The first quarter of 2011 has been lively yet unsettling in terms of security breaches and hack stories. While software like antivirus+antispyware, private browsing on browsers, proxy software, and even anti-theft solutions secure our internet activity, there are further security measures that we can take to secure our web browsing activities. HTTPS/SSL is a global standard for securely browsing webpages.
HTTPS/SSL is usually encountered when we login to secure websites such as Paypal, Credit Cards, Banks, and Online Shopping like Amazon. A quick example of HTTPS/SSL being active is when you browse Amazon. Type http://www.amazon.com the default Amazon homepage appears. Click on the “
Sign in” link, and notice that the address bar changes to begin with
https. This happens because Amazon values your security. Before you login and give your username and password, Amazon enforces your browser to enter into HTTPS/SSL mode. This ensures that your username and password, and all other browsing activity in the Amazon website is encrypted and secured from possible hackers and eavesdroppers. Not all websites and even email services initiate you with a secure HTTPS/SSL login. To help you with securely browsing webpages, you can install the Firefox plugin
HTTPS-Everywhere
HTTPS-Everywhere is an “install and forget” Firefox add-on. HTTPS-Everywhere is developed and maintained by the Electronic Frontier Foundation. HTTP-Everywhere is a free and simple firefox plugin that enforces HTTPS/SSL connections on known websites. This automates the use of HTTPS/SSL for websites that are not usually giving a secure connection.
Download and install HTTPS-Everywhere from
https://www.eff.org/https-everywhere
Restart Firefox after installing HTTPS-Everywhere. As promised HTTP-Everywhere is an “install and forget” plugin. There is hardly anything to configure on it. It works by automatically enforcing HTTPS/SSL connections to known websites.
Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site.
The HTTPS Everywhere extension fixes these problems by rewriting all requests to these sites to HTTPS. While one can always remember to type http
s instead of http, the plugin helps you by keeping watch in case you forget to type https for a secure connection.
HTTPS/SSL is ideally recommended for websites that contain your private and sensitive information:
Email:
Gmail –
https://www.gmail.com
Yahoo –
https://mail.yahoo.com
Hotmail -
https://www.hotmail.com
Social networking
Facebook –
https://www.facebook.com
Twitter –
https://www.twitter.com
Blogging
Wordpress –
https://www.wordpress.com
Blogger –
https://www.blogger.com
LiveJournal –
https://www.livejournal.com
Feel free to contribute known HTTPS/SSL enabled websites and post them here