How to Resolve Java HTTPS Exceptions

java TLDR: Most java HTTPS connection problems can be fixed by updating the JVM. Don't import into cacerts unless you really need to (eg you have an internal CA within your organization). Test other http clients to make sure it is really a java problem.

This entry was:

HTTP Strict Transport Security

web An emerging standard called Strict Transport Security is starting to gain some traction among web browsers. Google Chrome supports it and Firefox is working on it (currently supported in the noscript FF extension).

This entry was:

Secure Browsing Mode

web Ivan Ristic has posted a proposal on his blog called: Secure Browsing Mode [PDF].

In the document Ivan lists some of the possible effects of his proposal:

Eliminate Cross-Site Request Forgery.

Eliminate off-domain information leakage.

This entry was:

Web Form Security and the Middle Man

web A friend of mine, Matt Finn, was telling me about a security issue he realized recently.

This entry was:

How To Scream Unsecured

web I was considering purchasing something from a foreign site today (I'm not going to name names), but then I noticed this link on the order form page:

I'm speechless!

This entry was:

Secure Forms

web Chris Shiflett, the author of Essential PHP Security posted a cool idea on his blog about secure forms. His idea was to have browsers show visually that a form action is secure (going to a HTTPS page). A good idea, I hope to see that implemented.

This entry was:


did you hack my cf?