hanno, I gave a talk at this year's Nullcon about a vulnerability I found in HSTS as implemented in Firefox, and also a general overview of HTTP/HTTPS mixing problems. It wasn't recorded at the conf, so I've now re-recorded the talk. You can find it here: https://www.youtube.com/watch?v=JjMb7Z8ak2k
Add comment