Tuesday, April 29, 2014

SSL Encryption Isn't Magical Security Dust

from here (background info)

SSL encryption isn't magical security dust that solves all security problems. It does a pretty good job of preventing legitimate visitor's data from getting leaked to malicious 3rd parties, but it does absolutely nothing to protect a website against a malicious visitor. Sears clearly needs a better way to handle website vulnerability reports.

Thanks to Louis Nadeau for tweeting about this, and Andrew Leeming for bringing it to my attention.

(Update 2016/08/13: According to Louis Nadeau, everything went much more smoothly after that initial mix-up, but wow what a mix-up)