When browsing the Internet, there’s one main difference between sites that use HTTP vs. HTTPS: security.
HTTPS offers users encryption and security while surfing the web, and is most often deployed on financial web applications, such as online banking. But not all sites using HTTPS are created equal. Some use bad digital certificates, which are used for authentication, resulting in vulnerabilities unbeknownst to the user who will assume that everything is secure because the HTTPS protocol is being used.
The Electronic Frontier Foundation has upgraded it HTTPS Everywhere plug-in to help web users sniff out the bad guys. Threatpost reports in more detail on the latest upgrade:
The EFF has released a new version of its HTTPS Everywhere browser extension, and users can now turn on a feature that will send the EFF copies of digital certificates that the browser encounters, allowing the organization to look for flawed, fake or expired certificates.
The new capability is a major change for the plug-in, and could help discover and publicize a lot of problematic certificates. HTTPS Everywhere enables users to connect to a predetermined set of websites over SSL by default.
This plug-in is a great tool for IT workers as well. It can be deployed on browsers across the enterprise, and with proper training, other users within the organization can use it to identify potentially harmful sites that might otherwise slip under the radar and expose the enterprise network to threats.