X
Business
Home Business Enterprise Software

New browser security tool may mean safer surfing

Help is on the way for Web surfers who run the risk of having their Facebook, Twitter, and other Web accounts hijacked over unsecured Wi-Fi networks and other security issues that result from sites not using encryption.
Written by Elinor Mills, Contributor

A Web security mechanism called HTTP Strict Transport Security (HSTS) is making its way through the IETF (Internet Engineering Task Force) standards process, and two of the major browsers are supporting it. Web sites that implement HSTS will prompt the browser to always connect to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.

It will render useless tools like Firesheep, a Firefox add-on that lets people easily capture HTTP session cookies that sites use to communicate with computers. Firesheep was released at ToorCon last month.

HSTS is used in Google Chrome and the NoScript and Force-TLS Firefox plug-ins and is being implemented in the upcoming version of FireFox, according to a blog post by Jeff Hodges, a security engineer at PayPal. Hodges wrote the original draft specification for HSTS with Collin Jackson, a former Googler and current assistant research professor at Carnegie Mellon University Silicon Valley, and Adam Barth, a Google engineer.

For more on this story, read Forcing browsers to use encryption on CNET News.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

windows-11-laptop

Microsoft is now showing ads in Windows 11's Start menu. Here's how to block them

Placeholder product image alt text

The best AI image generators to try right now