Is there a way to disable the HSTS ( HTTP Strict Transport Security ) list built into Firefox or to allow exceptions?
HSTS is problematic in that it incorrectly assumes that all users trust the default list of CAs and makes the adding of exceptions impossible even by advanced users.
For example, torproject.org is inaccessible on Firefox unless I am willing to trust DigiCert to never sign a fake certificate either by negligence or by court order of any country in witch they operate, thereby making every https: site ( not just torproject.org ) vulnerable to a MITM attack.
A user disabling CAs in the browser is not unreasonable given the ever growing list of CAs built into Firefox ( each one a potential point of failure ), the number of CAs that have been recently compromised and the very low standards required to obtain a certificate.
While I understand the desire to protect the average user who doesn't understand how certificates work and will click past warnings without reading them, this protection should not come at the expense of more security conscious users.
I would recommend an about:config setting that would allow the creation of exceptions by users who explicitly choose to do so.
So far the only kludge I have been able to come up with is to modify c:\program files\mozilla firefox\xul.dll with a hex editor and replace the sites on the list ( this is far from an ideal solution ).
dumdidadida: Thanks for your reply, but it doesn't address the problem. HSTS is designed to FORCE the use of https, this is a good thing in most cases. However, HSTS is problematic in that it incorrectly assumes that all users trust the default list of CAs and makes the adding of exceptions impossible even by advanced users.
torprojec.org is just an example, this effects every HSTS site. You can reproduce this problem yourself in version 17 or later if you temporary disable "DigiCert High Assurance EV Root CA" in your certificate store and then visit torproject.org. You will notice the ability to add exceptions has been removed and that the cert_override.txt file found in the user's profile is also ignored.
Similar Messages
-
How to edit HSTS (HTTP Strict Transport Security) settings?
I want the connections to some particular sites to be always using https, so I need to edit Firefox's HSTS settings, but I don't know where the HSTS setting file is. Can anyone tell me how to accomplish this task?
I use both Ubuntu 14.04.1 and Windows 8. So solutions for Linux and Windows are both welcome and needed.
(I know there is an add-on called "Force TLS," but I hope to do it without an add-on.)hello, please use the addon you already know about in order to edit these settings: https://addons.mozilla.org/firefox/addon/force-tls/
the hsts settings would be stored within the permissions.sqlite database in your profile but manually editing it could do more harm than good... -
Is there any way to disable the objects owned by a user?
Hai every body....My problem is..
I had created 60 users granting them connect and resource privileges in oracle(8.1.5.0.0).All of the users are working under their logins(users)...Every thing is going fine...But now i wanted to disable the objects owned by those users
(60 Users) for a period of 2 days,After that i wanted to enable them....Is there any way to disable the objects owned by them with out dropping the users?(The users should be able to work as prevoiusly on the new objects they will create after i disabled the objetcts owned by them previously)?hi
if my understanding is right you want to disable the users for 2 days for any reason let say he is on holiday for 2 days then why dont u lock this user and submit the job for unlock after two days.
Khurram Siddiqui
[email protected] -
Question:-Is there any way to disable the installation location/folder of da Adobe AIR Application?
Is there any way to disable the installation location/folder of the Adobe AIR Application or can we skip that part automatically?
xmlns:mx="library://ns.adobe.com/flex/mx" is the spark mx address, which is completely different than the original 2006 mx library.
The thing is: I love AIR, hate spark, loved the 2006 pre-spark functionality. It is so much more convenient and user friendly. Given the choice between having the display seperate from the processing, or having it be convenient and easy to work with, I choose the later option.
For the most part it seems like the AIR api is like a layer on top of the spark - flex system.. I would like to be able to over lay the same AIR functionality on top of the the old system....
Possible or no? -
Just upgraded to a 6. I want to use my old 4S as an iPod touch. Is there a way to disable the phone and only have wi-fi?
Did you transfer the telephone number from the old phone to the new phone? If you did, I don't see how you could still have cellular service, even if you turned it off in settings.
-
HP ENVY 17 G0U21AV - Is there a way to disable the Fingerprint Scanner?
I am using an HP ENVY 17 G0U21AV Windows 8.1.
This model came with a fingerprint scanner in the lower left of the computer. While this seems like a nice feature, it's not one that I am planning on using (I use LastPass for my passwords). I keep accidentally running part of my palm over the scanner which will bring up the screen for HP SimplePass. This can come up at the most inopportune moments, and it can get quite annoying trying to always conciously avoid the fingerprint scanner.
Is there any way to disable the fingerprint scanner?
Thanks.
This question was solved.
View Solution.@DSWJoshua,
Thanks for posting. You can disable the fingerprint reader. To be thorough, I will provide steps to disable the driver itself, and Biometric support, so you don't have to worry about it later.
To disable the Driver, go to Control Panel, then Device Manager. Expand Biometric devices. Right-click on the Validity sensor and Uninstall.
To turn off biometric support, go to Control Panel, then Biometric devices. Uncheck Allow users to log on to Windows using their fingerprints and then save it.
**TechWars**
Please click the "Thumbs-Up" on the left to show appreciation. Please click "Accept as Solution" if I helped you out.
**TechWars** does not work for HP -
Is there a way to disable the passcode function?
hello, I work at a school, in the IT department. one of my jobs is to manage all the ipads.
I have a lot of ipads that students use. some students like to make a passcode and lock me out.
is there any way to disable the passcode function?
thanks,No, but what you can do is use the free MDMs at http://www.simplemdm.com/ or http://www.meraki.com/products/systems-manager/ , enroll your devices, and clear passcodes set by students with the click of a mouse.
-
Is there any way to disable the log-in process?
i have no need to re-enter my password to access my computer every time i restart, or after it falls asleep
is there a way to disable the log-in screen and just go straight to my desktop?
edit: i tried preferences > security/privacy > de-select "require password"
but i still get the log-in screen
thanksHi,
take a look at:
Preferences
Users & Groups
Login Options
At the top you can (de-) activate the automatic login.
Does it work for you?
Greets -
Is there any way to disable the lock screen with out the screen staying on?
I know there is away to disable the pass lock but is there a way to disable the screen from locking every time the screen goes off? cause it's so much easier to just press the answer button than to slide it to unlock. phone versions iPhone 4s and iPhone 5c.
You're confusing a direct answer with a rude one. Wjosten's reply wasn't rude. It was accurate and direct, without any sugercoating. You can't get the device to operate the way that you want (lock the screen, but not really 'lock' the screen). It's not a 'screensaver' like on your computer. It's a lock screen, designed to prevent accidental activation of the device screen, and possibly launching apps, making phone calls, etcetera.
If you want an option added that allows the device to do what you want, tell Apple.
www.apple.com/feedback
This is a technical assistance forum, not an 'emotional assistance' forum. Wjosten was not rude or insulting in any way. You were.
This is where we tell you how to solve your technical issues. There are no shoulders to cry upon here.
Direct, accurate information. That's what wjosten provided. -
Is there any way to disable the expanding scroll bars in Mountain Lion?
Since I never scroll by dragging the scroll bars with the cursor, I find the expansion of the scroll bars to be a distracting and even productivity limiting feature. Is there any way to disable the expansion of the scroll bars (perhaps with a terminal command)? System Preferences doesn't have an option to switch this feature off as far as I'm concerned.
Thanks a lot in advance.No!
-
Is there any way to DISABLE the irritating dialog to allow FP to put stuff on your drive?
Is there any way to DISABLE the irritating dialog to allow FP to put stuff on your drive?
Photoshop > Preferences > Interface > Show Transformation Values
-
the external GPS is used only for 911 but the device will not operate without it...this causes great inconvenience for me, having to run that cable to a window in the two houses I use it..is there a way to disable the GPS if I do not care about the 911 functionability..? this is the only downside I have with the network extender and it renders my device useless..
Nope, GPS is a Federal requirement for anything operating a cellular telephone signal. You don't ever plan to call 911 until you are in an emergency. I don't see that requirement changing any time soon.
If you are truly inconvenienced by the VZW network extender then perhaps you should disable you calling features in these areas and swap over to WiFi only. There are many services and apps out there that can route your phone services through internet service providers. -
HTTP Strict Transport Security (HSTS) support in Weblogic?
Hi Gurus,
1) Does Weblogic 10.3.3+ support HTTP Strict Transport Security (HSTS)?
2) Has anyone experienced with implementation of the HTTP Strict Transport Security (HSTS) header in Weblogic 10.3.3?
Thanks in advance.
JamesHi Friends, Thanks for reply, none of them solves my issue. Also I have one simple question, Gmail works fine in IE and Chrome but not in Firefox, this purely means my security application (antivirus etc) are not playing any role in the error displayed.
This looks like some issue in Firefox only.... -
Is there a way to disable the itunes video pop up for music videos in itunes 11?
I'm wondering if there is a way to disable the video window from popping up everytime I change a music video track in itunes in previous versions I always used play in artwork viewer but I accidentally updated and now that option is no longer there. I use itunes to organize my music collection as I'm a video dj but it's becoming to be a really big pain now with all the videos popping up. Any help would be greatly appreciated
You can choose to have videos play in the iTunes window, rather than a separate window. Start playback of a video, then right click in the video and choose "Play video in iTunes window"
-
A lot of sites have video ads that load and start playing while safari is loading the entire page - slows everythiing down. Also a couple news sites I go to have autoload/play content. Is there a way to disable these auto loads?
Install the ClickToFlash or ClickToPlugin Safari extension.
Maybe you are looking for
-
My Ipod won't display or ply songs!! Helpppp!!!!!!!!
When I turned on my iPod & pressed songs nothing showed up! There is nothing under artists or albums either.
-
JDeveloper 11.1.2.1.0 : The JUnit Integration update cannot be installed
Hi. When trying to install "JUnit Integration 11.1.2.1.38.60.81" I got this message: "The JUnit Integration update cannot be installed because it has a required licence agreement that could not be read. Click Back to remove this update." I want to in
-
Native deadlock in PrintStream?
I've been working on a multi-threaded application where multiple threads are sending output to System.out. I've found what appears to be a native call that deadlocks on occassion, and I'm wondering if I might be doing something wrong. I'm running JDK
-
Contour Showcase for iPhone: is it at retail Apple Store?
Hello fellow iPhone owners, I'm looking to purchase a Contour Showcase for iPhone with my rebate and was wondering if anyone has seen it in the retail Apple Stores yet?
-
LaCie Backup Disk needs 2 TB!!?!?!?!! On an 80 GB HD?!!! How so?
I just got a new HD installed into my Powerbook after my old one of three years started dying. All my files were successfully transfered to my new HD. I thought it would be a good idea to back up my stuff this time, and so I got a LaCie 250 GB extern