Fábio Costa 🐇🕐🎩☕Jan 19
Alright.. #Firefox and their forks are now all fucked-up when #HSTS got into play. Someone knows how to solve/override/mitigate the problem? This happened on all the forks, like @zenbrowser #FLOORP and #midori.
Forum StandaardisatieDec 9

💡Denk mee en reageer op de consultatie van het aangepaste “Besluit beveiligde verbinding met overheidswebsites en -webapplicaties”: https://www.internetconsultatie.nl/verzamelbesluitdigitaleoverheid

📜In het herziene besluit op basis van de Wet digitale overheid wordt verwezen naar nieuwe versies van de TLS- en Webapplicatie-richtlijnen van @ncsc_nl. Reageer voor 6 jan, 2026.

Meer info over het huidige besluit: https://www.digitaleoverheid.nl/overzicht-van-alle-onderwerpen/wetgeving/wet-digitale-overheid/veelgestelde-vragen-verplichting-https-en-hsts-voor-overheidswebsites/

#beveiliging #websites #openstandaarden #HTTPS #HSTS

@minbzk @nctvnl @DigitaleOverheid

Overheid.nl | Consultatie Verzamelbesluit digitale overheid i.v.m. vertegenwoordigen

Damian YerrickNov 11

@gelatin @wyatt Maybe I'm missing something. If an attacker on a coffee shop WLAN sniffs your session cookie for a forum, they can proceed to ruin your life by posting illegal material under your name. There used to be a browser extension called "Firesheep" that would snoop others' cookies for Facebook until Facebook went all HTTPS all the time.

#https #hsts #firesheep #facebook #PacketSniffer

Show threadNormSep 26

Yes, turns out it was the #hotspot device's #DNS blocking certain sites. Not sure how this appeared as a #HSTS error, but once I cleared my browser settings for that site, I refreshed and got a message from the hotspot device saying the site was blocked.

Setting a different DNS server on my computer bypassed the problem 😉

NormSep 24

Certain websites work fine when I access them via my main fibre internet connection, or my phone's mobile data connection. But when accessed via a portable wifi #hotspot device, they show a "Potential security issue" error message citing #HSTS...

Surely if the site works on some networks but not others, it can't be a certificate issue, right?

What would cause this? Some sort of security on the hotspot device?

#internet #blocking #network #Firefox

Show threadcybertrappedJul 25, 2025

#HSTS #manInTheMiddleAttacks

Researching HSTS, HTTP Strict Transport Security

I think this is why I am disable from accessing many pages that appear to have the HSTS, because indeed I am persistently under their thumb of hackers.

I would like to know if it is possible to achieve a clean OS in the midst of hacked devices and networks that target me for man in the middle attacks

https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

HTTP Strict Transport Security - Wikipedia

cybertrappedJul 25, 2025
#help #hacked #sos #persistentlyHacked #disablementCampaign #conspiracyToOppress #illegalSurveillance #middleManAttack #peerTube #HSTS

MIDDLE MAN SNIFFING, and can't load instances.joinpeertube.org and sepiasearch.org without. KEEP getting WARNING "Your connection is not private" ERR_CERT_AUTHORITY_INVALID

You cannot visit right now becasue the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
AfnicJul 8, 2025

🔐 Did you know that TLDs reserved for a single organization — like .sncf or .bnpparibas — can implement a global security policy across all their subdomains using HSTS (HTTP Strict Transport Security)?

👉 Find out more on our blog with @bortzmeyer https://www.afnic.fr/observatoire-ressources/papier-expert/profiter-de-son-domaine-de-premier-niveau-pour-securiser-un-peu-plus-le-web-avec-hsts/

#CyberSecurity #TLD #HSTS #HTTPS #Afnic #Security #Branding

AfnicJul 8, 2025

🔐 Saviez-vous que les TLD réservés à une seule organisation comme .sncf ou .bnpparibas peuvent mettre en place une politique de sécurité globale sur tous leurs sous-domaines grâce à HSTS (HTTP Strict Transport Security) ?

👉 Explications sur notre blog avec @bortzmeyer https://www.afnic.fr/observatoire-ressources/papier-expert/profiter-de-son-domaine-de-premier-niveau-pour-securiser-un-peu-plus-le-web-avec-hsts/

#CyberSécurité #TLD #HSTS #HTTPS #Afnic #Sécurité #Branding

AJ JordanMar 28, 2025

tesla.com, spacex.com, and boringcompany.com are all not on the HSTS preload list.

it would be a total shame if someone in a privileged network position used this to start inserting content letting people know that the CEO of these companies is a fucking Nazi.

#hstspreloadlist #hsts #tesla #TeslaProtests #ElonMusk #doge