HTTPS Everywhere Gets Firesheep Protection

coondoggie writes "The Electronic Frontier Foundation today said it rolled out a version of HTTPS Everywhere that offers protection against 'Firesheep' and other tools that seek to exploit webpage security flaws. Hitting the streets in October, Firesheep caused a storm of controversy over its tactics, ethics and Web security in general. Firesheep sniffs unencrypted cookies sent across open WiFi networks for unsuspecting visitors to Web sites such as Facebook and Twitter, and lets the user take on those visitors' log-in credentials."

Re:CA's are the problem, not the crypto

[Logic Worshiper]

A self signed certificate would be fine for most of what HTTPS Everywhere does.

End to end encryption is for stuff that really matters, not facebook and other crap that's public to the internet anyway.

Re:Do Not Use Unsecured Wireless

[Anonymous Coward]

I don't give a rats ass if somebody else in the cafe also wants to know the weather, or also wants to read about Linux concepts...

Don't use unsecured wireless for sensitive stuff.

All stuff is sensitive. Would you like to have e.g. your windows updates guid sniffed and used by some middle east or wherever guys later? Then you=them in terms of tracking by certain agencies, etc.

windowsupdate.microsoft.com: To provide you with the best possible service, Windows Update also tracks and records how many unique machines visit its site and whether the download and installation of specific updates succeeded or failed. In order to do this, the Windows operating system generates a Globally Unique Identifier (GUID) that is stored on your computer to uniquely identify it.

Re:Apps?

[pyster]

If you are using an open wireless you have the same http/https issues everyone else has, regardless of the device you are using.

Re:How does HTTPS Everywhere do it?

[Anonymous Coward]

It does the latter. Requests are intercepted and converted according to pre-defined and user-definable rulesets before being sent.