Six Lines

HTTPS Everywhere Updated for Firesheep

Posted by Aaron Massey on 24 Nov 2010.

Yesterday, the EFF released an update to their HTTPS Everywhere browser plugin that is meant to specifically protect against Firesheep. From their announcement:

This new version of HTTPS Everywhere responds to growing concerns about website vulnerability in the wake of Firesheep, an attack tool that could enable an eavesdropper on a network to take over another user’s web accounts — on social networking sites or webmail systems, for example — if the browser’s connection to the web application either does not use cryptography or does not use it thoroughly enough. Firesheep, which was released in October as a demonstration of a vulnerability that computer security experts have known about for years, sparked a flurry of media attention.

HTTPS Everywhere is a great tool, but a more secure approach would be for the websites themselves to start using HTTPS to protect their users without the need for third party browser plugins.