Security experts in the recent few months have been keen to exploit and bring to light issues and vulnerabilities in SSL which in itself is a secure protocol. So, what this means to ordinary users like you and me is that the confidence that we are accessing a secure webste when browsing HTTPS websites can no longer be same.
The Firefox 3.0 extensions “Perspective” & “SSL Blacklist” can protect you from SSL Man in the Middle Attacks and the recent demonstrated weakeness in MD5 algorithm for RSA signatures respectively.
Perspective Firefox 3.0 extension
When you visit a HTTPS website with untrusted certiicate (self-certified or mismatch of hostname on certificate and the actual DNS hostname of the server), firefox by default leaves you with a choice of either not visiting the website (could be a legitimate website) or allow you to manually add an exception for the website to continue to visit the website. This could lead to a “Man in the Middle” where the attack host sits between the client (you) and the server (website) and proxies the traffic between the hosts making the client and server both believe they are directly conversing to each other securely.
Perspective firefox extension can detect Man In the Middle Attacks by automatically building a robust database of network identities using lightweight network probing by “network notaries” located in multiple vantage points across the Internet. Perspective extension can also check the validity of the Self-signed certificates and overides the Firefox default behaviour if the certificate is valid.
Click here to install Perspective extension for Firefox 3.0
SSL Blacklist Firefox extension
A recent practical demonstration by security experts of the weakness in MD5 algorithm means any certificate signed with MD5 algorithm could possibly be fake. SSL Blacklist extension can detect and warn about SSL Certificate chains that uses the MD5 algorithm used in the signatures.
Click here to install “SSL Blacklist” firefox extension.
If you use Internet Explorer as your default browser then look here.