HTTPS, Firefox, and Certificate Patrol – Know Your Certificate Authority

I expect that within a three or four years all two-way browser conversations will use HTTPS. Firesheep, a Firefox add-on, has shown us how easy it is to hijack a session. HTTPS will prevent that…assuming you are connecting to the correct certificate authority. Unfortunately the Chinese Post Office Certificate authority and Verisign have the same weight. Your browser doesn’t care whether it gets a HTTPS certificate from the legitimate authority or an authority masquerading as the legitimate one.

This problem is rare today but easy to do, especially if you are traveling. “Certificate Patrol” is a Firefox add-on that appears whenever you go to a HTTPS website than you have not been to before. It shows you who the website uses for their certificate authority (Verisign, Thwarte, Comodo, etc.). If you are accessing Facebook and suddenly EBG Elektronik Sertifika Hizmet Saglayicisi shows up as the certificate authority (one of dozens I never heard of), perhaps you should be cautious.

The add-on is free.


About infoguardianangel
The consumer and corporate information guardian angel. Cybersecurity and privacy advice for my clients (and anyone else who cares about protecting their data or their companies).

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: