Perspectives Makes Firefox That Much Securer
Perspectives is a research project to improve SSH-style Host Authentication with Multi-path Network Probing by researchers of the computer science department at Carnegie Mellon University.
The title of the research surely sounds complicated for many Internet users but it basically means that they have created a method to authenticate hosts securely by pulling information from various servers and comparing those results with that of the web browser.
This practically eliminates the danger of man-in-the-middle attacks because the attacker usually does not have options to manipulate the traffic of independent servers which in turn means that Perspectives can warn users if a man-in-the-middle attack is underway.
Perspectives
Best of all, the research team has created a Firefox extension that protects user systems right after installation.
The Firefox extension provides two benefits over not using it. The first is something that users may have experienced already: connections to untrusted websites have to be manually permitted by adding exceptions. This is a manual process that can be quite irritating to the user, especially if the web server in question is trusted.
Perspectives can detect the validity of the certificate and may override the manual exception requirement automatically if it finds it to be a valid certificate.
In addition, Perspectives warns the user if an attacker managed to trick a Certificate Authority into incorrectly issuing a certificate.
A valid site displays a green icon next to the Perspective name in the Firefox statusbar. I did not encounter any fake sites yet but I suppose they show up as a red cross.
The default setting of Perspectives is that it only reacts when a certificate comes up with a Firefox security error. This can be changed in the options to provide information for all https connections.
Update: Perspectives is now available on the official Mozilla Firefox Add-ons repository. It is regularly updated and has received several new features of interest.
You can use the icon to whitelist sites now or report an attack. There is also an option available to force a check of the certificate, and a timeline view that displays information about the certificate over time.
Closing Words
Perspectives is an excellent security add-on for the Mozilla Firefox web browser. While it takes some getting used to time it improves security significantly by comparing the actual certificate in the browser with certificates pulled from other notaries.
Just tested it out today. It’s an awesome extension. The only thing I don’t like is that I have to allow my Firefox to go out of my firewall as a server when using it. Guess there’s no helping it if they want to query the certification sites. But it would be nice if I can still lock my browser out from serving as a server.
this looks like a good add on. thanks for the heads up.