News

HTTPS Everywhere Now Warns About Encryption Weaknesses

28 Feb/12

Two weeks ago a team of mathematicians and cryptographers have released a paper in which they describe a weakness in the encryption used by routers, firewalls, web services or virtual private network. The flaw, affecting only a small number of cases where the random prime number generation fails to work correctly.

A new HTTPS Everywhere version released today for the Firefox web browser can detect and notify users of that encryption weakness.

The Firefox add-on ships with the optional SSL Observatory component that is disabled by default. Firefox users need to open the extension’s preferences and switch to the SSL Observatory tab there to configure the feature.

ssl observatory

Firefox users who want to use the feature need to first check the Use the Observatory box. Once activated, copies of the HTTPS certificate will be send to the EFF Observatory where they are analyzed for man in the middle attacks. The service checks for insecure connections or attacks and notifies the user.

The “Decentralized SSL Observatory” is an optional feature that detects encryption weaknesses and notifies users when they are visiting a website with a security vulnerability – flagging potential risk for sites that are vulnerable to eavesdropping or “man in the middle” attacks.

Firefox users with the Torbutton extension installed can route the traffic through TOR to anonymize the requests.

A click on advanced options displays two additional features. These allow you to submit and check certificates that are signed by non-standard root CAs or non-public DNS names.

The Electronic Frontier Foundation recommends to enable the feature for an extra level of protection in the browser. The Firefox extension is now available in 12 different languages.

The developers have also released a beta version of HTTPS Everywhere for the Chrome browser which can also be downloaded from the official download page on the EFF website. The Chrome version does not include weak key vulnerability notifications yet.

Leggi Anche

Condividi
Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in TecnoratiCondividi in Ok Notizie

Commenti

I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.

Autore

Gestionale Immobiliare - Realizzazione Sito Web per Agenzia Immobiliare

Archivio

Iscrizione Newsletter

    Tieniti informato con tutte le novità del mondo informatico con la nostra newsletter
    Email:

    Nome:

    Auto Shop Italia
    Web Burning Blog
    Info Privacy

Meta