SSL Pulse Project Finds Just 10% of SSL Sites Actually Secure

Trailrunner7 writes "A new project that was setup to monitor the quality and strength of the SSL implementations on top sites across the Internet found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure. The SSL Pulse project, set up by the Trustworthy Internet Movement, looks at several components of each site's SSL implementation to determine how secure the site actually is. The project looks at how each site is configured, which versions of the TLS and SSL protocols the site supports, whether the site is vulnerable to the BEAST or insecure renegotiation attacks and other factors. The data that the SSL Pulse project has gathered thus far shows that the vast majority of the 200,000 sites the project is surveying need some serious help in fixing their SSL implementations."

It's a metaphor for slashdot

[samjam]

It's a metaphor for the eternal slashdot argument between religion and science.
We all knew how to be secure with SSL but somehow we never were!

This is why "science" can't replace "religion".

Science is a philosophy (like religion) but practical science is engineering; and it's so hard to get right even when you (think you) know what you are doing; and you still have to have faith to rely on others doing it right.

Religion has at least two sides, managed superstition (which is false religion and not philosophy) and the quest for truth (which is philosophy).

Science seeks truth which can be discovered by the scientific method which can operate on the planes of existence below us which are subject to our manipulation and therefore repeatable.

Religion seeks truth that must be taught and revealed from planes of existence above us, which are not subject to strict scientific method any more than an ant can do an experiment upon the scientist in whose lab it is being studied. (But yet as parents will sometimes make themselves appear subject to the scientific method in order to teach and be understandable to their children, so might God).

One prophet said: "Religion teaches obedience to laws which are important to society but unenforceable." The truth or value of religious teachings is subject to examination and verification through practice, but as it changes the natures of those performing the experiment it is perhaps less scientific even thought it may be satisfying.

The argument is not be between "science" and "religion" in those who seek truth rather than to establish their position or authority.

A scientist that makes an error or deceives is as unhelpful to the novice as a religionist that makes an error or deceives. Both being human, both are likely. Seekers of truth cannot afford to make over generalisations from the behaviour of adherents, or take certainty from probability when looking for a needle in a haystack, and do not confuse the comfort of acclaim with accuracy. There is a difference between being right and being told you are right. To want truth is to accept that you might never be satisfied, but hope anyway. (This can be exchanged for social acceptance at any time).

Those who would manipulate the ignorant can do so under the cloak of science, religion, politics or fear, and so on. We cannot be certain that we will always detect such people immediately, and their natures may change mid-course. To treat all religionists or all scientists as proxies for those who manipulate, is to remain deceived.

Religion and science both require trust in the teacher.

The ultimate teacher in religion is not seen but can be known through the teaching process.
I believe that the ultimate teacher in science is the same person.

I am a Mormon, I am a Christian, and I seek truth

Re:Mixed Content another issue

[philip.paradis]

Fixing Mixed content is not always so difficult, we replaced image links to use "//" instead of "http://", which allows it to use whatever protocol you are already using.

Please tell me you meant "/" instead of "//" there, and that you actually understand how URIs are constructed. Specifically, do you understand how protocol indicators work, and the difference between absolute and relative URIs?

On another note, why did you capitalize "content" in the subject line and "mixed" in the comment body?