HTTPS Everywhere Gets Firesheep Protection

Posted by timothy on Wednesday November 24, 2010 @01:18AM from the mitigating-malicious-mutton dept.

coondoggie writes "The Electronic Frontier Foundation today said it rolled out a version of HTTPS Everywhere that offers protection against 'Firesheep' and other tools that seek to exploit webpage security flaws. Hitting the streets in October, Firesheep caused a storm of controversy over its tactics, ethics and Web security in general. Firesheep sniffs unencrypted cookies sent across open WiFi networks for unsuspecting visitors to Web sites such as Facebook and Twitter, and lets the user take on those visitors' log-in credentials."

2 of 77 comments (clear)

Min score:

Reason:

Sort:

Re:CA's are the problem, not the crypto by Logic+Worshiper · 2010-11-24 02:12 · Score: 3, Insightful

A self signed certificate would be fine for most of what HTTPS Everywhere does.
End to end encryption is for stuff that really matters, not facebook and other crap that's public to the internet anyway.
Re:Apps? by pyster · 2010-11-24 02:57 · Score: 3, Insightful

If you are using an open wireless you have the same http/https issues everyone else has, regardless of the device you are using.