Skip to main content

Low adoption rate of HSTS website security mechanism is worrying, EFF says

"Without HSTS, browsers have no way of knowing that a website should be delivered securely, and so cannot alert you when a website that ought to be loaded securely (e.g. your bank's website) is instead loaded via a normal connection (i.e. the unencrypted version the attacker sends to you instead)," said Jeremy Gillula, a staff technologist at the EFF, in a blog post Friday. "HSTS fixes that by allowing servers to send a message to the browser saying 'Hey! Connections to me should be encrypted!' and allowing browsers to understand and act on that message."

Tuesday, April 8, 2014
ComputerWorld

Related Issues

JavaScript license information