(Posted 2016-12-05 09:42:08 -0500)
Using Cloudflare’s free services, I’ve enabled HTTPS on goltz20707.mmert.org. Cloudflare offers CDN and web optimization services and DDNS protection for free for personal websites (like this one). It can also be configured to provide HTTPS.
HTTPS is provided via wildcard certificates, and any given Cloudflare server apparently may be serving any number of wildcarded domains. Because of this, it may still be possible for some other site to “spoof” this site.
That means two things to you, the end user:
A man-in-the-middle attack would require DNS spoofing or unauthorized changes in addition to duplicating the site, so it’s difficult but not impossible. So it’s slightly more secure than it was before.
If none of that makes sense to you, don’t worry. I’m just geeking out.
Click here to go back to the home page.