Dude, ForceHTTPS

Fri Jun 19 2009 00:00:00 GMT+0000 (Coordinated Universal Time)

hacks

There's been quite a bit of attention (EFF, NYT, BBC) paid to the letter to Google from 38 security experts requesting that they make HTTPS the default for their cloud computing services (GMail, Google Docs, Calendar, etc.).

The simple and somewhat neglected answer to this is a recent solution developed by the Stanford Web Security Group: ForceHTTPS. (The associated academic paper from Jackson and Barth is here.)

ForceHTTPS is a FireFox browser plugin that ensures that all connections to Google services use SSL and HTTPS. Additionally, it ensures that your Google cookie never gets sent when you perform a Google search, which is the only part of Google's services stack that does not support SSL. (It also forces HTTPS for PayPal, American Express, Bank of America, Chase, and Fidelity.)

So, take matters into your own hands and use it!