Securisation de FireFox : Plug-in PERSPECTIVES

[Contact75]

C'est un petit plug-in gratuit de 319 ko, du nom de "PERSPECTIVES" qui s'installe via la page

http://www.cs.cmu.edu/~perspectives/firefox.html

et qui ajoute une couche de sécurité pour vos navigations sur le net.

Le but : Ne plus avoir vos connexions "sniffées", meme par le fournisseur d'accès (ce qui ne n'empechera pas votre FAI de conservert traces des données de connexion :-)

Le plug-in existe en version Windows, Linux et Mac

_______________

What is Perspectives?

Perspectives helps prevent "Man-in-the-Middle" attacks against HTTPS communication by verifying the authenticity of the server's SSL public key. This is particularly important when you connect to websites that have "self-signed", mismatched, or expired certificates, which cause Security Errors and prevent you from connecting to some HTTPS websites.
How Does it Work?

Perspectives builds on the fact that most of the time the Internet works correctly. When attacks do occur, they are likely to be either limited in scope (e.g., a single compromised router) or limited in duration (since large attacks can be more easily detected). Perspectives uses periodic network probing from many vantage points across the Internet to help your browser detect both types of attacks. A set of machines called "network notaries" scattered across the Internet and run by academic researchers periodically probe each server to request its current public key. When your browser needs to authenticate a key, it asks each of network notary for the keys they have seen the server using over time and verify that these records are consistent with the key they received. Thus, in order to fool your browser into accepting an invalid key, an attacker must be on all network paths between a notary and have compromised those paths for a significant amount of time such that the key change is not deemed suspicious. In this way, Perspectives implements a type of ``lightweight PKI'', with network probes from multiple vantage points taking the place of manual verification performed by certificate authorities (e.g., Verisign).