Tag Archives: FirefoxFirefox

HSTS RFC Finalized

November 21, 2012 by Bruce Morton     1 Comment

HTTP Strict Transport Security (HSTS) has been finalized and published as RFC 6797. The purpose of HSTS is to allow a website to declare to complying users’ agents that they should interact with it using a secure connection such as HTTPS. In order to implement HSTS, a website must have a statement in its header, such [Read More...]

HTTPS Everywhere 3.0

October 11, 2012 by Bruce Morton     No Comments

The Electronic Frontier Foundation (EFF) has released HTTPS Everywhere 3.0.

Stopping CRIME Attacks

September 13, 2012 by Bruce Morton     No Comments

This article by Dan Goodin appears to cover the most facts about the CRIME attack on SSL/TLS. It answers my first question about what the acronym means; CRIME is short for “Compression Ratio Info-Leak Made Easy.” It also confirms the attack is performed when the communication uses TLS compression. My understanding is that TLS compression [Read More...]

Speculation on CRIME

September 12, 2012 by Bruce Morton     No Comments

The SSL industry is waiting for the Ekoparty Security Conference next week to find out more details on the CRIME SSL/TLS attack. Speculation by SSL/TLS experts? The attack is based on TLS compression. Thomas Pornin made this post on IT Security of his guesses on how compression could be used in an attack. This also [Read More...]

Firefox’s Lock Icon is Back

September 4, 2012 by Bruce Morton     No Comments

I’m a little late with this blog item. Maybe it was because it was a great summer or maybe it’s because I don’t use Firefox or maybe it’s because … Firefox 14.0 released in June 2012 and the SSL lock symbol is back. I wrote a blog last year where the beta of Firefox 4.0 [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: FirefoxFirefox, SSL, visual indicators

HSTS Update

July 16, 2012 by Bruce Morton     No Comments

HTTP Strict Transport Security (HSTS) will soon be finalized and available in an IETF standard. The request for comment (RFC) is at version 11 and the IESG has put out a last call for comments. HSTS is a security policy mechanism where a Web server tells a supporting browser that it can only connect to [Read More...]