EFF Tool Offers New Protection Against ‘Firesheep’

The Electronic Frontier Foundation (EFF) has launched a new version of HTTPS Everywhere, a security tool that offers enhanced protection for Firefox browser users against “Firesheep” and other exploits of webpage security flaws.

HTTPS secures web browsing by encrypting both requests from your browser to websites and the resulting pages that are displayed. Without HTTPS, your online reading habits and activities are vulnerable to eavesdropping, and your accounts are vulnerable to hijacking.

Unfortunately, while many sites on the web offer some limited support for HTTPS, it is often difficult to use. Websites may default to using the unencrypted, and therefore vulnerable, HTTP protocol or may fill HTTPS pages with insecure HTTP references. EFF’s HTTPS Everywhere tool uses carefully crafted rules to switch sites from HTTP to HTTPS.

This new version of HTTPS Everywhere responds to growing concerns about website vulnerability in the wake of Firesheep, an attack tool that could enable an eavesdropper on a network to take over another user’s web accounts — on social networking sites or webmail systems, for example — if the browser’s connection to the web application either does not use cryptography or does not use it thoroughly enough. Firesheep, which was released in October as a demonstration of a vulnerability that computer security experts have known about for years, sparked a flurry of media attention.

“These new enhancements make HTTPS Everywhere much more effective in thwarting an attack from Firesheep or a similar tool,” said EFF Senior Staff Technologist Peter Eckersley. “It will go a long way towards protecting your Facebook, Twitter, or Hotmail accounts from Firesheep hacks. And, like previous releases, it shields your Google searches from eavesdroppers and safeguards your payments made through PayPal.”

Other sites targeted by Firesheep that now receive protection from HTTPS Everywhere include Bit.ly, Cisco, Dropbox, Evernote, and GitHub. In addition to the HTTPS Everywhere update, EFF also released a guide to help website operators implement HTTPS properly.

“Firesheep works because many websites fail to use HTTPS,” said EFF Technology Director Chris Palmer. “Our hope is to make it easier for web applications to do the right thing by their users and keep us all safer from identity theft, security threats, viruses, and other bad things that can happen through insecure HTTP. Taking a little bit of care to protect your users is a reasonable thing for web application providers to do and is a good thing for users to demand.”

The first beta of HTTPS Everywhere was released last June. Since then, the tool has been downloaded more than half a million times.

To download HTTPS Everywhere for Firefox:
https://www.eff.org/https-everywhere

For more on implementing HTTPS in websites:
https://www.eff.org/pages/how-deploy-https-correctly

This article was originally published by the Electronic Frontier Foundation.

Related Posts

‘Space-Time Cloak’ to Conceal Events The study, by researchers from Imperial College London, involves a new class of materials called metamaterials, which can be artificially engineered t...
Have a Happy Holidays and give GRUB a look to match your mood Not too long ago, it was January, and in a few days, it will be another month of January. Time really does fly. But what can we do? Go with the...
The K Desktop Environment is 15 Editor: The title of this article is misleading, but trust me, it was not intentional. KDE is actually 16, but KDE e. V., the non-profit organization ...
Cinnamon proposed to replace GNOME Shell as default DE on Fedora 19 It was lobbying by the GNOME devs that made GNOME 3 the default on Fedora, but now it seems that somebody has had enough. That somebody has proposed m...
Children hospitals saving money by using open source Italian children hospitals are saving money by using the 'Smart Inclusion project' using open source technology and offering access to for instance me...
Crowdfunding a FOSS accounting software for NPOs The Software Freedom Conservancy has launched a fundraising or crowdfunding campaign for a FOSS accounting software for non-profit organizations (NPOs...

We Recommend These Vendors and Free Offers

Launch an SSD VPS in Europe, USA, Asia & Australia on Vultr's KVM-based Cloud platform starting at $5:00/month (15 GB SSD, 768 MB of RAM).

Deploy an SSD Cloud server in 55 seconds on DigitalOcean. Built for developers and starting at $5:00/month (20 GB SSD, 512 MB of RAM).

Want to become an expert ethical hacker and penetration tester? Request your free video training course of Online Penetration Testing and Ethical Hacking

Whether you're new to Linux or are a Linux guru, you can learn a lot more about the Linux kernel by requesting your free ebook of Linux Kernel In A Nutshell.


One Comment

  1. Pingback: Tweets that mention EFF Tool Offers New Protection Against ‘Firesheep’ -- Topsy.com

Leave a Comment

Your email address will not be published. Required fields are marked *

*