Monday, January 5, 2009

Security plugin for Firefox

Phishing is the "art" form of trying to fool a user into disclosing their password or account information. Paypal accounts have been a high-priority target for years, and Paypal has a surprisingly good* "Can you spot the Phish?" challenge.

Carnegie Mellon University has long had one of the best computer security departments, and they've come up with Perspectives. It's a plug-in that installs in your browser (Windows and Linux only; sorry Mac fanbois), and tells you when a secure web certificate isn't any good. From their web page:

The extension provides two primary benefits:

  1. If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
  2. It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.

* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.

I loaded this, and it seems entirely automatic. Recommended for Firefox users (i.e. all of you). It'll take you 2 minutes. The Paypal challenge is painless, too.

2 comments:

Anonymous said...

Good find man. I have switched over to Firefox on your reccomendation, and am figuring out what to use for virus/spyware/firewall duties now. Personally, I have been a "rebuild your system every month" guy in the past for my home machine. Your posts are getting me off my lazy ass to do it right now. Congrats. :)

Borepatch said...

Thanks, Chris.

I'll do a post on decent free a/v products. Should have done one before.