Tag: HTTPS

Just because the shiny, new Firefox 4 is now ready for downloading by the general public doesn't mean Mozilla is turning its back on users who can't (or don't want to) upgrade. Security is a big priority, and 3.X users will continue to see patches for quite some time. In fact, both Firefox 3.6 and 3.5 received security updates in tandem with the Firefox 4 release. The new versions blacklist a ...

Those of you who don't want your Twitter account 'jacked like so many unsuspecting Firesheep victims, take heed! Twitter has added an "always use HTTPS" option to its settings page for added security while you tweet, @mention, and DM. There's really no reason not to enable permanent HTTPS, so click the drop down by your avatar, choose settings, and then head all the way to the bottom of ...

Tomorrow, as part of Data Privacy Day, Facebook will enable the option for site-wide HTTPS. Everything, from sending messages to stalking your friends' profiles will be encrypted, which should come as a great relief if you regularly use Facebook from public, unencrypted Wi-Fi networks. To enable it (tomorrow!), navigate to Account Settings and scroll down to Account security. Facebook will ...

Most of Google's Web apps already supported SSL-encrypted connections. One which didn't was Picasa Web, though that has now changed -- you can now connect to Google's photo sharing site via https://www.picasaweb.com. As with many other sites, though, not everything displayed on Picasa Web is encrypted. While the home page and upload form are fully encrypted, gallery pages report as being only ...

A few days ago, we were able to get Hotmail's new opt-in, full-session SSL (HTTPS) turned on, and now Microsoft has announced the general availability of the new feature. What we didn't know at the time is that the security upgrade has also been applied to other Live services -- including SkyDrive, Docs, Photos, and Devices. If you'd like to activate full session SSL (and we'd recommend you ...

Even average users are a bit more in-tune when it comes to security and privacy on the Web nowadays (thanks in part to the recent Firesheep business). As Sebastian pointed out, there's a simple solution: browse using HTTPS whenever possible. There's a minor problem with that fix, however. Many sites log you in via an SSL-encrypted connection but then immediately redirect you to an insecure ...

Earlier this week, a login-cookie-snooping Firefox plug-in called Firesheep rocked the Internet by letting anyone compromise your Facebook or Twitter account over a wireless network. Alarmed at Firesheep's 200,000 downloads, an Icelandic engineering student named Gunnar Sigurdsson created FireShepherd, a program that crashes Firesheep with floods of nonsense packets. Although Firesheep was ...

The geek community has been buzzing about Firesheep, a Firefox add-on that grabs Facebook and Twitter login cookies from any public Wi-Fi network, and uses them to log into others' accounts. Not everyone at the local coffee shop will have heard about Firesheep, though ... and that's where Idiocy comes in. Idiocy is a bit of code you can run that will use Firesheep to automatically break into any ...

The last couple of days have seen the launch and explosive proliferation of a Firefox add-on called Firesheep. It's an incredibly simple program that snoops unsecured Wi-Fi packets to grant you one-click masquerading of other users: if you log into Facebook at the local coffee shop, someone can use Firesheep to become you. Seriously, you can go along to any location with an unsecured Wi-Fi network ...

There's been a total of one blog post by Mozilla and all of its many-tendrilled offshoots this week. I don't know why -- perhaps they're trying to finish up Firefox 3.6.4 and get the 4.0 beta out of the door -- but even then, we haven't even seen a new release candidate for either 3.6.4 or 4.0. In fact, the only actual release this week was a developer preview of Gecko 1.9.3 (but more on that ...

Google has long offered the ability to use a secure, encrypted connection with Gmail simply by typing https at the start of the URL instead of http. Since 2008, you could opt to always use the secure connection method by tweaking your settings. Now Google has flipped the switch and made https connections the default. You have to uncheck that option if you want to go back to using a less secure ...