, it allows you to see which unencrypted requests were made while in this mode, and lets you add specific URLs or URL patterns to a whitelist.
This is just an initial Firefox-only implementation of the concept. I can imagine a future where the conscious action could be inserting and removing a hardware usb key to get your browser to go into this mode. This could work in concert with existing solutions that store client certificates on hardware devices.
https://addons.mozilla.org/en-US/firefox/addon/http-nowhere/
DISCLAIMER: The most trustworthy information on this topic can be found on the Tor Project Wiki. Do not trust the advice on this blog if your life or well-being could be in danger. And you probably shouldn't trust Tor either. Or anyone.
Forcing all network traffic through Tor will hopefully reduce the chance of your anonymity being compromised by application-level issues that result in 'leaks'. Please note that the recommended way to browse the Internet anonymously is to use the Tor Browser Bundle, which is maintained by the Tor Project itself.
Mise à jour - En fin de compte, la pénalisation de la consultation régulière de sites web terroristes ne figurera vraisemblablement pas dans le projet de loi antiterroriste porté par Manuel Valls. Selon le cabinet du ministère de l'intérieur, contacté par Le Monde, cette section a été retirée.
On croyait que le projet de loi sanctionnant la consultation des sites terroristes était passé aux oubliettes avec l’alternance politique... Mais voilà qu'il refait parler de lui. Alors qu'un nouveau texte relatif à la lutte contre le terrorisme, inspiré de celui de la majorité précédente, doit être déposé en Conseil des ministres dans le courant du mois, le ministère de l'Intérieur vient de démentir le retour du délit de consultation des sites terroristes. En revanche, le prolongement de mesures exceptionnelles de surveillance des communications devrait être au programme.