HTTPS versus HTTP, the debate is over.

Image


SSL is secure socket layer  ie. HTTPS:// instead of HTTP://

Every web page that is sent via HTTP:// is in plan text and can easily be intercepted or even changed via what is know as "man in the middle" or "man on the side" attacks.

Mobile network provides often  "improve" HTTP web pages by injecting their own scripts & images, often these unwanted "improvements" break the page being served. HTTPS prevents the carriers from being able to inject their own content.

Even when you only access the system via

Upgraded the default site SSL to get an A+ grade

Image

Overview

The default SSL handler for the hosted sites has been upgraded to include "perfect forward secrecy" and we have dropped support for the weaker SSL ciphers. 

The drop of the weaker SSL ciphers means old browsers such as Windows XP IE7 will no longer be able to connect via HTTPS. IE7 will still be able to connect to the non-encrypted HTTP sites or alternatively Windows XP users can use more modern browsers Chrome or Firefox. 

HTTP Strict Transport Security (HSTS) has been enabled by default, HSTS

Important notice about the Heartbleed bug for stSoftware customers

Image

Overview

The Heartbleed Bug is a recently discovered vulnerability in the OpenSSL cryptographic software library used by many of the world’s web servers to secure information using TLS. If the web site is vulnerable then a hacker could expose 64k of the server's memory without any trace in the server's logs. The server's memory exposed could include the server's private encryption key or other information such as usernames and passwords.