occasionally useful ruby, ubuntu, etc


Why not HTTPS every page?

It frustrates me to no end when I find login pages served from insecure (HTTP) pages (I'm looking at you, VerizonWireless and CenturyLink). I'll often put in garbage credentials and hit submit so it'll redirect me to a secure version of the login page with the "invalid credentials" error on top. But it occurred to me, this isn't much safer either.

Filed under: security Continue reading