Nov 06 2010

Force Secure HTTP with NoScript

Yesterday, I blogged about how FireSheep made it quite easy for the average person to impersonate other users on social networking websites that were using the same insecure wireless network. The simplest thing a user can do is to force secure HTTP (or HTTPS – HyperText Transport Protocol Secure) but this can be a chore manually inserting the “s” into every web address. Furthermore. all it takes is one lapse of concentration and someone can seize the opportunity to impersonate you if they are eavesdropping on the wireless network.

Thankfully, a neat little add-on for Firefox called NoScript can automate that task for you and it’s really simple to setup up. Once installed, here’s what you need to do:

  1. Click on the “S” symbol in your Firefox status bar at the bottom of your screen then “Options”,
  2. Click on the “Advanced” tab then the “HTTPS” secondary tab,
  3. In the first text box, type in a web address which you want to force HTTPS (such as *.twitter.com or *.facebook.com) and place each unique address on its own line,
  4. Click “OK”.
NoScript - HTTPS Settings

NoScript - HTTPS Settings

Now, whenever you visit one of those sites you have entered in you should be automatically be connected securely to the website. One thing to bear in mind is that not all websites allow complete usage of HTTPS or some things may stop working. For instance, Facebook Chat stops working when forcing HTTPS (I have yet to work out how to make it work again – you can see that I have been trying to disable HTTPS for the chat component in the second text box).

NoScript does have other benefits such as automatically blocking JavaScript, Java and Flash objects on a website where many of the nasties can get into your computer. By default, NoScript will block them all so you need to provide permission to allow them to load. If you trust a particular website you can provide permission by clicking on the “S” symbol and then allowing each domain in the list to load its objects. Otherwise, leave them blocked and objects under the listed domains will not load. This is particularly handy for websites with lots of Flash ads and banners as NoScript will block them all for you.

At first, you might need to expend some effort allowing all of the basic sites you visit but after that you should be off and running with minimal fuss.

Boydo

My name is Boyd and I’m a Service Management Specialist with a knack for operational data gathering, transformation, analysis and reporting.

In 2012, I obtained my Masters of Science in Information Technology through the University of New South Wales @ The Australia Defence Force Academy (UNSW@ADFA).

I was also part of an online community known as the Panasonic Insider Crew in the capacity of “Insider Guru” for Panasonic Australia where I interacted with other tech enthusiasts and find out more about Panasonic's latest gadgets.

I love technology, gadgets, and the Internet and maintain a keen interest in these areas locally, nationally, and globally. I hope by sharing my views on these topics that people will receive an honest point of view from someone with a genuine interest in these topics.

I have also written and edited articles for Neowin - you can check out my articles over @ https://www.neowin.net/news/poster/boyd_chan

I hope you enjoy reading my blog!

3 pings

  1. […] wary of the risks of using open Wi-Fi networks at places like McDonald’s. Solutions such as enforcing the use of SSL (Secure Sockets Layer) security with something such as NoScript for Firefox, using a VPN to encrypt […]

  2. […] or you could use NoScript with Firefox to force it for you so you don’t need to remember (as covered here in a prior […]

  3. […] month, I covered how you could use Firefox with the NoScript add-on to force Secure HTTP (HTTPS) in order to protect yourself when using social networking websites on an unprotected […]

Leave a Reply

Your email address will not be published.