A while back Troy Hunt talked about HTTP Login forms that post to HTTPS. The long story short is these are still unsecure. As a web developer, don't be fooled into thinking that just because you're POSTing to HTTPS that your customers are safe. No, you need to have an HTTPS login form/page or you're at risk. The HTTPS POST may prevent sniffing because the traffic is encrypted, but with an unsecure HTTP form posting to HTTPS you are still at risk for man-in-the-middle. With a man-in-the-middle the form action url could tampered with and changed so your credentials get posted to some attacker website instead of the real one.
Now finally FireFox will make this even clearer by warning users if they're logging in with on a website with this insecure configuration.
More about neonprimetime
Top Blogs of all-time
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Showing posts with label FireFox. Show all posts
Showing posts with label FireFox. Show all posts
Tuesday, March 1, 2016
Friday, January 23, 2015
Is Your Browser Secure?
You surf the internet with a browser (Internet Explorer, Google Chrome, Firefox, Safari, etc.). Staying secure on the Internet REQUIRES you to run the latest versions that are patched.
The browser probably does a decent job of telling you if it's got the latest version or updates. It'll popup to tell you a new update is available, or it'll just download and perform the update for you automatically.
But what about some of the other critical plugins such as Java, Adobe, Silverlight, QuickTime, etc?
I came across this pretty nice tool made by Qualys that I recommend you make your homepage, so that everytime you load your browser, it runs a quick scan and tells you if you're secure. Try it out! https://browsercheck.qualys.com/?scan_type=js
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
The browser probably does a decent job of telling you if it's got the latest version or updates. It'll popup to tell you a new update is available, or it'll just download and perform the update for you automatically.
But what about some of the other critical plugins such as Java, Adobe, Silverlight, QuickTime, etc?
I came across this pretty nice tool made by Qualys that I recommend you make your homepage, so that everytime you load your browser, it runs a quick scan and tells you if you're secure. Try it out! https://browsercheck.qualys.com/?scan_type=js
Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.
Subscribe to:
Posts (Atom)