Wednesday, October 07, 2015
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung 3Q Operating Profit Surges
Twitter 'Moments'To Highlight Best Tweets
Hololens, New Lumia Smartphones, Band, Surface Pro 4 and Surface Book Shined At Microsoft's Windows 10 Devices Event
Sharp Showcases Ultra HD Blu-ray Recorder, 8K TV at CEATEC 2015
EU Court Says EU-US Data Transfer Pact Is Invalid
New Roku 4 Streaming Player Supports 4K Resolution
Sharp Showcases RoboHon Mobile Robot At Ceatec
Skyworks to Buy PMC-Sierra for $2 Billion in Cash
Active Discussions
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
How to burn a backup copy of The Frozen Throne
Help make DVDInfoPro better with dvdinfomantis!!!
Copied dvd's say blank in computer only
menu making
Optiarc AD-7260S review
 Home > News > General Computing > Firefox...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, November 02, 2012
Firefox Enforces Secure HSTS Connections For Selected Domains

Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users.

HSTS (HTTP Strict Transport Security) is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. It can be an effective tool for protecting the privacy and security of users and their data. However, when connecting to an HSTS host for the first time, the browser won't know whether or not to use a secure connection, because it has never received an HSTS header from that host. Consequently, an active network attacker could prevent the browser from ever connecting securely.

To mitigate this attack, Mozilla has added to Firefox a list of hosts that want HSTS enforced by default. When a user connects to one of these hosts for the first time, the browser will know that it must use a secure connection. If a network attacker prevents secure connections to the server, the browser will not attempt to connect over an insecure protocol, thus maintaining the user?s security.

The "preload list" has been seeded with entries from Chrome's list of a similar function. To build the preload list, a request is sent to every host with 'mode: "force-https"' on Chrome's list. Only if a host responds with a valid HSTS header with an appropriately large max-age value do Mozilla includes it in its list. Mozilla also see if the includeSubdomains value for the entry on Chrome?s list is the same as what they receive in the response header.

Google's Chrome forces a secure connection for all subdomains but also added forced HTTPS connections for sites that have requested it.

The feature is currently only present in Firefox Beta.

Facebook To Educate New Users Over Privacy        All News        Apple's Updated Samsung Statement Still Not an Apology
Facebook To Educate New Users Over Privacy     General Computing News      Apple's Updated Samsung Statement Still Not an Apology

Get RSS feed Easy Print E-Mail this Message

Related News
Mozilla Tests Private Browsing with Tracking Protection in Firefox Beta
Firefox for iOS Now Available for Preview
Mozilla Tests New Private Browsing and Add-ons Features
Firefox Attacks Microsoft Over Default Browser in Windows 10
First Panasonic Smart TVs Powered by Firefox OS Debut
Orange Launches Firefox OS Smartphones in Africa
Firefox OS Expands with More Partners, Devices
Mozilla Moves To Exclude Flash From Firefox
Latest Firefox Streamlines Video Calling
LG to Release Firefox OS Smartphone in Japan
Firefox To Set Yahoo As Default Search Engine
Firefox Anniversary Edition Adds More Privacy Features

Most Popular News
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2015 - All rights reserved -
Privacy policy - Contact Us .