Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox 40.0.2 & HTTPS Everywhere


  • Please log in to reply
8 replies to this topic

#1 VecchioScarpone

VecchioScarpone

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 AM

Posted 14 August 2015 - 01:16 AM

 HTTPS Everywhere

 

boqAyho.png

Does any one know why Mozilla cannot verify the add-on and urge precautions on using it?

Not available on Mozilla Add-Ons Gallery any more. (I could not find It there)

 

VS


Edited by VecchioScarpone, 14 August 2015 - 01:19 AM.


BC AdBot (Login to Remove)

 


#2 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 14 August 2015 - 01:39 AM

It's pretty much pointless to use and probably slows your connection. Most search engines are ssl. startpage.com duckduckgo.com yahoo.com google.com they all resolve to https. Any accounts you sign up to banking etc are all going to be ssl. Just be vigilant in what you do. Click on the little globe up top will tell that it's not secure. Any secured site will have a lock icon. Ironically Bleeping Computer doesn't use SSL. Not very good practice coming from a computer help website lol. It does cost money, but it's not a break the bank expense to get a signed cert. Hell some places may even do it free just to help out.



#3 VecchioScarpone

VecchioScarpone
  • Topic Starter

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 AM

Posted 14 August 2015 - 01:52 AM

Thanks mate.

Just that the add-on is highly recommended in many security think tank forums as a must have...

Yes it does slow things down a bit I noticed that, I thought of it as the price I have to pay.

Just that I can be clumsy when online, though I'm a good boy  :notanangel: . 

VS 


Edited by VecchioScarpone, 14 August 2015 - 05:34 PM.


#4 x64

x64

  • Members
  • 352 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:04:04 PM

Posted 14 August 2015 - 02:04 AM

Could this be due to the add-ins signing policy in the latest Firefox release?

See https://www.mozilla.org/en-US/firefox/40.0/releasenotes/

 

"Add-on extensions that are not signed by Mozilla will display a warning"

 

Clicking through the link in that article takes us to

https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox?redirectlocale=en-US&redirectslug=add-ons-signing-firefox

Which would seem to explain this.

 

x64



#5 VecchioScarpone

VecchioScarpone
  • Topic Starter

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 AM

Posted 14 August 2015 - 02:36 AM

x64  #4:

 

Thanks for the links.

 

More explanation from the add-on author available.

Google:

HTTPS-Everywhere Firefox extension development/discussion 

(Could not get a direct link to the webpage)

 

We shall see. Apparently the add-on has not been reviewed and signed by Mozilla since 2014.

For the time being I may play it safe and remove it.

 

VS


Edited by VecchioScarpone, 14 August 2015 - 05:33 PM.


#6 VecchioScarpone

VecchioScarpone
  • Topic Starter

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 AM

Posted 15 August 2015 - 04:10 PM

'Storm in a tea cup?' I jumped the gun ... :o

Did some research, HTTPS Everywhere does come highly recommended.

Apparently next FF 41 and particularly 42 will not allow unsigned Add-Ons at all, not just caution has in FF 40.



#7 technonymous

technonymous

  • Members
  • 2,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 AM

Posted 15 August 2015 - 06:18 PM

The program basically looks for a https version of the website you go to. If there is no ssl then it falls back on http. In my opinion it's a false sense of security. You need to verfiy it yourself. A simple look at the url bar and clicking on that icon will give you more details. Firefox blocked unsigned for a reason. Malicious code can be put into an addon. There is no way to verify that the addon is developed by the designer and are who they say they are and that the program is not tampered with and loaded with viruses and malware. LIke website ssl you can verify programs as well.



#8 VecchioScarpone

VecchioScarpone
  • Topic Starter

  • Members
  • 219 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:04 AM

Posted 15 August 2015 - 06:53 PM

thechnos

 

Thanks again.

As you hinted, it make sense to be careful when surfing as security apps can only help so far. Also the do it yourself approach.

Sometime I feel like to revert to Snail Post for my letters, walk to the bank, do researches at the local Library etc... and leave the PC to  :rip:



#9 LeroyCalloway

LeroyCalloway

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 06 March 2016 - 02:56 AM

if Add-on that are not signed by Mozilla will display a warning but now is auto sign for some extension refer to this url to more information

https://support.mozilla.org/en-US/kb/add-on-signing-in-firefox?redirectlocale=en-US&redirectslug=add-ons-signing-firefox






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users