Michał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Lukewarm take:

When I see general* "security advice" that mentions "do not use public WiFi" or "use a VPN", I am immediately suspicious about all other advice offered.

Yes, a decade ago that was a consideration, because most sites were not using HTTPS. Credentials were flying cleartext on the wire.

Today, almost all sites use HTTPS. Doesn't mean the risk is zero, but it's way lower.

*) "general" meaning "without a very specific threat model in mind", meant for general public, etc.

#InfoSec

Show threadMichał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Actually, downgraded that take to "lukewarm", it should really not be controversial at all these days. It's been a hot minute since LetsEncrypt changed the HTTPS landscape!

What is beyond me is that such "security advice" still gets pushed. 

Show threadMichał "rysiek" Woźniak · 🇺🇦Jun 7, 2024

Also, shout-out to @letsencrypt for dramatically changing the security landscape of the Web for the better over the years.

Rarely is there an example of a project so effective and so directly improving everyone's lives, while at the same time keeping the original engineering mindset and just Doing Stuff Right™ humbly in the background.

Next November it will have been exactly a decade since LE started. We all owe them a huge 10th birthday party.

#InfoSec

Show threadSean Killeen
@rysiek @letsencrypt I can't express the appreciation I felt recently when I was able to automate certificate generation for our domain via Terraform thanks to LetsEncrypt. It just worked and I was able to have high confidence. Just delightful. All because a group decided to democratize security and abstract it enough that it was accessible for people like me.
Jun 9, 2024 at 2:44pmWeb