Updated Firefox browser extension detects fraudulent SSL certificates

The browser extension, called the Decentralized SSL Observatory, sends anonymous copies of SSL certificates from HTTPS websites to EFF’s SSL database, which enables the foundation to detect problems with the site’s cryptographic and security infrastructure and notify users about any problems.

“At the moment, the Observatory will give warnings if you connect to a router, VPN, firewall or similar device that has an insecure private key due to the random number generator vulnerabilities...using data from the SSL Observatory and other sources. We will be adding more kinds of certificate and key auditing to the Decentralized Observatory in the future”, explained Peter Eckersley of the EFF in a blog post.

In addition to this feature, the browser extension provides support for 400 more sites, an improved user interface, and translation capabilities for a dozen languages, Eckersley said.

EFF is currently testing a beta version of HTTPS Everywhere for Google’s Chrome browser.
 

What’s Hot on Infosecurity Magazine?