Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is secure.

The latest version of Firefox expands non-secure HTTP warnings, enables SHA-1 deprecation by default, and removes support for NPAPI.

Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare’s “Cloudbleed” bug, Google breaking SHA-1, and more.

Mike Mimoso and Chris Brook recap the news of the week, including a Microsoft SMB zero day, the latest Netgear router vulnerability, and a new HTTPS milestone.

This week HTTPS hit a huge milestone. According to a two-week survey of telemetry data from the Mozilla Firefox browser, 50 percent of page loads used HTTPS.

Google announced that it will operate its own root Certificate Authority, stood up by the acquisition of two root CAs from GlobalSign.

Almost 200,000 servers are still vulnerable to Heartbleed, the OpenSSL vulnerability patched nearly three years ago.

Facebook dismisses a researcher who says multimedia content sent via Facebook Messenger can be intercepted by a third party under certain conditions.

Apple extended the deadline of Dec. 31 for developers adopt App Transport Security standards for applications submitted to the App Store.

Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward.