Show notes and links for this episode follow below.
The heartbleed bug that severely compromises the security of the websites it affects.
The EFF says sites must use HSTS in order to be secure, and suggests not enough web developers know about it yet.
Moxie Marlinspike on SSL stripping, the concept he introduced in 2009, and the Wikipedia entry for SSL stripping.
The Chromium project has instructions on how to get your site on the STS preloaded list. The Mozilla Security Blog on preloading HSTS. Sincere thanks to Adam Langley (@agl__) for taking the time to answer questions about the Chromium list.
“Can I use Strict Transport Security?” shows browser support. Follow the progress of IE’s upcoming support for HSTS (“In Development” in April 2014).
OWASP on setting up the Strict-Transport-Security header for various servers.