- Dec 21, 2017
- 478
Do I really need HTTPS Everywhere extension for chrome as chrome will display a warning if the accessing site is not using HTTPS?
It breaks some websites.Its a light extension, i dont see the reason why you should not have it.
100% agree, malware authors are becoming smarter and it isn't all that difficult for them to get hold of a HTTPS certificate. They can steal them from others (and have genuine ones revoked after exposure of having been stolen and used in malicious operations) or they can order one appearing as a genuine customer (or not - I guess some companies are awful with knowing the intentions or do less checks) for maybe 100 euros.malware is not forbidden from HTTPS
My shortened response: No.Do I really need HTTPS Everywhere extension for chrome as chrome will display a warning if the accessing site is not using HTTPS?
It breaks some websites.
By the way just as a general note, about the encrypted traffic between the browser and the target destination... Banking malware can actually intercept SSL and this technique is known as "WebInject". The older technique for banking malware is "form-grabbing", but that only covers HTTP communication, not HTTPS. SSL data will be decrypted by the browser client post-communication, and this is where banking malware can abuse this (exploit) to retrieve the decrypted SSL data via WebInject.
Another would be messing with the certificates on the system... Some AVs do this, and it can open opportunity for a Man-In-The-Middle (MITM) attack
So HTTPS is far from perfect, but it is still helpful I think
HTTPS for websites not designed for it (e.g. not with the manual certificate/changes to make it work) can cause problems. Which is why HTTPS Everywhere can cause breakages sometimes and likely why Google have not tried to make similar. But they do display bad certificate details in-browser and alert while blocking a load sometimes about certificates and safe connections.Unfortunately yes. You would think Chrome would have integrated this by now but there are many sites that will still load HTTP by default without HTTPS Everywhere.
The main problem is SSL scanning can trash certificates leaving you unable to connect to sites and surf the Internet.
I would leave things well enough alone and https already works for most sites without an extension. Is it needed? No.