[Firefox] HTTPS Everywhere: Firefox plugin that encrypts connections whenever it's possible

-
SSL and TLS: Designing and Building Secure Systems
We have discussed about OSI Layer security, now we will see one TCP/IP Protocol that commonly used as a secure connection, HTTPS. Hypertext Transfer Protocol Secure (HTTPS) is a combination of the Hypertext Transfer Protocol with the SSL/TLS protocol to provide encryption and secure (website security testing) identification of the server. It uses port 443. HTTPS connections are often used for payment transactions on the World Wide Web and for sensitive transactions in corporate information systems. HTTPS should not be confused with Secure HTTP (S-HTTP) specified in RFC 2660



The main idea of HTTPS is to create a secure channel over an insecure network. This ensures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted.

The trust inherent in HTTPS is based on major certificate authorities which come pre-installed in browser software (this is equivalent to saying "I trust certificate authority (e.g. VeriSign/Microsoft/etc.) to tell me who I should trust"). Therefore an HTTPS connection to a website can be trusted if and only if all of the following are true:

  • The user trusts that their browser software correctly implements HTTPS with correctly pre-installed certificate authorities.
  • The user trusts the certificate authority to vouch only for legitimate websites without misleading names.
  • The website provides a valid certificate (an invalid certificate shows a warning in most browsers), which means it was signed by a trusted authority.
  • The certificate correctly identifies the website (e.g. visiting https://example and receiving a certificate for "Example Inc." and not anything else [see above]).
  • Either the intervening hops on the Internet are trustworthy, or the user trusts the protocol's encryption layer (TLS or SSL) is unbreakable by an eavesdropper.
The Electronic Frontier Foundation and The Onion Router (TOR) project have teamed up to release a new privacy-enhancing Firefox plugin called HTTPS Everywhere. It was inspired by Google's new encrypted search engine, and it ensures that whenever you visit a site that accepts encrypted connections, your browser switches into encrypted mode, hiding your traffic from snoops on your local network and at your ISP. HTTPS Everywhere covers Google search, Wikipedia, Twitter, Identi.ca, Facebook, EFF, Tor, Scroogle, DuckDuckGo, Ixquick and other smaller search engines. It's still in beta (what isn't?) but I've been running it all morning with no negative side effects.

Install the add-on, and by default, everything's checked, and any time you hit one of the sites covered by HTTPS Everywhere, your browser automatically goes for the HTTPS/SSL connection option, or uses TOR's resources to make it encrypted. The add-on covers the New York Times, Washington Post, Twitter and Facebook, and a good many popular and semi-obscure sites. If there's a site with an encryption offering you'd like to see included, you don't have to wait for an add-on update—write your own ruleset and add it to the simple XML config file.

HTTPS Everywhere is a free add-on for Firefox only. Know of a popular site that's got a good encryption option? Share it in the comments, and maybe some of our craftier coders can also share a ruleset.

HTTPS Everywhere download : Download link

Comments

Post a Comment

Popular posts from this blog

[Joke] Password selection rules

-
Image
Another joke from lolisoft today...   CORPORATE DIRECTIVE NUMBER 88-570471 In order to increase the security of all company computing facilities, and to avoid the possibility of unauthorized use of these facilities, new rules are being put into effect concerning the selection of passwords. All users of computing facilities are instructed to change their passwords to conform to these rules immediately. RULES FOR THE SELECTION OF PASSWORDS: 1. A password must be at least six characters long, and must not contain two occurrences of a character in a row, or a sequence of two or more characters from the alphabet in forward or reverse order. Example: HGQQXP is an invalid password. GFEDCB is an invalid password. 2. A password may not contain two or more letters in the same position as any previous password. Example: If a previous password was GKPWTZ, then NRPWHS would be invalid because PW occurs in the same position in both passwords. 3. A password may not contain the name of a
Read more

Get it better with disk defragmenter

-
Image
If you have managed your system with file manager , you can go further with "real file manager on hard drive".  Disk Defragmenter is a computer program included in Microsoft Windows designed to increase access speed by rearranging files stored on a disk to occupy contiguous storage locations, a technique commonly known as defragmenting. The purpose is to optimize the time it takes to read and write files to/from the disk by minimizing head travel time and maximizing the transfer rate. As of Windows XP, Disk Defragmenter is also used to improve system startup times.  Two softwares are recommended for this purpose: Auslogics Disk Defrag and MyDefrag .  Auslogics Disk Defrag is a compact and fast defragmenter that supports both FAT 16/32, and NTFS file systems. It is supplied with advanced optimization techniques, which will remedy your system sluggishness and crashes caused by files fragmentation. There are 7 advantages in using Auslogic Disk Defrag as mentioned on its we
Read more

[NEWS] Google’s ‘Soli’ Radar-Based Motion Sensor - Approved by FCC

-
Image
It's time for some good news .. Let's imagine being able to control gadgets with simple hand signals. Google needs to make this idea a reality with its 'Soli' radar-based movement sensor innovation.    According to the FCC, Google’s Soli motion sensor, “will serve the public interest by providing for innovative device control features using touchless hand gesture technology.” As per the FCC, Google's Soli movement sensor, "will serve the general population enthusiasm by accommodating imaginative gadget control highlights utilizing touchless hand motion innovation."  Soli, a detecting innovation that utilizes a small radar to identify touchless motion connections, was created by Google to enhance savvy gadget use. As indicated by Soli's site, the Soli movement sensor works by producing electromagnetic waves in a wide bar and following unique motions communicated by hand and finger movements. The sensor can be inserted into PCs, wearables, a
Read more