Hacker News
- What the QWAC? An EV Certificate all over again https://scotthelme.co.uk/what-the-qwac/ 82 comments
- Can you get pwned with CSS? https://scotthelme.co.uk/can-you-get-pwned-with-css/ 28 comments
- Can you get pwned with CSS? https://scotthelme.co.uk/can-you-get-pwned-with-css/ 2 comments
- I turned on CSP and all I got was this crappy lawsuit https://scotthelme.co.uk/i-turned-on-csp-and-all-i-got-was-this-crappy-lawsuit/ 4 comments
- Running my own DoH relay and getting Pi-hole protection away from home https://scotthelme.co.uk/running-my-own-doh-relay-and-getting-pihole/ 30 comments
- I revoked $1M worth of EV certificates https://scotthelme.co.uk/extended-validation-not-so-extended/ 66 comments
- CSRF is really dead https://scotthelme.co.uk/csrf-is-really-dead/ 113 comments
- A new security header: Feature Policy https://scotthelme.co.uk/a-new-security-header-feature-policy/ 63 comments
- The Power to Revoke Lies with the Certificate Authority https://scotthelme.co.uk/the-power-to-revoke-lies-with-the-ca/ 80 comments
- Protecting sites from Cryptojacking with CSP and SRI https://scotthelme.co.uk/protect-site-from-cyrptojacking-csp-sri/ 76 comments
- Cross-Site Request Forgery is dead https://scotthelme.co.uk/csrf-is-dead/ 76 comments
Lobsters
- Let's Encrypt's Root Certificate is expiring https://scotthelme.co.uk/lets-encrypt-old-root-expiration/ 23 comments security , web
- I turned on CSP and all I got was this crappy lawsuit https://scotthelme.co.uk/i-turned-on-csp-and-all-i-got-was-this-crappy-lawsuit/ 6 comments security
- Demonstrating that revocation checking is pointless https://scotthelme.co.uk/revocation-checking-is-pointless/ 7 comments browsers , networking , security
- Apple caps TLS certificate lifetime at 398 days from September 2020 https://scotthelme.co.uk/certificate-lifetime-capped-to-1-year-from-sep-2020/ 5 comments browsers , security
- HPKP is no more https://scotthelme.co.uk/hpkp-is-no-more/ 2 comments security
- Cross-Site Request Forgery is dead! https://scotthelme.co.uk/csrf-is-dead/ 2 comments security , web
- I turned on CSP and all I got was this crappy lawsuit! https://scotthelme.co.uk/i-turned-on-csp-and-all-i-got-was-this-crappy-lawsuit/ 13 comments webdev
- Here's another free CA as an alternative to Let's Encrypt! https://scotthelme.co.uk/heres-another-free-ca-as-an-alternative-to-lets-encrypt/ 4 comments programming
- Introducing another free CA as an alternative to Let's Encrypt (via Scott Helme) https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/ 8 comments crypto
- Introducing another free CA as an alternative to Let's Encrypt https://scotthelme.co.uk/introducing-another-free-ca-as-an-alternative-to-lets-encrypt/ 58 comments netsec
- X.509: The Impending Doom of Expiring Root CAs and Legacy Clients https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/ 11 comments programming
- CSRF is (really) dead https://scotthelme.co.uk/csrf-is-really-dead/ 7 comments netsec
- Is Forward Secrecy different from Perfect Forward Secrecy? https://scotthelme.co.uk/perfect-forward-secrecy/ 8 comments crypto
- A new security header: Feature Policy https://scotthelme.co.uk/a-new-security-header-feature-policy/ 4 comments netsec
- HTTPS Anti-Vaxxers; dispelling common arguments against securing the web https://scotthelme.co.uk/https-anti-vaxxers/ 138 comments programming
- Securing DNS across all of my devices with Pi-Hole + DNS-over-HTTPS + 1.1.1.1 https://scotthelme.co.uk/securing-dns-across-all-of-my-devices-with-pihole-dns-over-https-1-1-1-1/ 6 comments privacy
- Debunking the fallacy that paid certificates are better than free certificates, and other related nonsense [HTTPS] https://scotthelme.co.uk/debunking-the-fallacy-that-paid-certificates-are-better-than-free-certificates-and-other-related-nonsense/ 3 comments webdev
- nomx: The world's most secure communications protocol https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ 5 comments programming
- nomx: The world's most secure communications protocol https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ 23 comments linux
- nomx: The world's most secure communications protocol https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ 40 comments raspberry_pi
- nomx: The world's most secure communications protocol (or not....) https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/ 144 comments netsec
- Cross-Site Request Forgery is dead! https://scotthelme.co.uk/csrf-is-dead/ 3 comments programming
- Email Security - DMARC https://scotthelme.co.uk/email-security-dmarc/ 3 comments sysadmin
- Using security features to do bad things https://scotthelme.co.uk/using-security-features-to-do-bad-things/ 3 comments netsec
- Getting an A+ on the Qualys SSL Test https://scotthelme.co.uk/getting-an-a-on-the-qualys-ssl-test-windows-edition/ 22 comments sysadmin
- Still think you don't need HTTPS? https://scotthelme.co.uk/still-think-you-dont-need-https/ 16 comments webdev
- How to disable SSLv3.0 to thwart Poodle attack https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/?pagespeed=noscript 4 comments technology
- EE BrightBox router hacked - bares all if you ask nicely https://scotthelme.co.uk/ee-brightbox-router-hacked/ 16 comments sysadmin
- EE BrightBox router hacked - bares all if you ask nicely https://scotthelme.co.uk/ee-brightbox-router-hacked/ 60 comments netsec