Wednesday, June 10, 2015

Finally - Microsoft adds HSTS support for IE in Windows 7 and 8.1




Better late than never.
This feature was made available in other browsers a few years back.


From the article:

Short for HTTP Strict Transport Security, HSTS is a browser header that forces any sessions sent over HTTP to be sent instead over HTTPS based on a preloaded list of sites supporting the protocol. HSTS encrypts communication to and from a website, and puts a dent in attempts to man-in-the-middle web sessions. According to OWASP, HSTS also stops attackers who use invalid digital certificates. The protocol denies users the ability to override invalid certificate messages. HSTS also protects users from HTTPS websites that also may include HTTP links or serve content unencrypted.

The addition of HSTS was included in a cumulative update for Internet Explorer released yesterday. 


Click below for more info:
https://threatpost.com/microsoft-brings-hsts-to-windows-7-and-8-1/113258

No comments:

Post a Comment