Avoid "Man-in-the-Middle" Attacks With Perspectives


The Perspectives Firefox Extension is a useful free add-on for Firefox that improves the usability of the browser and provides an additional layer of security when connecting to sites using SSL.

When you use a protocol like SSL to connect to a secure web site, your communication with that site is vulnerable to a “man-in-the-middle” attack unless you’re able to identify the remote server in a secure manner. Most sites can be securely identified because they buy a certificate from a Certificate Authority like VeriSign (s vrsn). Unfortunately, as certificates can be expensive and tricky to administer, some sites prefer to self-certify, and some have expired certificates. Attempting to connect to one of these sites will lead to Firefox issuing the “Website Certified by Unknown Authority” warning that you’ve probably seen many times:

Have you ever just clicked “OK” to accept a certificate without checking it out? Most of the time, it’s probably fine, but you could be leaving yourself open to attack.

Perspectives replaces this warning with one that’s much more useful in that it connects to a database to identify the site. If a self-signed certificate is valid, it will skip the warning, but if it looks suspicious and potentially could be an attack,  it will issue a stern warning that you’re less likely to ignore.

There’s more technical detail on how Perspectives works via “Network Notaries” at the web site (it’s a project of the School of Computer Science at Carnegie Mellon University). If you’re using Firefox 3 or later, I recommend that you install this add-on.

What other security-related add-ons do you recommend?

Related GigaOM Pro content (sub. req.): Enabling the Web Work Revolution

(via gHacks)



If a site can’t provide a valid certificate, i don’t trust them anyway. Visit the site: yes leave personal data: Never ever

Simon Mackie

Yes, that’s a good approach to use. I’d prefer not to work with sites that won’t use a proper certificate, but sometimes it’s unavoidable.

Comments are closed.