Weeks after researchers unveiled Firesheep, the Firefox Web browser plugin that makes it easy to snoop on strangers’ Facebook, Flickr and other Web 2.0 sessions, a software update from the Electronic Frontier Foundation promises to secure more Web sessions from Firesheep-enabled snooping.
The Electronic Frontier Foundation released an updated version of its HTTPS Everywhere, a Firefox extension that encrypts communications with major Web sites. The new version, 0.9.0, offers improved protection against Firesheep, EFF said on its Web site.
In particular, the plug-in, which was developed by EFF in conjunction with The Tor Project, has added improved protection for Facebook, allowing users to cordon off stricter Facebook rules that will prevent Firesheep-style attacks from a less stringent set of rules that don’t run afoul of many Facebook application attacks.
More security options for Twitter were included as was support for Hotmail’s new SSL encrypted offering. Finally, the latest HTTPS Everywhere update adds support for bit.ly, the URL shortening Web site, file sharing service Dropbox, Amazon’s Web Services, Evernote, Cisco and Github.
HTTPS Everywhere allows users to enable safe browsing rules for prominent Web sites like mobile payments site Paypal.com. However, the plugin won’t work for many Web sites that either don’t support HTTPS, or for which policies haven’t been created. Similarly, HTTPS Everywhere disables certain features, such as Facebook Chat, that don’t work over SSL encrypted HTTP. EFF says that it is up to developers to build HTTPS support into their Web sites.
The Firesheep plugin has focused attention on the issue of Web session insecurity by making it easy to intercept and snoop on others’ Web browsing sessions over insecure wireless networks. While the tool inhabits a legal gray area, its creators, Eric Butler and Ian Gallagher, have insisted that the tool does more harm than good: putting the onus on Web site owners to beef up session security to protect user privacy and data.