Datasäkerhet och Informationssäkerhet

Robert Malmgren AB

“Trust is good, control is better.”

2011/03/05

HTTPS-Everywhere & Certificate Patrol


Tip of the day is to use two excellent firefox add-ons called HTTPS-everywhere and certificate patrol. These small addons will help you use SSL and they will detect errors, attacks and strange things with SSL/TLS and related certificates at sites you visit.

HTTPS-everywhere is a set of premade rules that rewrites your URLs (and links in HTML documents that you click on) to use the HTTPS counterpart instead of plain text HTTP. This is useful, not from a security perspective, but from a integrity perspective. It will be hard for anyone snooping the net to record or analyse the content you are browsing. They will still be able to do certain types of traffic analysis, since they see the SSL tunnel. A simple example: One can see that you browse www.twitter.com, but they will not see which microblog you are reading. From observing the network traffic. Someone getting access to twitters logs, keyboard logging your PC or performing electronic shoulder surfing would still get it, of course.

Pro: Easy to install and use. It will not be in your way
Con: Lots of sites dont have SSL, so a smart helper program will not help anyway.

Certificate Patrol will keep an eye out for strange things witl the certificate. Like if the web site about to be visited have changed its certification authority since last visit, or if it is about to expire.

Read more about HTTPS-Everywhere at EFF.org and Certificate Patrol at the developers site.

----
Written by Robban @ 2011-03-05