Six Lines
HTTPS Everywhere Updated for Firesheep
Yesterday, the EFF released an update to their HTTPS Everywhere browser plugin that is meant to specifically protect against Firesheep. From their announcement:
This new version of HTTPS Everywhere responds to growing concerns about website vulnerability in the wake of Firesheep, an attack tool that could enable an eavesdropper on a network to take over another user’s web accounts — on social networking sites or webmail systems, for example — if the browser’s connection to the web application either does not use cryptography or does not use it thoroughly enough. Firesheep, which was released in October as a demonstration of a vulnerability that computer security experts have known about for years, sparked a flurry of media attention.
HTTPS Everywhere is a great tool, but a more secure approach would be for the websites themselves to start using HTTPS to protect their users without the need for third party browser plugins.