What’s the Disconnect with Strict Transport Security?

Even the average Joe is starting to understand that encryption is important. If Joe doesn’t use HTTPS, an attacker can see or hijack his browser session. Session hijacking isn’t a theoretical threat: Over 5 years ago (an eternity in the #infosec world), Eric Butler released the Firesheep session hijacking tool and used Facebook as a target example.