Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk (rugk@gnusocial.de)'s status on Tuesday, 12-Dec-2017 18:56:06 EST rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk rugk -> ⚠️ Follow me at https://social.wiuwiu.de/@rugk
    Service quotes about #HSTS/#HPKP from http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html…

    Firefox: size limit 1024 entries + website scoring
    -> you can kick sites out of the list

    Chrome/ium: unlimited JSON file
    -> you can DDOS it by filling it >= 500MB

    IE/Edge: completly broken
    -> seems to store sth. but only applies HSTS to big websites

    Test yourself: https://www.cloudpinning.com/
    In conversation Tuesday, 12-Dec-2017 18:56:06 EST from gnusocial.de permalink

    Attachments

    1. Invalid filename.
      Breaking Out HSTS (and HPKP) on Firefox, IE/Edge and (possibly) Chrome. Our Black Hat research
      The corporate ElevenPaths blog that offers insights about security.
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.