Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Zscaler Releases HTTPS Everywhere for Internet Explorer

Cloud-based Internet security provider Zscaler on Monday released an early version of HTTPS Everywhere for Internet Explorer, a free tool that forces the Web browser to use HTTPS connection requests whenever possible.

ZScaler’s new tool is based on the original HTTPS Everywhere browser extension for Chrome and Firefox developed by The Tor Project and the Electronic Frontier Foundation.

Cloud-based Internet security provider Zscaler on Monday released an early version of HTTPS Everywhere for Internet Explorer, a free tool that forces the Web browser to use HTTPS connection requests whenever possible.

ZScaler’s new tool is based on the original HTTPS Everywhere browser extension for Chrome and Firefox developed by The Tor Project and the Electronic Frontier Foundation.

“Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use,” the EFF explained in a blog post. “For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using a clever technology to rewrite requests to these sites to HTTPS.”

“HTTPS Everywhere redirects users to HTTPS URLs based on a set of rules,” Zscalers’s Julien Sobrier noted in a blog post. “Switching from HTTP to HTTPS is still not as easy as it should be and many domains have not designed their websites to be accessed securely.”

While privacy is an important reason for using secure HTTPS connections, security is even more of a reason to utilize the added layer of protection. For example, using HTTPS connections can help prevent man-in-the-middle attacks and secures web site cookies and session IDs that if exposed can be used to hijack user accounts by essentially “stealing” browser session IDs.

The extension works with most recent 32-bit versions of Internet Explorer running on Windows XP SP3 to Windows 8 and on Internet Explorer 6 to 10. A version that supports Internet Explorer 64-bit will be available soon, Zscaler said.

“As the version number suggests, this is a very early release. I have been using the extension for several weeks without any problems, but it should be considered an alpha release. Version 0.0.0.1 translates URLs from HTTP to HTTPS according to the EFF rules and secures cookies,” Sobrier said. “It does not currently support HSTS, not does it provide support for custom rules.”

“[Documentation] details how the extension works and describes its architecture. Some of the behaviors are not obvious, so I strongly suggest that you read it,” Sobrier added.

Advertisement. Scroll to continue reading.

More information on HTTPS Everywhere for Internet Explorer along a download link can be found here.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...

Cloud Security

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.