White House Proposal Urges All Federal Websites To Adopt HTTPS

blottsie writes: In an effort to close security gaps that have resulted in multiple security breaches of government servers, the Obama administration on Tuesday introduced a proposal to require all publicly accessible federal websites to use the HTTPS encryption standard. "The majority of federal websites use HTTP as the as primary protocol to communicate over the public Internet," reads the proposal on the website of the U.S. Chief Information Officer. "Unencrypted HTTP connections create a privacy vulnerability and expose potentially sensitive information about users of unencrypted Federal websites and services."

Not just for government.

[kuzb]

There's virtually no excuse to be running a website without SSL. It doesn't matter what kind of site you run. It should really be law that all sites on the internet move to SSL.

According To The News

[Greyfox]

Statistically the man in the middle is most likely to be The Man. If you're talking to The Man, he doesn't even need to be in the middle, but he probably will be anyway. If you're a government employee using one of those, you'll be The Man, talking to The Man while being spied on by The Man! Delicious!

Re:Interdasting...

[techno-vampire]

Using https to transmit sensitive information is the same as remembering to lock your car. It's not perfect and it won't stop a determined attack, but it's enough to prevent casual intrusions. And, of course, if somebody does break the encryption there's no way they can claim that they didn't know that the transmission was private.