H-Online: Version 2.0 of the HTTPS Everywhere browser extension has been released. Where possible, the add-on automatically redirects users to more secure HTTPS connections when they access certain web pages. HTTPS Everywhere 2.0 includes an optional “Decentralised SSL Observatory” feature that detects weaknesses in encryption.
When the extension detects an encryption issue, such as weak keys, it notifies users that the site they are visiting may contain security vulnerabilities that could be used to for man-in-the-middle (MITM) attacks. “This is an extra level of protection that we encourage Firefox users to download, install, and use” said Electronic Frontier Foundation (EFF) Technology Projects Director Peter Eckersley.
The updated extension is available for Mozilla’s Firefox and has been translated into 12 languages. A beta version is now available for Google’s Chrome browser. The new beta Chrome version includes the same features as older versions of HTTPS Everywhere; however, it does not yet include the functionality to notify users of weak key vulnerabilities and other certificate problems.
Further information about the new versions can be found in the official release announcement and in the change log. Version 2.0.1 of HTTPS Everywhere for Firefox and a beta version for Chrome are available to download from the EFF.
First started in June 2010, HTTPS Everywhere is a collaboration between the EFF and the Tor Project. Source code for HTTPS Everywhere is licensed under the GPLv2 and is available from project’s development page.