headerIMG

B2B Articles - Oct 20, 2012 10:35:08 PM

The Web Security protocol, HSTS, wins its Proposed Standard Status

Web sites complying with the policy will automatically prompt browsers to interact with the site over a secure connection.

A Web security protocol designed to protect Internet users from Internet hijackings due to unencrypted Web sites has won approval as a proposed standard.

A elected committee for the Internet Engineering Task Force (IETF) approved a draft of HTTP Strict Transport Security (HSTS), an opt-in security protocol in which Web sites prompt browsers to always interact over a secure connection. Web browsers complying with the policy will automatically switch insecure links to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.

HSTS is designed to protect against HTTP session hijacking, in which limited encryption used on many popular Web sites put user accounts at risk of compromise by someone snooping on session traffic between the user's computer and the site's server. Sites typically encrypt the username and password as they are transmitted, but unless the entire Web session is encrypted with someone sniffing the network could capture cookie information and use that information to access the user accounts.

The technology is already supported by sites and services such as PayPal, Blogspot, and Etsy. It's also included in the Chrome, Firefox 4, and Opera 12 Web browsers. However, Microsoft's Internet Explorer and Apple's Safari have not yet integrated HSTS.

Tel 212-993-7809  

Ironpaper ®
10 East 33rd Street 
6th Floor
New York, NY 10016
Map

Ironpaper - B2B Agency

B2B Marketing and Growth Agency.

Grow your B2B business boldly. Ironpaper is a B2B marketing agency. We build growth engines for marketing and sales success. We drive demand generation campaigns, ABM programs, B2B content, sales enablement, qualified leads, and B2B marketing efforts. 

Ironpaper Twitter Ironpaper Linkedin