DreamTeamDownloads1, FTP Help, Movies, Bollywood, Applications, etc. & Mature Sex Forum, Rapidshare, Filefactory, Freakshare, Rapidgator, Turbobit, & More MULTI Filehosts - View Single Post - Firefox 17 Beta now Forces Secure Connections for List of Selected Domains

Ladybbird · 06-11-12, 21:39

Forcing secured connections protects the privacy and security of users and their data, Mozilla said

IDG News Service - Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users.

To force secure connections between the browser and a server, Mozilla uses HSTS (HTTP Strict Transport Security), a mechanism used by servers to indicate that the connecting browser must use a secure connection, wrote Mozilla's David Keeler in a blog post.

When the browser connects to an HSTS server for the first time though, the browser does not know if it should use a secure connection because it never received a HSTS header from that host. "Consequently, an active network attacker could prevent the browser from ever connecting securely (and even worse, the user may never realize something is amiss)", Keeler wrote, adding that setting up the connection that way still leaves it vulnerable to attacks.

As a workaround for that problem, Mozilla has added a list to Firefox with domains that the browser should only connect to securely by default.

"When a user connects to one of these hosts for the first time, the browser will know that it must use a secure connection. If a network attacker prevents secure connections to the server, the browser will not attempt to connect over an insecure protocol, thus maintaining the user's security," Keeler said.

The list has been seeded by domains from Chrome's HSTS preloaded list, that has a similar function to Mozilla's. Google's Chrome forces a secure connection for all google.com subdomains but also added forced HTTPS connections for sites that have requested it. Secure connections are forced for sites such as paypal.com, twitter.com, lastpass.com and torproject.org.

"HSTS in combination with a preloaded list of sites can be a great tool for increasing the security of users," Keeler wrote. The feature is currently only present in Firefox Beta.
END

Has anyone tried this new Firefox 17 yet? If so please post your opinion, especially on this security issue

06-11-12, 21:39	#1
Ladybbird Join Date: Feb 2011 Posts: 47,626 Thanks: 27,642 Thanked 14,458 Times in 10,262 Posts Awards Showcase Total Awards: 8	Firefox 17 Beta now Forces Secure Connections for List of Selected Domains Forcing secured connections protects the privacy and security of users and their data, Mozilla said IDG News Service - Mozilla introduced a pre-loaded list of domains for Firefox that only can be connected to securely in order to help protect the privacy and security of users. To force secure connections between the browser and a server, Mozilla uses HSTS (HTTP Strict Transport Security), a mechanism used by servers to indicate that the connecting browser must use a secure connection, wrote Mozilla's David Keeler in a blog post. When the browser connects to an HSTS server for the first time though, the browser does not know if it should use a secure connection because it never received a HSTS header from that host. "Consequently, an active network attacker could prevent the browser from ever connecting securely (and even worse, the user may never realize something is amiss)", Keeler wrote, adding that setting up the connection that way still leaves it vulnerable to attacks. As a workaround for that problem, Mozilla has added a list to Firefox with domains that the browser should only connect to securely by default. "When a user connects to one of these hosts for the first time, the browser will know that it must use a secure connection. If a network attacker prevents secure connections to the server, the browser will not attempt to connect over an insecure protocol, thus maintaining the user's security," Keeler said. The list has been seeded by domains from Chrome's HSTS preloaded list, that has a similar function to Mozilla's. Google's Chrome forces a secure connection for all google.com subdomains but also added forced HTTPS connections for sites that have requested it. Secure connections are forced for sites such as paypal.com, twitter.com, lastpass.com and torproject.org. "HSTS in combination with a preloaded list of sites can be a great tool for increasing the security of users," Keeler wrote. The feature is currently only present in Firefox Beta. END Has anyone tried this new Firefox 17 yet? If so please post your opinion, especially on this security issue __________________ PUTIN TRUMP & Netanyahu Will Meet in HELL ..................*SHARKS are Closing in on TRUMP*.......................... *TRUMP WARNS; 'There'll Be a Bloodbath* If I Don't Get Elected'..MAGA - MyAssGotArrested...IT's COMING** PLEASE HELP THIS SITE..Click DONATE & Thanks to ALL Members of ... 1.. THIS SITE IS MORE THAN JUST WAREZ...& TO STOP SPAM-IF YOU WANT TO POST, YOUR FIRST POST MUST BE IN WELCOMES