HTTPS Everywhere Protects against Firesheep, EFF Announces
Article by George Norman
On 24 Nov 2010
The Electronic Frontier Foundation (EFF) has recently announced that HTTPS Everywhere, the Firefox add-on it has developed in collaboration with the Tor Project, has been updated. The Firefox add-on, which helps users encrypt their traffic by forcing full-session HTTPS connections, has been updated to provide protection against Firesheep and other exploits of webpage security flaws.

Firesheep is an attack tool that, if used by a person with malicious intent, could allow that person to take over a user’s web accounts. A person with malicious intent could take over a user’s social networking account, or email account for example. The catch is that this exploit only works if the “browser's connection to the web application either does not use cryptography or does not use it thoroughly enough,” as the EFF explained.

Advertising

This is where HTTPS Everywhere comes in – it forces an encrypted, secure HTTPS connection. HTTPS Everywhere works with numerous online sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, PayPal, Cisco, Dropbox, Evernote, and GitHub.

"Firesheep works because many websites fail to use HTTPS," said EFF Technology Director Chris Palmer. "Our hope is to make it easier for web applications to do the right thing by their users and keep us all safer from identity theft, security threats, viruses, and other bad things that can happen through insecure HTTP. Taking a little bit of care to protect your users is a reasonable thing for web application providers to do and is a good thing for users to demand."

"These new enhancements make HTTPS Everywhere much more effective in thwarting an attack from Firesheep or a similar tool," said EFF Senior Staff Technologist Peter Eckersley. "It will go a long way towards protecting your Facebook, Twitter, or Hotmail accounts from Firesheep hacks. And, like previous releases, it shields your Google searches from eavesdroppers and safeguards your payments made through PayPal."

If you would like to learn more about HTTPS Everywhere or perhaps get the add-on, you can do so at eff.org/https-everywhere. HTTPS Everywhere is also available on AMO (addons.mozilla.org) here.

Since its launch back in June, the HTTPS Everywhere add-on has been downloaded more than 500,000 times.



Tags: EFF, Electronic Frontier Foundation, HTTPS Everywhere, Firesheep
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
By George Norman on 17 Jul 2017
After having spent some five years in development, Mass Effect: Andromeda released to lukewarm reviews and the internet mocking its cringe-inducing facial expressions and broken animations.
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
HTTPS Everywhere Protects against Firesheep, EFF Announces
HTML Linking Code