The Electronic Freedom Foundation has released a nice post on how one should configure their server to pass the Qualsys SSL Labs test with an A+. Given that when I initially setup my site it took me like 3 hours of messing around to get my site to pass with an A+ I figured I should share this post with everyone as it is so useful. Check it out here!
I just wanted to mention signal has been released so for all the iPhone users out there it is definitely worth installing. Signal is an implementation of Text Secure on IOS. Given the insecurity of text messages and how many other messengers have varying degrees of security Open WhisperSystems has released Signal. Some popular chat programs like WhatsApp are starting to encrypt but they aren’t always encrypted. One of the biggest benefits of Signal is they released the source code so that anyone can audit the code. Granted if you are installing it from the iTunes store there is still the risk of a back door being in there, but one inclined and with a developers license could build their own and install it on their phone. Of course that also assumes that your copy of XCode hasn’t been tampered with. At the end of the day if you are a target they are probably going to get your stuff, but the benefits of widespread use of secure products would be to disallow wholesale metadata and data collection that has been alleged to have been happening so that innocent people are left alone. The EFF has a nice scorecard that ranks the security aspects of different messenger apps. Here is another story suggesting the use of this app. If you are on Android Signal is an implementation of TextSecure.