October 24, 2016

HTTPS Everywhere: Firefox extension to Encrypts Web Traffic

The Tor Project and the Electronic Frontier Foundation has released the new version of HTTPS Everywhere. This Firefox extension encrypts the web traffic with a number of major websites.

With reference to the project website, many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS.

The version 0.9.0 of HTTPS Everywhere is a new beta version designed to offer improved protection against cookie-stealing extension Firesheep. Further, its development team has climed much better protection for Facebook, Twitter and Hotmail accounts, as well as completely new protection for bit.ly, Dropbox, Amazon AWS, Evernote, Cisco and Github.

More information about this project is available here.

Workaround for ASP.NET server’s encryption vulnerability

In a security advisory Microsoft has confirmed the vulnerability in the process used by ASP.NET applications to encrypt cookies and other session information. In the announcement for the security advisory, Microsoft said it was not, so far, aware of any attacks. However, the security group do encourage users to “review the advisory for mitigations and workarounds”. A blog entry describes how to implement the workarounds and offers a script to help administrator determine whether their ASP.NET applications are vulnerable.

Read the full article here.