News

Why You Should Install Perspectives For Firefox Right Now

30 Mar/10

Maybe you have already read the news that it is possible to subvert SSL which is used to improve the security when connecting to websites. Financial sites like PayPal and Bank of America, shopping sites like eBay or Amazon and government sites use SSL which is shown by displaying https in the browser’s address bar instead of http. There are other indicators including a closed padlock that, when clicked, should display additional information about the website including the issued certificate.

This in theory ensures that the connection between the user’s computer and the website is secure (by using encryption and certificates). Recent findings however have shown that it is possible to intercept those communications without breaking encryption by “using forged security certificates”.


To use [it], a law enforcement or intelligence agency would have to install it inside an ISP, and persuade one of the Certificate Authorities — using money, blackmail or legal process — to issue a fake certificate for the targeted website. Then they could capture your username and password, and be able to see whatever transactions you make online.

To make matters worse security researchers have shown last year how easy it is to trick a Certificate Authority into issuing a certificate.

Perspectives now is a Firefox add-on that can do things:

  • If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
  • It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

Even if Perspective’s primary and most advertised aim is enabling SSH-style certificate “validation” for self-signed certificates (those not issued by an established certification authority), it can be configured to act a second validation layer for CA-signed certificates too, by checking their consistency from multiple internet nodes (called “Notaries”) and/or over time:

Perspectives can be downloaded from the School of Computer Science. It is compatible with Firefox 3.x.

Continua a leggere – Original Link: Why You Should Install Perspectives For Firefox Right Now

Technorati Tags: , , , , , , , ,

Leggi Anche

Condividi
Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in TecnoratiCondividi in Ok Notizie

Commenti

I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.

Autore

    Spina Rosario
    Inserito da

Archivio

Iscrizione Newsletter

    Tieniti informato con tutte le novità del mondo informatico con la nostra newsletter
    Email:

    Nome:

    Auto Shop Italia
    Web Burning Blog
    Info Privacy

Meta