New Web Security Protocol HSTS Protects Us Against ‘Internet Hijacks’


A brand-new security protocol geared towards protecting Internet users from ‘Internet hijackings’ has won over approval by the Internet Engineering Task Force as a new proposed standard.

With new security threats emerging day on day, the HTTP Strict Transport Security (HSTS) is an opt-in security enhancement that will allow complying browsers to automatically switch insecure connections to websites to secure ones, even if the user behind the mouse and keyboard chooses not to type the widely-used communications protocol known as ‘HTTPS’ into the URL.

In full, HSTS is ultimately designed to protect against ‘session hijackings’ that occurs when users are connected to a web site with limited encryption. Though most sites encrypt login details (username and password) at point of connect, cookie data remains largely vulnerable to such attacks, and can still be used to access accounts.

The last hurdle for the protocol to become Internet-standard is to be judged on its ‘technical maturity’ and whether there is a general consensus that the added security measure will be useful and ably reduce such threats posed to the majority of Internet users. Though either way, it still presents itself as a suitably handy security update. The likes of PayPal, Blogspot, Google Chrome, Mozilla Firefox and Opera have already adopted the protocol, and a continued roll-out is to be expected.

Harvey McDaniel

Source: CNET