«
»

HTTPS: Making more use of SSL

There has been a lot of talk about how more and more people are using their laptops on public wifi connections, and with the advent of the Firesheep plugin, there has been a number of scares around session hijacking, and unencrypted login details being sent through the ether.

As a result, I thought I would describe the steps I have taken in securing my Firefox instance on my laptop. These are :

  • Installing the HTTPS Everywhere plugin from the eff, which attempts to select https if available when accessing a site. I have tested it with Facebook, Google, Hotmail, LinkedIn and a few other sites
  • I have set my homepage to be encrypted.google.com
  • I have changed the search engine in top right hand of my Firefox instance to use the encrypted google service, by installing their plugin
  • I have set a master password on my Firefox keychain, which gives my stored passwords some level of protection
  • And I run Adblocking software, (with a custom Facebook Like Button blocking extension) as per an earlier blog post

Furthmore, I use Firefox as my main browser, I have chrome installed, but I hardly ever use it, and I have a locked down, stateless Safari instance which I wrote about earlier.

Tags: , , ,

This entry was posted on Tuesday, October 26th, 2010 at 11:31 am and is filed under Firefox, OSX, Privacy. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

3 Responses to “HTTPS: Making more use of SSL”

  1. Sanna Says:
    November 1st, 2010 at 1:25 pm

    I recommend using a tool such as 1Password for securing your authentication data. It also helps you to share your credentials between machines (via Dropbox).

    Firefox master password protection is secure only to “some level”, as you wrote. It does not survive a brute-force attack if your password database ever gets stolen.

  2. Mischa Says:
    November 2nd, 2010 at 10:57 am

    Hi Sanna,

    Thanks for the comment, and yes I have heard good things about 1Password before. I have an gpg encrypted text file, which I have multiple copies off, I sync it between my machines using the MobileMe service. A colleague of mine has written up a bash alias which decrypts the file : http://steveharris.tumblr.com/post/430632877/secure-ish-crypted-file … worth a look.

  3. Wilted buttercup, grey skies, and geek» Blog Archive » Disabling Referer Headers in Firefox Says:
    November 21st, 2010 at 5:25 pm

    [...] Wilted buttercup, grey skies, and geek Mischa’s ramblings on the interweb « HTTPS: Making more use of SSL [...]

Leave a Reply

By using this comment form you will have a cookie dropped in your browser, this is used to show the comment posted, which is awaiting moderation.