What are the challenges of migrating to https only protocol? I have done it before, not on wired.com scale though. We use AWS and it's not that difficult to start supporting https and have all http requests redirected to https. Can someone explain why it took them a year to do this?
This is why, when you have a site the size of wired.com it's not a matter of changing the binding on your webserver.
You need to go over the entire site including historic
content to make sure that all the links are HTTPS.
You need to go over the entire code of the website and make sure all the JS requests are over HTTPS.
You need to make sure all the adds and 3rd party content you serve are over HTTPS.
You need to make sure all of the SEO and tracking still works.
You need to make changes to the CMS and how you roll out content.
You need to adjust your CDN and scalability to support HTTPS.
You need to update your redirects, sitemaps, search and more importantly make sure that you handle search engine redirects properly because it would be probably months until the search engines update all the links.
You need to make sure all your syndicated and affiliated content over the past few decades that is still linked somewhere will redirect properly.
This isn't a simple task, this is probably on the same level of complexity as updating your CMS and URL structure while preserving all the historic content, links, syndication, and search engine results.
The big threats today in the DNS infra today are CAs, as shown recently by WoSign/Start.
All an adversary needs to MITM is a temporary certificate which they feed on a TUNNEL in the ISPs' network. That way only the target is served that certificate, which is disposed off after use.
No, you did not encrypt all of Wired. Just some data transfer to your clients. Which may still be vulnerable to guess attacks since the content is public, known and mostly static.
But at least it is now much, much harder to modify the content during transfer, which is good.
