Wednesday, February 29, 2012

HTTPS Everywhere Update: Now Reports Website Weaknesses

HTTPS Everywhere, a collaborative security project produced by The Tor Project and the Electronic Frontier Foundation (EFF), has been updated to identify security weaknesses in websites visited with Mozilla Firefox.
The new optional feature, called the “Decentralized SSL Observatory,” detects encryption weaknesses in websites and notifies users about said weaknesses. Such weaknesses can be used by hackers to snoop on users’ web activity or pose “man in the middle” attacks against the browser.
“In recent weeks, an unexpected weakness in the encryption used by many routers, firewalls and VPN devices made big news,” EFF Technology Projects Director Peter Eckersley said in a statement.
“The new version of HTTPS Everywhere for Firefox will let users know when they connect to a website or device that has a security problem–including weak key problems like the ones that were disclosed two weeks ago–giving people the information they need to protect themselves.”
The security flaw in network devices was discovered earlier this month by security researchers. They found that four out of every 1000 security keys generated for protecting webmail, online banking, and other sensitive net services provide no cryptographic security. It’s estimated that more than a million Internet sites use such technology to prevent eavesdropping.
The EFF also released a beta version of HTTPS Everywhere for Chrome.

No comments:

Post a Comment