A Web security protocol designed to protect Internet users from Internet hijackings due to unencrypted Web sites has won approval as a proposed standard.
A steering group for the Internet Engineering Task Force (IETF) gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers accessing it to always interact with it over a secure connection.
Web browsers complying with the policy will automatically switch insecure links to site to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.
HSTS is designed to deflect HTTP session hijacking, in which limited encryption used on many popular Web sites put user accounts at risk of compromise by someone snooping on session traffic between the user's computer and the site's server. Sites typically encrypt the username and password as they are transmitted, but unless the entire Web session is encrypted with "https," or secure hypertext transfer protocol, someone sniffing the network could capture the cookie information and use that to access the accounts.
Whether the proposal is accepted as a standard depends on its degree of technical maturity and whether there is a general consensus that the protocol provides significant benefit to the Internet community.
The technology is already supported by sites and services such as *****, Blogspot, and Etsy. It's also included in the Chrome, Firefox 4, and Opera 12 Web browsers. However, Microsoft's Internet Explorer and Apple's Safari have not yet embraced HSTS.
Intel I7 960 @ 3.87ghz *Intel DX58SO *HIS HD6970 2gb *Corsair TX650M *2x4gb Corsair XMS3 *WD Black 1TB *Windows 7 Home Premium 64bit *Gateway HD2401 24" 2ms 1920x1200 ***Asus N71Jq laptop *Intel I7 720QM Processor *Mobility Radeon HD5730 1gb *8gb Ram *Windows 7 64bit
* A clear conscience is usually a sign of bad memory *