Monday, September 01, 2008

New Firefox Security Add-on: Perspectives

Backroom Tech blog shared this nice find to help make your Firefox browsing experience more secure:

CMU announces free Firefox add-on to increase browser security against DNS flaw and digital signature problems - the back room tech

The Perspectives software not only protects Firefox users against attacks that might occur because of the recently disclosed software flaw in the DNS, but it also defends against some digital certificate problems.

The extension provides two primary benefits:

  1. If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
  2. It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.

Sound pretty helpful so I have started adding this one to my Firefox machines.

Perspectives : Improving SSH-style Host Authentication with Multi-path Network Probing - Carnegie-Mellon University (CMU)

Get it here: Perspectives : Firefox Extension

Note: I had to right-click and save the "install" link file to my local system, then drag-n-drop it onto an opened "Add On" Window to get the thing to install.  Once done, it seems to behave quite nicely.

Can't be to cautious now-a-days!

--Claus

No comments: