Maybe you have already read the news that it is possible to subvert SSL which is used to improve the security when connecting to websites. Financial sites like PayPal and Bank of America, shopping sites like eBay or Amazon and government sites use SSL which is shown by displaying https in the browser’s address bar instead of http. There are other indicators including a closed padlock that, when clicked, should display additional information about the website including the issued certificate.
This in theory ensures that the connection between the user’s computer and the website is secure (by using encryption and certificates). Recent findings however have shown that it is possible to intercept those communications without breaking encryption by “using forged security certificates”.
To use [it], a law enforcement or intelligence agency would have to install it inside an ISP, and persuade one of the Certificate Authorities â€” using money, blackmail or legal process â€” to issue a fake certificate for the targeted website. Then they could capture your username and password, and be able to see whatever transactions you make online.
To make matters worse security researchers have shown last year how easy it is to trick a Certificate Authority into issuing a certificate.
Perspectives now is a Firefox add-on that can do things:
Even if Perspectiveâ€™s primary and most advertised aim is enabling SSH-style certificate â€œvalidationâ€ for self-signed certificates (those not issued by an established certification authority), it can be configured to act a second validation layer for CA-signed certificates too, by checking their consistency from multiple internet nodes (called â€œNotariesâ€) and/or over time:
Perspectives can be downloaded from the School of Computer Science. It is compatible with Firefox 3.x.
Continua a leggere – Original Link: Why You Should Install Perspectives For Firefox Right Now