Forgot your password?
typodupeerror
Firefox Electronic Frontier Foundation Security Social Networks News

HTTPS Everywhere Gets Firesheep Protection 77

Posted by timothy
from the mitigating-malicious-mutton dept.
coondoggie writes "The Electronic Frontier Foundation today said it rolled out a version of HTTPS Everywhere that offers protection against 'Firesheep' and other tools that seek to exploit webpage security flaws. Hitting the streets in October, Firesheep caused a storm of controversy over its tactics, ethics and Web security in general. Firesheep sniffs unencrypted cookies sent across open WiFi networks for unsuspecting visitors to Web sites such as Facebook and Twitter, and lets the user take on those visitors' log-in credentials."
This discussion has been archived. No new comments can be posted.

HTTPS Everywhere Gets Firesheep Protection

Comments Filter:
  • by Logic Worshiper (1480539) on Wednesday November 24, 2010 @10:12AM (#34330552)

    A self signed certificate would be fine for most of what HTTPS Everywhere does.

    End to end encryption is for stuff that really matters, not facebook and other crap that's public to the internet anyway.

  • by Anonymous Coward on Wednesday November 24, 2010 @10:54AM (#34331180)

    I don't give a rats ass if somebody else in the cafe also wants to know the weather, or also wants to read about Linux concepts...

    Don't use unsecured wireless for sensitive stuff.

    All stuff is sensitive. Would you like to have e.g. your windows updates guid sniffed and used by some middle east or wherever guys later? Then you=them in terms of tracking by certain agencies, etc.

    windowsupdate.microsoft.com: To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it.

  • Re:Apps? (Score:3, Insightful)

    by pyster (670298) on Wednesday November 24, 2010 @10:57AM (#34331234)
    If you are using an open wireless you have the same http/https issues everyone else has, regardless of the device you are using.
  • by Anonymous Coward on Wednesday November 24, 2010 @11:17AM (#34331606)

    It does the latter. Requests are intercepted and converted according to pre-defined and user-definable rulesets before being sent.

The flow chart is a most thoroughly oversold piece of program documentation. -- Frederick Brooks, "The Mythical Man Month"

Working...