Carnegie Mellon University has long had one of the best computer security departments, and they've come up with Perspectives. It's a plug-in that installs in your browser (Windows and Linux only; sorry Mac fanbois), and tells you when a secure web certificate isn't any good. From their web page:
I loaded this, and it seems entirely automatic. Recommended for Firefox users (i.e. all of you). It'll take you 2 minutes. The Paypal challenge is painless, too.The extension provides two primary benefits:
- If you connect to a website with an untrusted (e.g.,self-signed certificate)*, Firefox will give you a very nasty security error and force you to manually install an exception. Perspectives can detect whether a self-signed certificate is valid, and automatically overrides the annoying security error page if it is safe to do so.
- It is possible that an attacker may trick one of the many Certificate Authorities trusted by Firefox into incorrectly issuing a certificate for a trusted website. Perspectives can also detect this attack and will warn you if things look suspicious.
* The same is true for HTTPS sites with certificates that contain mismatched domain names (e.g., www.gmail.com uses a certificate for mail.google.com) or certificates that are expired.
2 comments:
Good find man. I have switched over to Firefox on your reccomendation, and am figuring out what to use for virus/spyware/firewall duties now. Personally, I have been a "rebuild your system every month" guy in the past for my home machine. Your posts are getting me off my lazy ass to do it right now. Congrats. :)
Thanks, Chris.
I'll do a post on decent free a/v products. Should have done one before.
Post a Comment