Jump to content

Search the Community

Showing results for tags 'HSTS'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 1 result

  1. Microsoft confirmed today it will support HTTPS Strict Transport Protocol (HSTS) in Internet Explorer 12, bringing its browser in line with other major vendors in its support of the protocol. Browsers supporting HSTS force any sessions sent over HTTP to be sent instead over HTTPS, encrypting communication to and from a website. According to OWASP, HSTS protects users from a number of threats, in particular man-in-the-middle attacks by not only forcing encrypted sessions, but also stopping attackers who use invalid digital certificates. The protocol denies users the ability to override invalid certificate messages. HSTS also protects users from HTTPS websites that also may include HTTP links or serve content unencrypted. IE 12 is expected to be released this year; IE 11 was introduced in October 2013 and is the default browser in Windows 8.1. IE 12’s support of HSTS puts it on an even keel with other browsers, some such as Chrome and Firefox have supported the protocol since 2011. Apple added HSTS support on Safari upon the release of Mavericks 10.9. According to the Electronic Frontier Foundation’s Encrypt the Web report, a few leading technology companies already support HSTS on their websites, including Dropbox, Foursquare, SpiderOak and Twitter. Others such as Facebook, LinkedIn, Tumblr, and Yahoo also plan to do so this year; Google too for select domains. EFF staff technologist Jeremy Gillula said today that developers either are unaware of the availability of HSTS, or have been stymied by incomplete support in browsers. “This is changing though: we noticed that Apple quietly added HSTS support to Safari in OS X 10.9,” Gillula said. “For now, Internet Explorer doesn’t support HSTS—which means that there’s basically no such thing as a secure website in IE.” Until that happens, much of the security burden falls on the user to either rely on a browser that supports HSTS, or use something such as the HTTPS Everywhere browser extension. “For now all a savvy user can do is to always carefully examine the address of the site you’ve loaded, and verify that it’s secure by checking to make sure it has “https” in the front and is the precise address you want to visit,” Gillula said. “Unfortunately this assumes that you know ahead of time (and remember) whether or not a site should be secure, and are meticulous with every website you visit.” Secure protocols such as HTTPS, HSTS and Perfect Forward Secrecy have been given greater priority now that the depths of NSA and government surveillance have been exposed. Experts urge developers to consider encryption technologies such as these a minimum standard for web-based services such as email. Just this week, Yahoo caught up to many of its contemporaries when it announced that it had encrypted traffic moving between its data centers; Snowden documents revealed that the NSA and Britain’s GCHQ were able to tap into overseas fiber optic cables and copy data as it moved to the company’s data centers. Yahoo also announced its intention to support HSTS, Perfect Forward Secrecy and Certificate Transparency this year. Source
×
×
  • Create New...