What does HTTPS Everywhere add to online security?
Why is there a sudden push for HTTPS Everywhere? I realize that there are many people who don't utilize basic security steps (install patches, anti-malware, etc.) but what does HTTPS add that taking those steps and using strong passwords ignores? And if it is so important, why are HTTPS plugins not widely available for browsers other than Firefox?
Answers
Hi wstark,
HTTPS Everywhere is one attempt at improving web security for browser users. Here's a good article that covers it and that has a download link.
HTTPS Everywhere
http://www.pcworld.com/downloads/file/fid,157688/description.html
"A collaboration between the Electronic Frontier Foundation and the Tor Project (which employs a network and free software to help protect people's privacy), HTTPS Everywhere ensures that when you visit certain sites, all of your communications are encrypted and secure.
To use it, all you need to do is install it. Once you do that, HTTPS Everywhere does its work invisibly. Among the sites it works on are Facebook, Twitter, Google Search, Wikipedia, Paypal, the New York Times, the Washington Post, and others. It works only when the sites themselves use the HTTPS protocol, and works only on a group of specific sites. So it won't protect you everywhere. And it won't protect you when you use other Internet services, such as an instant messaging client, or use client-based email such as Outlook."
- Share this answer
- Permalink
Related Questions
An article on ZDNet today noted that when security researchers analyzed 100 Chrome extensions, they found 27 of them have at least one...
My boss doesn't want any passwords to ever change - which is very bad security policy. Experts say that you should not use the same...
Much media attention is paid to stories about hackers using sophisticated tools for breaking into systems VIRTUALLY, just using network...
Should companies embrace former hackers as security experts, or is it better to label them as public pariahs? Some executives rightfully...
How did the hackers invade so many US companies computer systems without being detected? How can my company protect ourselves from IP...
Ask a question
White Papers & Webcasts
White Paper
Bullet-Proof Your Enterprise Linux Environment
White Paper
How to Avoid the High Cost of Security Audits
White Paper
Business Assureance Technology Infographic
See more White Papers | Webcasts
I'm not sure how sudden the push for HTTPS is, but in my opinion it is a good thing. HTTPS means that your browser connection is secure, hence the "S". That is usually the case when you log in at most sites anyway, but the problem is that after login, they usually revert back to an unsecured HTTP connection. I assume that the plugin is available for Firefox because of the Firesheep plugin exists for Firefox. Firesheep examines network traffic and searches for unsecure cookies that it can use to spoof your username/password. The HTTPS Everywhere campaign is a push by the Electronic Freedom Foundations to both encourage individuals to use the HTTPS Everywhere plugin for Firefox and encourage popular website to provide secure connections.