Web security protocol HSTS wins proposed standard status

A Web security protocol designed to protect Internet users from Internet hijackings due to unencrypted Web sites has won approval as a proposed standard.

A steering group for the Internet Engineering Task Force (IETF) gave its blessing to a draft of HTTP Strict Transport Security (HSTS), an opt-in security enhancement in which Web sites prompt browsers to always interact over a secure connection.

Web browsers complying with the policy will automatically switch insecure links to a secure version of the site, using "https," without the Web surfer having to remember to type that in the URL bar.

HSTS … Read more

LastPass now manages Wi-Fi passwords--but it's a pain

An update to the password managing utility LastPass (download for Windows and Mac) at the end of last week added a useful new feature, and tightened security protocols just a bit more than before.

The new feature lets you manage your Wi-Fi passwords from within LastPass. Unfortunately for existing users, you're going to have to re-install the LastPass dekstop client to get it to work. LastPass explained that this is because the new feature required a new utility with administrative rights before it could access the Wi-Fi password list. It also requires running the binary version of the LastPass … Read more

Chrome encrypts Gmail whether you want it or not

Google, which has found Gmail to be a target of hacking attempts from China, has modified Chrome so the browser always encrypts connections with the e-mail service.

Google already changed Gmail to use encryption by default, a mode indicated by the "https" at the beginning of a browser address bar that means outsiders sniffing network traffic can't read your e-mail. People could still get to the unencrypted version by typing "http://gmail.com," but no more, for Chrome.

"As of Chromium 13, all connections to Gmail will be over HTTPS. This includes the initial … Read more