HTTPS Everywhere Now Warns About Encryption Weaknesses

Two weeks ago a team of mathematicians and cryptographers have released a paper in which they describe a weakness in the encryption used by routers, firewalls, web services or virtual private network. The flaw, affecting only a small number of cases where the random prime number generation fails to work correctly.

A new HTTPS Everywhere version released today for the Firefox web browser can detect and notify users of that encryption weakness.

The Firefox add-on ships with the optional SSL Observatory component that is disabled by default. Firefox users need to open the extension’s preferences and switch to the SSL Observatory tab there to configure the feature.

Firefox users who want to use the feature need to first check the Use the Observatory box. Once activated, copies of the HTTPS certificate will be send to the EFF Observatory where they are analyzed for man in the middle attacks. The service checks for insecure connections or attacks and notifies the user.

The “Decentralized SSL Observatory” is an optional feature that detects encryption weaknesses and notifies users when they are visiting a website with a security vulnerability – flagging potential risk for sites that are vulnerable to eavesdropping or “man in the middle” attacks.

Firefox users with the Torbutton extension installed can route the traffic through TOR to anonymize the requests.

A click on advanced options displays two additional features. These allow you to submit and check certificates that are signed by non-standard root CAs or non-public DNS names.

The Electronic Frontier Foundation recommends to enable the feature for an extra level of protection in the browser. The Firefox extension is now available in 12 different languages.

The developers have also released a beta version of HTTPS Everywhere for the Chrome browser which can also be downloaded from the official download page on the EFF website. The Chrome version does not include weak key vulnerability notifications yet.

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. Twitter Makes HTTPS Default For Signed In Users
HTTPS Everywhere 1.0 For Firefox Released
Force SSL HTTPS Connections In NoScript
HTTPS Everywhere Encrypts Connections, If Possible
Visualize blue https sites in Firefox 3 in a better way About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Tuesday February 28, 2012 -
Tags:firefox add-ons, google chrome extensions, https everywhere

You are here: Home » Browsing » HTTPS Everywhere Now Warns About Encryption Weaknesses

View the original article here

Twitter Makes HTTPS Default For Signed In Users

Twitter users had an option to turn on https for their connections to the popular social messaging site for quite a while. Users who turned the feature on, benefited from encrypted communication with Twitter which blocked snooping and eavesdropping attacks, and recommended when for connections to the site on public (wireless) networks. This was especially useful for Twitter users on the go, but recommended for all users as it should not have any visible negative effects.

Twitter yesterday announced that they enabled HTTPS for all of their signed in users by default. Nothing changes for users who have enabled HTTPS previously in the site preferences. Everyone else will now notice that Twitter will automatically load https://twitter.com/ whenever they visit the website. Users who enter http://twitter.com/ are automatically redirected to the https version of the site.

While all users are now moved to secure https connections, some may experience connectivity issues because of this. Those users can disable the new feature in the settings.

Always use HTTPS is a preference under Account there. You may need to scroll down until you see it on the page. Just remove the checkmark and click on save changes afterwards to disable forced https connections on Twitter. You need to enter your Twitter password for confirmation to save the settings to your account.

Once disabled, you won’t be redirected anymore to https if you want to load the http version of the site. You basically get the choice to load http://twitter.com/ or https://twitter.com/

Twitter is not the first company that moves all of their users to https. We have seen similar moves by companies such as Google or Facebook as well.

You can read the original announcement at the official Twitter blog. (via Techdows)

Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter. How To Enable HTTPS On Twitter
IPvFox, Display All Connections A Web Page Makes
Scan Your Twitter Account For Safe And Suspicious Users
Google Rolls Out Https Search For Logged In Users
HTTPS Everywhere Encrypts Connections, If Possible About the Author:Martin Brinkmann is a journalist from Germany who founded Ghacks Technology News Back in 2005. He is passionate about all things tech and knows the Internet and computers like the back of his hand. You can follow Martin on Facebook or Twitter.Author: Martin Brinkmann, Tuesday February 14, 2012 -
Tags:twitter news

Click on the following link(s) to read more about Twitter

View the original article here