The State of HTTPS: Securing Web Traffic Is Not What It Used to Be

DEF CON 24

Presented by: J0N J4RV1S
Date: Saturday August 06, 2016
Time: 11:30 - 12:00
Location: Crypto and Privacy Village

Do you truly love your users and wrap them in the warm, confidential arms of forward-secrecy ciphersuites? Or do you uncaringly shove their fragile, unencrypted data out into the cold, transparent tubes, shivering and naked as it wanders across a hostile Internet?

For too long the practice of serving non-sensitive websites over HTTPS has been viewed as unnecessary, costly, and a waste of cycles. Fortunately, the once-plausible criticisms have been challenged and are falling away. Choosing to implement HTTPS is now a matter of principle and it should be fully embraced as the default transfer method for all web traffic.

J0N J4RV1S

J.J. is a resident of Utah and wants to help make the Internet a safer place for everyone. After speaking at Utah's 2015 SAINTCON on the importance of HTTPS he decided to extend his interest in secure communications beyond the Con and commit to advocating for widespread HTTPS adoption. He created SecureUtah.org to serve as an information resource as well as a public tracker of which prominent Utah websites implement HTTPS correctly. His goal is to work with and convince every website to switch entirely to HTTPS and to inspire advocates in other states to champion the cause in their communities. @SecureUtah


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats