Feeds

Firefox add-on does 'HTTPS Everywhere'

Well, everywhere possible

HP ProLiant Gen8: Integrated lifecycle automation

The Electronic Frontier Foundation and The Tor Project have teamed up to offer a Firefox add-on that beefs up https on several major websites, including Google.com, Wikipedia, Twitter, Facebook, and PayPal.

Currently in beta, HTTPS Everywhere is designed to make encryption easier to use on sites offering at least partial SSL support. Google, for instance, still defaults to unencrypted search, but the EFF's add-on automatically takes you to the https incarnation.

"Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use," says the EFF. "For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS."

The code behind the add-on is based in part on the Strict Transport Security (STS) response header put together by the NoScript project. "HTTPS Everywhere aims to have a simpler user experience than NoScript, and to support complex rewriting rules that allow services like Google Search and Wikipedia to be redirected to HTTPS without breaking anything."

Google rolled out an https version of its search engine late last month, announcing the move in the same blog post in which it admitted that its Street View cars had been collecting payload data from unsecured Wi-Fi networks across the planet. Normally, to use SSL-ed Google Search, you must specifically visit https://www.google.com (note the "s").

After installing the HTTPS Everywhere add-on, if you visit http://www.google.com (no "s"), you will automatically be taken to the SSL version. The same is true for sites such as Wikipedia, Twitter, Facebook, The New York Times, The Washington Post, Paypal, the privacy-minded search engine Ixquick, and, well, EFF and Tor. And once you're onto secure versions of these sites, the plug-in attempts to keep your traffic within these sites encrypted as you move from page to page.

You can also modify the add-on's rule-set to include additional sites not covered at install. You can download the add-on here. ®

Top three mobile application threats

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.