Mozilla on the success of the Https-Everywhere campaign: https://blog.mozilla.org/security/2017/06/28/analysis-alexa-top-1m-sites/HTTPS:// of course an important security measure to be taken to safeguard a secure connection.
Still the https-everywhere project will be more of a cosmetical means to an end than anything else.
Also things may go drastically wrong, when automatic re-directs from http:/ to https:// fail.
Look where a lot of other issues are being found up to be insecure, despite https-everywhere:
https://www.eff.org/https-everywhere/atlas/Example for a site that comes "disabled by default":
https://www.eff.org/https-everywhere/atlas/domains/openstreetmap.org.htmlSecure and safe connections may be safeguarded, just like at home when the curtains are closed,
but what insecurity goes on behind closed curtains is a guess, and that insecurity should worry us to a greater extent.
A green padlock to rock us asleep. Behind that could come insecure cloud services,
a free account with a sub-domain soon no longer to be ours (afraid dot org for example).
And where website security is concerned we meet with quite some issues. The attached image speaks for itself.
We'd better educate those m- & p-developers to turn them into 'security savvy' coder pack,
and then all the other folks that work with website building and maintaining websites secure.
But one way or another these aims are always being grandly frustrated by those,
who have other importsant interests in keeping things as they are,
so the infrastructure stays insecure or becoming more insecure even so.
Excessive server info proliferatie for insecure nameservers. An immense problem in the linux infrastructure.
Some insecure servers lower down in the network could infest all of the rest, like with Poodle etc.
For aspx sites perform a scan an asafweb scan , do a little query on shodan or perform a dazzlepod ip scan.
What to do about malicious evil DNS? Re:
https://www.theregister.co.uk/2016/02/16/glibc_linux_dns_vulernability/Random example here:
http://www.dnsinspect.com/ns1.com/10056192What to do about insecure CMS like Joomla or WordPress like with this scanner? -
hackertarget.com/wordpress-security-scan/
with a random example:
https://www.magereport.com/scan/?s=https://hacmint.com/What to do about retirable jScript libraries? See:
http://www.dnsinspect.com/ns1.com/10056192What to do and how to generate when we find missing hashes here?:
https://sritest.io/ or a bad status here:
https://observatory.mozilla.org/Also import the sources & sinks, we could stumble upon while scanning here:
http://www.domxssscanner.com/It seems it is overwhelming, that is why latest targeted cyberwar attacks were such a success or rather catastrophical.
When we gonna see a change for the better, will we ever live to see this?
polonus (volunteer website security analyst and website error-hunter)