Friday, May 24, 2013
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
'Need for Speed Rivals' Racing Coming To Xbox One and PlayStation 4
Google Maps Capture The Beauty of the Galapagos
Europe Proposes New Investment Plan To Advance Chip Making
Samsung Establishes Own U.S. Patent Firm
NVIDIA Brings The Titan GPU To Gamers With The GeForce GTX 780
OCZ Launches New Vertex 450 Series Solid State Drives
Samsung To Make OLED Panels For Google Glass: report
Amazon Kindle Fire HD tablets Available on June 13
Active Discussions
CDR for car Sat Nav
deleted
CD Drive Retrieve
burning
Extremely Slow External CD (Samsung SE-S084C)
Best optical drive for ripping CD's? My LG 4163B is mediocre.
Verbatim DVD+R still tops?
Doubt in choosing an Optiarc writer
 Home > News > General Computing > Firefox...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, November 02, 2012
Firefox Enforces Secure HSTS Connections For Selected Domains

Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users.

HSTS (HTTP Strict Transport Security) is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. It can be an effective tool for protecting the privacy and security of users and their data. However, when connecting to an HSTS host for the first time, the browser won't know whether or not to use a secure connection, because it has never received an HSTS header from that host. Consequently, an active network attacker could prevent the browser from ever connecting securely.

To mitigate this attack, Mozilla has added to Firefox a list of hosts that want HSTS enforced by default. When a user connects to one of these hosts for the first time, the browser will know that it must use a secure connection. If a network attacker prevents secure connections to the server, the browser will not attempt to connect over an insecure protocol, thus maintaining the user?s security.

The "preload list" has been seeded with entries from Chrome's list of a similar function. To build the preload list, a request is sent to every host with 'mode: "force-https"' on Chrome's list. Only if a host responds with a valid HSTS header with an appropriately large max-age value do Mozilla includes it in its list. Mozilla also see if the includeSubdomains value for the entry on Chrome?s list is the same as what they receive in the response header.

Google's Chrome forces a secure connection for all google.com subdomains but also added forced HTTPS connections for sites that have requested it.

The feature is currently only present in Firefox Beta.

Previous
 		Next
Facebook To Educate New Users Over Privacy        All News        Apple's Updated Samsung Statement Still Not an Apology
Facebook To Educate New Users Over Privacy     General Computing News      Apple's Updated Samsung Statement Still Not an Apology
Get RSS feed Easy Print E-Mail this Message
Related News
Firefox 21 Brings Do Not Track Options, Deeper Social Integration
First Firefox OS Phones Available By Geeksphone
Firefox OS Phones Coming In June
Mozilla Brings New Cookie-blocking Policy To Upcoming Firefox
Firefox 20 Gives You More Control Over Your Privacy
IE, Firefox, Chrome and Java "Pwned"
Sony Releases Experimental Firefox OS Software For Developers
New Alcatel The ONE TOUCH FIRE And ZTE Open Smartphones Run On Mozilla Firefox OS
Mozilla Announces Expansion for Firefox OS, Firefox Marketplace at MWC
Firefox, Chrome Talk To Each Other Through WebRTC
Firefox OS Smartphone By ZTE Coming At MWC
Firefox 18 Features IonMonkey Javascript Compiler

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2013 - All rights reserved -
Privacy policy - Contact Us .