Zscaler adds IE version of HTTPS Everywhere security tool
Clud services provider releases Internet Explorer version of the Firefox and Chrome HTTPS Everywhere browser security extension
IDG News Service - Cloud-based security services provider Zscaler has released an implementation for Internet Explorer of the HTTPS Everywhere browser security extension.
HTTPS Everywhere forces the browser to always connect over HTTPS (HTTP Secure) to popular websites that support the secure communication protocol but don't enable it by default. The extension also sets the "secure" flag for authentication cookies, preventing them from being transmitted over unencrypted connections.
Some HTTPS-enabled sites fail to set this flag for authentication cookies because they expect users to automatically be logged in even when they access the HTTP versions of the site. However, this allows attackers who compromised a network's gateway or who can sniff traffic on an unprotected wireless network, to steal the cookies from users and hijack their accounts.
HTTPS Everywhere was originally released as an extension for Mozilla Firefox in 2010 and is jointly developed by the Electronic Frontier Foundation (EFF), a digital rights watchdog organization, and the Tor Project, the creators of the Tor anonymity software. A version for Google Chrome has also been released since then.
Version 0.0.0.1 of HTTPS Everywhere for Internet Explorer was released Monday and was developed independently of the EFF or the Tor Project by Zscaler senior security researcher Julien Sobrier.
The IE implementation replicates the core functionality of the official Firefox and Chrome HTTPS Everywhere extensions and includes their default rule sets for popular websites. However, some additional features like the ability to create custom rules or the support for the HTTP Strict Transport Security (HSTS) security policy are still missing.
"As the version number suggests, this is a very early release," Sobrier said Monday in a blog post. "I have been using the extension for several weeks without any problems, but it should be considered an alpha release."
The missing features will be added in future versions, the researcher said. For now, the primary goal is to share the source code for the IE version with the EFF and make it available through their website, he said.
In the meantime, people who want to use or try out HTTPS Everywhere for Internet Explorer can download it from a dedicated page on Zscaler's website.
However, this reporter had trouble accessing Wikipedia.org with the add-on enabled in the latest version of Internet Explorer 9 running on a 64-bit installation of Windows 7 Ultimate, so it seems that there are still some bugs to fix.
While this extension sounds like a good tool to have, it remains to be seen how many IE users will actually be interested in using it.
"IE users tend to be more passive and accepting of the default app, rather than adding DIY [do it yourself] extensions -- especially those with a security function," David Harley, a senior research fellow at antivirus vendor ESET, said Wednesday via email.
"I'm not convinced that it will be widely adopted unless Microsoft actually promotes it or, more likely, includes something similar in a future release," Harley said. "It might appeal to security hobbyists, but that's the group that's least likely to use IE."
Harley believes that adoption in corporate environments, where IE has a very strong user base, is also unlikely, at least with the extension's current limitations and at this early stage of development.
- 7 Elements of Radically Simple OS Migration OS migration is typically time-consuming and expensive. To make your next migration easy, follow these six recommendations when planning your project.
- A Survival Guide for Data in the Wild All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices...
Gartner Critical Capabilities for Enterprise Endpoint Backup
With this complimentary report you can:
- Discover the critical product capabilities that matter
- Learn about the unique backup needs of the mobile and...
- Top 10 Endpoint Backup Mistakes When considering endpoint backup options, be sure you're making the right decisions. Protecting data on endpoints has become more challenging because of recent...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!