More secure and dropping support for Internet Explorer 10
We have turned on HSTS for Tom’s Planner. This is a technology that will improve online security while connected to a public wifi network, like in a hotel or restaurant for instance. Unfortunately though, Internet Explorer version 10 does not support HSTS. So we are forced to drop support for Internet Explorer 10 as of today.
We hope that the few users that still use IE 10 can upgrade their browser in some way or switch to Google Chrome for instance. If you need any assistance in doing this please don’t hesitate to contact us.
For all fellow nerds and geeks among us:
HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should interact with it using only secure HTTPS connections, and never via the insecure HTTP protocol.
The most important security vulnerability that HSTS can fix is SSL-stripping man-in-the-middle attacks. The SSL (and TLS) stripping attack works by transparently converting a secure HTTPS connection into a plain HTTP connection. The user can see that the connection is insecure, but crucially there is no way of knowing whether the connection should be secure. Many websites do not use TLS/SSL, therefore there is no way of knowing (without prior knowledge) whether the use of plain HTTP is due to an attack, or simply because the website hasn’t implemented TLS/SSL. Additionally, no warnings are presented to the user during the downgrade process, making the attack fairly subtle to all but the most vigilant