It's good that websites like Gmail fully support HTTS (SSL) but some sites will redirect you back to unencrypted pages after the login. LinkedIN.com is a good example of this. This allows for sidejacking and other security issues. Especially when using open networks like hotspots.
The latest version of NoScript now has a feature where you can define websites to always revert to the SSL version of a website.
Just go to NoScript -> Advanced -> Options -> HTTPS and add the websites.
Of course, it won't work for websites that completely don't support https but those are rare. You can play with exceptions to finetune these settings.
For example, you can add *.twitter.com but add an exception for search.twitter.com.
(Photo under creative commons from Mirko Macari's photostream)
Wednesday
Use NoScript to force websites to SSL
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment