Firesheep was a buzz word few months ago then came the blacksheep to counter protect users from it.
The firesheep tutorial I demonstrated in a post shows how an attacker can gain access to any account(Twitter,Facebook,Gmail etc) with out even knowing the password using Sidejacking.
Now with the increase of threats from the tools like Firesheep Mozilla has come with a concept of "HTTP Strict-Transport-Security", that will be employed in the version 4 of it and is available in the beta versions available.
Now with the increase of threats from the tools like Firesheep Mozilla has come with a concept of "HTTP Strict-Transport-Security", that will be employed in the version 4 of it and is available in the beta versions available.
What is "HTTP Strict-Transport-Security" ?
Actually when we access any login page it is done by default with http so our initial connection is unencrypted so an attacker can plant a MITM(Man in the Middle Attack) to recieve the connection from the user and the user feels that he/she is connected to the real server.Here comes the role of "HTTP Strict-Transport-Security" in protecting the user's session.What it does is that it guides the user's session to be strictly over Https there by encrypting the user's session from the initial point and also protect the sniffing of cookies.
How to use this feature?
1.A site need to ebable the "Strict-Transport-Security HTTP header",in order to allow the user to access a https login page and the firefox 4 will take care rest of the thing.
2.If you are using Firefox 3.6 you can use an addon called "ForceTLS" to use this functionality.
3.This is built in with Firefox 4 and in the beta but you can also use additonal controls by using "STS-UI" addon.
With this feature added to Firefox 4 the online activities of users from public
Wifi hotspots can be secured to some extent... :)
With this feature added to Firefox 4 the online activities of users from public
Wifi hotspots can be secured to some extent... :)
More Security for Firesheep from Mozilla | HSTS
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Wednesday, February 02, 2011
Rating:
Reviewed by Satyajit (Admins,a.k.a Satosys)
on
Wednesday, February 02, 2011
Rating:
18 comments:
Was an enlightening post.
Setting the header can be done with PHP for instance with the header command such as: header('Strict-Transport-Security: max-age=500');
I didn't know that, so I went and looked it up.
Good post thanks for sharing information i really like it and hope will some good stuff soon
great post - thank you so much for sharing this very useful information
The https method is very safe and help you protect yourself.
My account was hacked.I would love to use this and hope it will provide security for my profile.Thank You for the Post.
Nice post admin thx. i will follow your this blog
great post with a lot of useful info. thank you so much for the help
Web Guy
Interesting tool!
This looks like a really great option. I am tired of worrying about my internet security. This sounds really automated, which is great.
I have recently updated to FF5 and I don't think it works with it. Do you have any way of doing this on FF5.
Very good blog, I also like monster beats, his tone is really quite good, noise reduction powerful, production quality also is very good, I bought 2, a home listening to, a shopping listen. My friends are in use!
Like the Https method, great post
Great info thanks...!
Thank you for sharing this info! It helped me.
The trouble is with this is that the websites themselves have to enable the Strict Transport Security header and, well, not many of them either do or will.
Thank you for the information. It really helps. it is also us full for me . and thank`s again for shearing this....
Thanks..............but what are the way of HTTPS security access...on the web....