lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 13 Oct 2007 18:56:04 +1000
From: silky <michaelslists@...il.com>
To: "Kristian Erik Hermansen" <kristian.hermansen@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, Valdis.Kletnieks@...edu
Subject: Re: extension for Firefox to force HTTPS always?

on the google sites; customisegoogle lets you force them into ssl. but
obviously that's not all sites.


On 10/13/07, Kristian Erik Hermansen <kristian.hermansen@...il.com> wrote:
> So one example is that you are in a wifi cafe and you want to browse
> sites which may be available on both http and https.  One example is
> when you browse google calendar.  By default you will get http even
> after logging in over https.  It doesn't really matter anyways and I
> should just code this up for myself.  I was just wondering if
> something already existed...that whole code reuse concept...you know
> :-/
>
>
> On 10/12/07, Valdis.Kletnieks@...edu <Valdis.Kletnieks@...edu> wrote:
> > On Fri, 12 Oct 2007 15:06:14 PDT, Kristian Erik Hermansen said:
> > > I just wanted to clarify that I am looking for an extension that will
> > > rewrite all encountered HTTP references in Firefox to HTTPS.  I would
> > > already have a firewall or some other layer7 filtering device blocking
> > > unencrypted traffic.  The addon "Better Gmail" does something similar
> > > to this, with the "force HTTPS" option, but not exactly...
> >
> > What should this hypothetical extension do if it automagically redirects
> > http: to https:, but the target server is something that is only listening
> > on port 80 because it doesn't have https: enabled?
> >
> > https://www.cnn.com just sorta sits there for me.
> >
> >
>
>
> --
> Kristian Erik Hermansen
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>


-- 
mike
http://lets.coozi.com.au/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ