Twinoza updates
Twinoza updates

Website security enhancement.





We now serve our website through HSTS!

TL;DR: Twinoza and your data and personal information are now even more secure! Interactions with our website are now made only through forced HTTPS secure connections.

If you like nerdy details, continue reading!

"What is HTTP Strict Transport Security (HSTS)?"

HTTP Strict Transport Security (HSTS, RFC 6797) allows a website to specify and enforce security policy in client web browsers and ultimately helps to protect websites against protocol downgrade attacks and cookie hijacking.

"How am I more secure?"

The most important security vulnerability that HSTS can fix is SSL-stripping man-in-the-middle attacks.
Example: Suppose Alice wishes to communicate with Bob in a way that they believe safe. Meanwhile, Mallory, the bad guy, he wishes to intercept the conversation to eavesdrop and optionally to deliver a false message to Bob.

Mallory could have intercepted personal data and other information by "infiltrating" in the communication using a protocol downgrading attack. But with the implementation of the HSTS encryption, he must now find another way!