Friday, October 31, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Panasonic Raises Profit Outlook
Toshiba Offers New 4TB and 5TB Desktop HDDs
Samsung Introduces New Ultra Slim Galaxy A5 and Galaxy A3 Smartphones For The Chinese Market
Sharp 2Q Profit Slides
PlayStation 4 Sales Sustain Sony's Quarterly Loss
MSI Debuts The GT80 Titan Gaming Notebook With Mechanical Keyboard
Sharp To Produce New Backlight-free LCD Panel For Wearables
New Cameras Boost GoPro's Quarterly Profit
Active Discussions
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
How to generate lots of different CDs quickly
Yamaha CRW-F1UX
help questions structure DVDR
 Home > News > General Computing > Firefox...
Last 7 Days News : SU MO TU WE TH FR SA All News

Friday, November 02, 2012
Firefox Enforces Secure HSTS Connections For Selected Domains


Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users.

HSTS (HTTP Strict Transport Security) is a mechanism by which a server can indicate that the browser must use a secure connection when communicating with it. It can be an effective tool for protecting the privacy and security of users and their data. However, when connecting to an HSTS host for the first time, the browser won't know whether or not to use a secure connection, because it has never received an HSTS header from that host. Consequently, an active network attacker could prevent the browser from ever connecting securely.

To mitigate this attack, Mozilla has added to Firefox a list of hosts that want HSTS enforced by default. When a user connects to one of these hosts for the first time, the browser will know that it must use a secure connection. If a network attacker prevents secure connections to the server, the browser will not attempt to connect over an insecure protocol, thus maintaining the user?s security.

The "preload list" has been seeded with entries from Chrome's list of a similar function. To build the preload list, a request is sent to every host with 'mode: "force-https"' on Chrome's list. Only if a host responds with a valid HSTS header with an appropriately large max-age value do Mozilla includes it in its list. Mozilla also see if the includeSubdomains value for the entry on Chrome?s list is the same as what they receive in the response header.

Google's Chrome forces a secure connection for all google.com subdomains but also added forced HTTPS connections for sites that have requested it.

The feature is currently only present in Firefox Beta.


Previous
Next
Facebook To Educate New Users Over Privacy        All News        Apple's Updated Samsung Statement Still Not an Apology
Facebook To Educate New Users Over Privacy     General Computing News      Apple's Updated Samsung Statement Still Not an Apology

Get RSS feed Easy Print E-Mail this Message

Related News
Mozilla Hello Offers Voice and Video Calls Through The Browser
Firefox To Offer Free H.264 Codec Plugin
Firefox OS Expand Across New Devices, Markets and Categories
Firefox To Support VR Devices
Firefox OS Media Stick Sends Video to Your TV
Firefox OS Ecosystem Continues Expansion With Entry Level Smartphones
Firefox To Integrate DRM Conternt Protection
Firefox To Offer Ads In Tabs
ZTE Open C Firefox OS Phone Available on eBay, OS Updated
Mozilla Introduces New Customizable Firefox
Mozilla To Strengthen SSL Certificate Verification in Firefox
New Firefox Beta Is Faster, Simplified and Easier to Customize

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .