Firefox 4’s built-in HTTP Strict Transport Security (HSTS) automatically protects users from Firesheep-like tools

There’s a lot of buzz about Firesheep, which steals cookies from Facebook and Twitter user accounts over open Wi-Fi, Force-TLS, Use HTTPS, HTTPS everywhere and BlackSheep extensions protect users from this happening. If you are using the latest Firefox 4 Beta 7 or the nightly version, you are automatically protected from this, you do not need to install any extensions because the Force-TLS functionality has been implemented as HTTP Strict Transport Security (HSTS) in Firefox 4 that prevents man-in-the-middle attacks over HTTP.

Mozilla it says all sites like Twitter and Facebook that offer users to connect via secure connections simply need to set the HTTP Strict Transport Security header when they serve the user’s secure login page and make the rest of their sites available over HTTPS. Firefox will take care of the rest, automatically fetching that site over a secure connection so that third parties don’t see the unencrypted topic.

Therefore, Twitter and Facebook sites need to add a strict transport security HTTP header to protect their users. Firefox 3.6 and Google Chrome users can use the above mentioned add-ons to protect from firesheep.

Related Posts

Leave a Reply

Your email address will not be published.