HTTPS Everywhere Now Warns About Encryption Weaknesses

ssl observatory
Martin Brinkmann
Feb 28, 2012
Updated • Apr 20, 2012
Firefox, Firefox add-ons, Google Chrome, Google Chrome extensions
|
7

Two weeks ago a team of mathematicians and cryptographers have released a paper in which they describe a weakness in the encryption used by routers, firewalls, web services or virtual private network. The flaw, affecting only a small number of cases where the random prime number generation fails to work correctly.

A new HTTPS Everywhere version released today for the Firefox web browser can detect and notify users of that encryption weakness.

The Firefox add-on ships with the optional SSL Observatory component that is disabled by default. Firefox users need to open the extension's preferences and switch to the SSL Observatory tab there to configure the feature.

Firefox users who want to use the feature need to first check the Use the Observatory box. Once activated, copies of the HTTPS certificate will be send to the EFF Observatory where they are analyzed for man in the middle attacks. The service checks for insecure connections or attacks and notifies the user.

The "Decentralized SSL Observatory" is an optional feature that detects encryption weaknesses and notifies users when they are visiting a website with a security vulnerability – flagging potential risk for sites that are vulnerable to eavesdropping or "man in the middle" attacks.

Firefox users with the Torbutton extension installed can route the traffic through TOR to anonymize the requests.

A click on advanced options displays two additional features. These allow you to submit and check certificates that are signed by non-standard root CAs or non-public DNS names.

The Electronic Frontier Foundation recommends to enable the feature for an extra level of protection in the browser. The Firefox extension is now available in 12 different languages.

The developers have also released a beta version of HTTPS Everywhere for the Chrome browser which can also be downloaded from the official download page on the EFF website. The Chrome version does not include weak key vulnerability notifications yet.

Advertisement

Related content

Firefox 135 launches with new translation languages, New Tab layout, security, and privacy improvements

A look at Firefox's improved Profiles Manager that just launched

Firefox-maker Mozilla's boosted revenue significantly in 2023, but the financial report may also raise concern
Apple releases iCloud Passwords extension for Firefox, but only for macOS Sonoma

Apple releases iCloud Passwords extension for Firefox, but only for macOS Sonoma

How to enable Tab Groups in Firefox
Mozilla plans to use Firefox's installer to set it as the default browser on Windows 11

Mozilla plans to use Firefox's installer to set it as the default browser on Windows 11

Tutorials & Tips

How to Always Start Google Chrome in Incognito Mode on Windows 10?

How to fix OneTab not working in Firefox

What are Firefox Containers?

How to import tabs from Chrome to Firefox and vice versa


Previous Post: «
Next Post: «

Comments

  1. paul(us) said on February 29, 2012 at 2:41 am
    Reply

    Great update.
    Do I understand it correctly that its smart to activate under ssl observatory and than the show advanced function both options?

    1. Martin Brinkmann said on February 29, 2012 at 10:21 am
      Reply

      Well you need to understand that you are submitting data to the EFF when you enable the option. For most users, it should be enough to enable the feature.

  2. bastik said on February 28, 2012 at 8:22 pm
    Reply

    A nice new feature.

    BTW: It’s spelled Tor. Although it’s an acronym for The Onion Router (TOR), the Torproject prefers Tor.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.

Advertisement

Spread the Word

Advertisement

Hot Discussions

Advertisement

Recently Updated

Advertisement

About gHacks

Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.

The name and logo of Ghacks are copyrights or trademarks of SOFTONIC INTERNATIONAL S.A.
Copyright SOFTONIC INTERNATIONAL S.A. © 2005- 2025 - All rights reserved