ID: IRCNE2012121710
Date: 2012-12-23
According to "techworld", Cloud-based security services provider Zscaler has released an implementation for Internet Explorer of the HTTPS Everywhere browser security extension.
HTTPS Everywhere forces the browser to always connect over HTTPS (HTTP Secure) to popular websites that support the secure communication protocol but don't enable it by default. The extension also sets the "secure" flag for authentication cookies, preventing them from being transmitted over unencrypted connections.
Some HTTPS-enabled sites fail to set this flag for authentication cookies because they expect users to automatically be logged in even when they access the HTTP versions of the site. However, this allows attackers who compromised a network's gateway or who can sniff traffic on an unprotected wireless network, to steal the cookies from users and hijack their accounts.
Version 0.0.0.1 of HTTPS Everywhere for Internet Explorer was released at the start of the week Julien Sobrier.
"As the version number suggests, this is a very early release," Sobrier said. "I have been using the extension for several weeks without any problems, but it should be considered an alpha release."
The missing features will be added in future versions, the researcher said. For now, the primary goal is to share the source code for the IE version with the EFF and make it available through their website, he said.
In the meantime, people who want to use or try out HTTPS Everywhere for Internet Explorer can download it from a dedicated page on Zscaler's website.
- 3