Great post following up on the Firesheep threat, detailing the reasons why more websites are not using SSL:
- Server overhead
- Increased latency
- Challenge for CDNs
- Wildcard certificates are not enough
- Mixed HTTP/HTTPS: the chicken & the egg problem
Zscaler did a follow up blog post, SSL: the sites which don’t want to protect their users, highlighting popular sites which do not use SSL.
Full disclosure – Zscaler is a Cymbel partner.