Tag Archives: HTTPS Everywhere

For Firefox Users – HTTPS Everywhere

Computer Security, Technical Tips

Computer security is as strong as its weakest link. Nowadays, the weakest link is, frequently, the user himself. That’s partially why I write these articles, in an effort to do my part to improve the general knowledge level of the average computer user. What is HTTPS? It’s a secure method of HTTP. And what the … is HTTP? an acronym that means Hyper Text Transfer Protocol. Simply put, the method your computer uses to display websites. OK so back to HTTPS now. HTTPS is therefore a secure method of displaying websites. How does that affect you?

Well, with the Internet becoming more and more interactive, the communication from your computer is not just from the internet to it (like what happens when you make your computer’s web  browser go to a website) but also from your computer to the Internet. So it’s becoming more and more a two-way street. That takes us to a recent problem. Recently somebody created Firesheep, a plug-in that allows any user using the Firefox web browser to “steal” login information from other users logging in to sites like Facebook, as long as the victim is using a public wireless connection and is nearby. You might have read about it, it made the news recently. As a result, the attacker can impersonate the legitimate user at which point he/she will have total control over your account and can do anything the legit user can do.

Ok so that’s the bad news. What’s the good news? Actually, I didn’t say there were any. But in this case you got lucky, because there are. At least if you use Firefox as your web browser. There is a counter-measure plug-in called HTTPS Everywhere. This one forces the use of HTTPS in several well-known and frequently use websites, resulting in being invulnerable to the Firesheep plug-in attack. Again, you can only install this plug-in in Firefox. You can find HTTPS Everywhere here.

Note: Using the plug-in might have adverse effects in some minor functions in certain websites. For example it breaks the functionality of Facebook chat. The bug is not in the plug-in, but in Facebook’s website, so it’s something Facebook would have to fix.

Some of the popular websites HTTPS Everywhere works in include:

  • Google Search
  • Wikipedia
  • Twitter
  • Facebook
  • bit.ly
  • GMX
  • WordPress.com blogs
  • The New York Times
  • The Washington Post
  • PayPal
  • EFF
  • Tor
  • Ixquick

Wishing you a safe surf.