httpseverywhere
Latest
Google moves every Blogspot domain to HTTPS
Google's quest to make the internet a more secure place is taking another step. The internet juggernaut's flipped the switch on HTTPS for all Blogspot domains, according to a post on the Google Security Blogspot account. Naturally. It's automatic and doesn't rely on you using the "HTTPS Availability" option, but if you were worried about not having a switch of your own to flip anymore, Google has you covered there with HTTPS Redirect.
Firesheep makes stealing your cookies, accessing your Facebook account laughably easy
A software developer called Eric Butler doesn't just want to make you aware of the lax security of most social networking sites, he wants to force you to do something about it! To that end, he's developed Firesheep, a Firefox add-on that even the least technically inclined among us can use to eavesdrop on open WiFi networks and capture your fellow users' cookies. Any time a site recognized by Firesheep (including Twitter, Flickr, Facebook, and Dropbox) is accessed by a user on your network, Firesheep provides you with an icon and a link to access that account. Sure, had these sites used SSL to begin with this would be nigh in impossible; but they don't, so it is possible. And easy! And fun! Keep in mind, we're not suggesting that you give this a try yourself (far from it!) but we do hope you look into the larger issues involved here, and take the appropriate steps to force sites to use SSL, and protect yourself in the process (we hear that HTTPS Everywhere and Force-TLS are good places to start). Because, really -- Internet security is enough of a problem without giving everybody at the Coffee Bean your Facebook credentials.
