[HTTPS-E Rulesets] SSL Everywhere is BROKEN with npr.org
JX Bell
jx at doitall.com
Wed Nov 7 11:24:51 PST 2012
Warning: SSL Everywhere is BROKEN with npr.org !
Please REMOVE support for it in your SSL Everywhere plugin.
They have a "stub" SSL support with a BROKEN certificate (!!!), which eventually (theoretically) redirects to non-SSL site… but first users have to AGREE to security exceptions, which is creepy and wrong, and facilitates man in the middle attacks long term if they ever support SSL 'properly'.
From NPR itself… from the email address npr_response at npr.org
---We appreciate you sharing your concerns. NPR.org does not support HTTPS Everywhere and our site does not use https protocol. We do offer secure login forNPR.org accounts, however we use secure.npr.org for login activities. ---
-- JX
p.s. my email from them was from npr_response at npr.org , signed by Justin at "NPR Audience Partnership" 202-513-3232
JX Bell
(415) 225-8281
JX at doitall.com
http://doitall.com
http://JXphotography.com
http://JXconsulting.com/resume
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20121107/6568cba9/attachment.html>
More information about the HTTPS-Everywhere-Rules
mailing list