HTTPS Everywhere Gets Firesheep Protection 77
coondoggie writes "The Electronic Frontier Foundation today said it rolled out a version of HTTPS Everywhere that
offers protection against 'Firesheep' and other tools that seek to exploit webpage security flaws. Hitting the streets in October, Firesheep caused a storm of controversy over its tactics, ethics and Web security in general. Firesheep sniffs unencrypted cookies sent across open WiFi networks for unsuspecting visitors to Web sites such as Facebook and Twitter, and lets the user take on those visitors' log-in credentials."
Probably breaks lots of web sites (Score:2, Interesting)
How does HTTPS Everywhere do it? (Score:3, Interesting)
Does it parse the webpage you are on and rewrite every link to use HTTPS or, better, does it intercept every request Firefox makes and rewrite that before it is sent?
The reason I'm interested is that I want to create an extension that does rewrites in the latter way described, but don't know how to do it.
Re:CA's are the problem, not the crypto (Score:3, Interesting)
Here's a way of handling certs which doesn't rely on those organizations: Perspectives
http://www.cs.cmu.edu/~perspectives/ [cmu.edu]