SaferChrome Protects Chrome Users Against Man In The Middle Attacks, Improves Security
Internet users who connect to the Internet out of a computer network have to be very careful about the data they send and receive, and how they do that. The Firefox add-on Firesheep was definitely not the first program to show how easy it is to record data from other users of the network but it brought the issue to a wider audience.
One of the biggest issues can be brought down to the following four words: Http bad, https good. Most web connections are http connections which is fine as long as no important or private data is transferred. Data in this regard can be anything from username and passwords to financial documents or a private message to a friend at a website.
Users in the same network can spy on the traffic but only if the connections are made via http. Https connections on the other hand are encrypted which more or less protects the information from man in the middle attacks and users in the same network.
SaferChrome is a security extension for Chrome that aids the user by offering additional protection against man in the middle attacks. The extension notifies the user whenever login information will be sent in the clear.
This helps detecting site that don't use SSL or use it incorrectly. It also helps preventing SSL strip attack that rewrite the form action to trick you into sending your password over HTTP rather than HTTPS.
The extension displays a warning notification at the top and an icon in the address bar. A click on the icon opens a detailed report about the website and the problems the extension has detected.
The extension furthermore offers to redirect http traffic to https. This may not work on all sites but can be easily undone.
Users who visit websites with problems have the option to force https to see if this resolves the security issue or contact the webmaster manually to request that it will be fixed. The extension helps users identify websites with improper security.
Safer Chrome is available for download at the Chrome repository.
Advertisement
This is nice, especially if you consider other sites that does not serve all web objects via https, either because of third-party includes that doesn’t provide nor support https versions, or just bad server configuration.
Using this extension one can see what particular web objects are not covered via https. Especially helpful when sending form data that may sometimes be sent via unsecured connections, even though the form itself is secured.
/m