Jump to content

Forcing browsers to use encryption


Recommended Posts

  • Administrator

Firefox and Chrome are or will be using new HTTP Strict Transport Security technology, which allows Web servers to force secure connections with browsers.

Help is on the way for Web surfers who run the risk of having their Facebook, Twitter, and other Web accounts hijacked over unsecured Wi-Fi networks and other security issues that result from sites not using encryption.

A Web security mechanism called HTTP Strict Transport Security (HSTS) is making its way through the IETF (Internet Engineering Task Force) standards process, and two of the major browsers are supporting it. Web sites that implement HSTS will prompt the browser to always connect to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.

It will render useless tools like Firesheep, a Firefox add-on that lets people easily capture HTTP session cookies that sites use to communicate with computers. Firesheep was released at ToorCon last month.

HSTS is used in Google Chrome and the NoScript and Force-TLS Firefox plug-ins and is being implemented in the upcoming version of FireFox, according to a blog post by Jeff Hodges, a security engineer at PayPal. Hodges wrote the original draft specification for HSTS with Collin Jackson, a former Googler and current assistant research professor at Carnegie Mellon University Silicon Valley, and Adam Barth, a Google engineer.

"This allows for full-session encryption," Jackson told CNET. "A user won't see an insecure version of the site."

PayPal and other Web sites have started to use the feature and more are waiting to adopt it once it is implemented in more browsers, he said. "We're waiting on Microsoft to pick it up," Jackson said.

Asked if Microsoft is considering using HSTS in Internet Explorer, a spokesperson provided this comment: "We don't support it in IE9 but are committed to delivering trusted browsing experience and will continue to listen to customers."

Apple spokespeople did not respond to an e-mail asking for comment for this story.

view.gif View: Original Article

Link to comment
Share on other sites

  • Replies 2
  • Views 753
  • Created
  • Last Reply

"committed to delivering trusted browsing experience and will continue to listen to customers."

AKA: They are doing WHAT? We are behind AGAIN!!!!

Link to comment
Share on other sites

Crazy how people were telling me Chrome was secure lol they were wrong!!! Oh well, at least I feel safer with Comodo Dragon based on Chromium Engine xD

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...