Security Alerts & News
by Tymoteusz A. Góral

History
#1237 Google domain enables HSTS protection
Google is adding HTTP Strict Transport Security (or HSTS) to the Google.com domain, an extra layer of protection that prevents visitors from using a less secure HTTP connection.

By using HSTS, visitors following HTTP links to Google.com will be automatically redirected to the more secure HTTPS version of the Google domain. The effort, announced Friday, is meant to protect against protocol downgrade attacks, session hijacking and man-in-the-middle attacks that exploit insecure web connections.

“HSTS prevents people from accidentally navigating to HTTP URLs by automatically converting insecure HTTP URLs into secure HTTPS URLs. Users might navigate to these HTTP URLs by manually typing a protocol-less or HTTP URL in the address bar, or by following HTTP links from other websites,” wrote Jay Brown, a senior technical program manager for security at Google in blog post on Friday.
Read more
#1237 Google domain enables HSTS protection
#1236 Kaspersky DDoS Intelligence Report for Q2 2016
#1235 Attack with WPAD protocol and PAC files can leak HTTPS traffic
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12