HTTPS Everywhere Protects against Firesheep, EFF Announces
The Electronic Frontier Foundation (EFF) has recently announced that HTTPS Everywhere, the Firefox add-on it has developed in collaboration with the Tor Project, has been updated. The Firefox add-on, which helps users encrypt their traffic by forcing full-session HTTPS connections, has been updated to provide protection against Firesheep and other exploits of webpage security flaws.
Firesheep is an attack tool that, if used by a person with malicious intent, could allow that person to take over a user’s web accounts. A person with malicious intent could take over a user’s social networking account, or email account for example. The catch is that this exploit only works if the “browser's connection to the web application either does not use cryptography or does not use it thoroughly enough,” as the EFF explained.
This is where HTTPS Everywhere comes in – it forces an encrypted, secure HTTPS connection. HTTPS Everywhere works with numerous online sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, PayPal, Cisco, Dropbox, Evernote, and GitHub.
"Firesheep works because many websites fail to use HTTPS," said EFF Technology Director Chris Palmer. "Our hope is to make it easier for web applications to do the right thing by their users and keep us all safer from identity theft, security threats, viruses, and other bad things that can happen through insecure HTTP. Taking a little bit of care to protect your users is a reasonable thing for web application providers to do and is a good thing for users to demand."
"These new enhancements make HTTPS Everywhere much more effective in thwarting an attack from Firesheep or a similar tool," said EFF Senior Staff Technologist Peter Eckersley. "It will go a long way towards protecting your Facebook, Twitter, or Hotmail accounts from Firesheep hacks. And, like previous releases, it shields your Google searches from eavesdroppers and safeguards your payments made through PayPal."
If you would like to learn more about HTTPS Everywhere or perhaps get the add-on, you can do so at eff.org/https-everywhere. HTTPS Everywhere is also available on AMO (addons.mozilla.org) here.
Since its launch back in June, the HTTPS Everywhere add-on has been downloaded more than 500,000 times.
Firesheep is an attack tool that, if used by a person with malicious intent, could allow that person to take over a user’s web accounts. A person with malicious intent could take over a user’s social networking account, or email account for example. The catch is that this exploit only works if the “browser's connection to the web application either does not use cryptography or does not use it thoroughly enough,” as the EFF explained.
This is where HTTPS Everywhere comes in – it forces an encrypted, secure HTTPS connection. HTTPS Everywhere works with numerous online sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, PayPal, Cisco, Dropbox, Evernote, and GitHub.
"Firesheep works because many websites fail to use HTTPS," said EFF Technology Director Chris Palmer. "Our hope is to make it easier for web applications to do the right thing by their users and keep us all safer from identity theft, security threats, viruses, and other bad things that can happen through insecure HTTP. Taking a little bit of care to protect your users is a reasonable thing for web application providers to do and is a good thing for users to demand."
"These new enhancements make HTTPS Everywhere much more effective in thwarting an attack from Firesheep or a similar tool," said EFF Senior Staff Technologist Peter Eckersley. "It will go a long way towards protecting your Facebook, Twitter, or Hotmail accounts from Firesheep hacks. And, like previous releases, it shields your Google searches from eavesdroppers and safeguards your payments made through PayPal."
If you would like to learn more about HTTPS Everywhere or perhaps get the add-on, you can do so at eff.org/https-everywhere. HTTPS Everywhere is also available on AMO (addons.mozilla.org) here.
Since its launch back in June, the HTTPS Everywhere add-on has been downloaded more than 500,000 times.
