Reported by Security Week, comes the revelation that 95% of all HTTPS servers do not possess HTTP Strict Transport Security (aka HSTS) deployments.

As Netcraft’s Paul Mutton explained in a recent blog post, these vulnerabilities can be exploited in phishing, pharming and man-in-the-middle (MiTM) attacks when a user unintentionally attempts to access a secure site via HTTP, meaning that the attacker does not have to spoof a valid TLS certificate to be successful. These attacks are easier to be carried out compared to those targeting TLS, such as the DROWN attack. - via SecurityWeek