Internet Explorer 11 Gains HTTP Strict Transport Security In Windows 7 and 8.1

Mark Wilson writes: Anyone using the Windows 10 preview has had a chance to use the HTTP Strict Transport Security (HSTS) in Microsoft Edge, and today the security feature comes to Internet Explorer 11 in Windows 7 and Windows 8.1. This security protocol protects against man-in-the-middle attacks and is being delivered to users of older version of Windows through an update in the form of KB 3058515.

I can hardly wait!

[timrod]

I, for one, welcome this change to Internet Explorer. Now, I can know I am truly safe from man-in-the-middle attacks the next time I load a fresh Windows install and open IE10 so I can download Firefox.

Re:I can hardly wait!

[pushing-robot]

To be fair, a web browser download would be a great opportunity for a MITM attack.

Re:I can hardly wait!

[Opportunist]

Funny enough, due to how HSTS works, exactly the security of this connect will NOT be improved.

For HSTS to work, you need to have visited a page before. Because the server sets a token that tells your browser that in the next X days/months/years, it should connect to this server using https, and https only. This means if you type in http://whateverpage.com/ it will automatically turn it into a https connection and the browser will not allow a connection if something is fishy, e.g. when the certificate is bogus.

For this to work, though, your browser must already know that the server supports this. So you must have had visited that page at least once.

For the single time you use IE to download anothther browser, HSTS won't do you any good. But maybe you find comfort in the fact that your browser already has supported HSTS for quite a while now (IIRC about 4 years or so...).

Re:I can hardly wait!

[Opportunist]

Possibly that they have had HSTS support for about 4 years now...

It ain't foolproof, though, and with MS not supporting it 'til now it wasn't really that widely used (the server has to support it to work).

other options

looks like internet explorer is behind

From wikipedia:
Browser support[edit]
Chromium and Google Chrome since version 4.0.211.0[28][29]
Firefox since version 4;[30] with Firefox 17, Mozilla integrates a list of websites supporting HSTS.[20]
Opera since version 12[31]
Safari as of OS X Mavericks[32]
Internet Explorer 11 on Windows 8.1 and Windows 7 since June 2015[33]
Microsoft Edge and Internet Explorer 11 on Windows 10 Technical Preview support HSTS.[34][35]

Re:Security

[Opportunist]

Oh for fuck's sake, at least read up on HSTS before you reach for the knee-jerk reaction to karma whore.

Li'l hint: Karma whoring only works by saying what you think the groupthink will agree with if you manage to not look like a complete moron in the process. Like, say, by showing off that you know exactly zero about the topic at hand.

A more sensible Karma whoring on the topic would be "Oh great, MS finally woke up and implemented what everyone else already had at the very least a year ago. And that qualifies as news on Slashdot these days, when MS implements something everyone else already has?". There you have MS bashing and /. bashing rolled into a single posting. Guaranteed to give you more up-mods than you could ever need.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Oh Great

[thegarbz]

Oh great, MS finally woke up and implemented what everyone else already had at the very least a year ago.
Also how low has Slashdot fallen that we now qualify MS getting something that everyone else already has as "news"?

Re:Oh Great

[Opportunist]

I couldn't have said it better. Oh if only I had modpoints...