Forcing browsers to use encryption


Recommended Posts

November 15, 2010 5:06 PM PST

Forcing browsers to use encryption

by Elinor Mills

Help is on the way for Web surfers who run the risk of having their Facebook, Twitter, and other Web accounts hijacked over unsecured Wi-Fi networks and other security issues that result from sites not using encryption.

A Web security mechanism called HTTP Strict Transport Security (HSTS) is making its way through the IETF (Internet Engineering Task Force) standards process, and two of the major browsers are supporting it. Web sites that implement HSTS will prompt the browser to always connect to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.

It will render useless tools like Firesheep, a Firefox add-on that lets people easily capture HTTP session cookies that sites use to communicate with computers. Firesheep was released at ToorCon last month.

HSTS is used in Google Chrome and the NoScript and Force-TLS Firefox ... Read full post as well as user comments

Originally posted at InSecurity Complex

http://news.cnet.com/security/

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...