New Security Add-Ons for Firefox

---

Most lists of Mozilla Firefox security add-ons talk about the same old extensions. Do Web of Trust (WOT), NoScript, AdBlock Plus or LastPass sound familiar? These all add great functionality to the open source browser, but we’re going to look at some newer ones that you probably haven’t seen yet.

1. Firesheep
This add-on monitors the traffc on open or unencrypted Wi-Fi networks and demonstrates the vulnerability of  HTTP session hijacking. It can capture the login credentials to numerous sites, including Amazon, Facebook, Flickr, Google, Windows Live, Twitter and Yahoo just to name a few. It displays the captured accounts on the sidebar where you can click on them to login with their account. Though the login session to the site may be encrypted, Firesheep validates that only end-to-end encryption like SSL provides complete protection. You can download it here

You should understand not all wireless adapters can sniff the traffc of other users on wireless networks. Thus sometimes Firesheep will only capture accounts that are logged into from the same PC running it. However, wireless adapters do exist that can listen in on any user’s traffc.

Firesheep is available for Windows XP or newer with Winpcap installed and Mac OS X 10.5 or newer on an Intel processor. Linux support is on the way. It requires Firefox 3.6.12 or newer (32-bit only).

2. SSLPersonas
As you may know, SSL encryption can secure your logins and data on websites. In Firefox, you’ll see a button with the domain or company name appearing on the left of the address bar and a small padlock in the lower right corner of the browser when you’re connected via SSL/HTTPS.

However, more a visible indication can better help you identify sites that aren’t secured. The SSLPersonas add-on does this by turning the background of Firefox another color based upon the encryption status.When Firefox turns green the website is certifed and the operator was verifed by a trustworthy authority.

Blue indicates a website is secured with a valid certifcate, but the organization isn’t fully verifed. Orange indicates a website is only partially secure. You’ll know when a site isn’t secured at all there’s no color. SSLPersonas also improves certifcate error warning pages by giving you a preview of the blocked website. If you do indeed trust the site, you can bypass the warning with one click.