Extension Police is a Chrome Extension developed by Juan Olaizola & Jean which aims to improve the Browser security by blocking malicious extension based on their permissions and behavior. In this review we’re going to check if it’s worth to be installed or not.
Grammarly, maybe the most used spellchecker with the most users, has patched a bug that left users’ data exposed to malicious third-party websites. The browser extensions allow the service to check text typed into web-based applications including Gmail, Facebook, Twitter and LinkedIn, as well as online publishing systems such as WordPress. The company also offers mobile apps for Android and iOS.
It isn’t a must-have extension (in my opinion) and it can break some websites but it can be beneficial if it works. I remember it used to very popular and the popularity died down a bit because certificates are very cheap these days. I once used it and liked it at the time, but I removed it a very long ago because I’ve not a need for it anymore.
By the way just as a general note, about the encrypted traffic between the browser and the target destination. Banking malware can actually intercept SSL and this technique is known as “WebInject“. The older technique for banking malware is called “Form-grabbing“, but that only covers HTTP communication, not HTTPS. SSL data will be decrypted by the browser client post-communication, and this is where banking malware can abuse this (exploit) to retrieve the decrypted SSL data via WebInject. Another would be messing with the certificates on the system. Some Anti-Virus programs do this and it can open opportunity for a Man-In-The-Middle (MITM) attack.
Johnny assumes HTTPS Everywhere automatically switches sites to HTTPS when available. So when he hits a login over HTTP he shrugs and says “I guess they don’t have HTTPS” and fills in the login anyway.
Johnny realizes that more and more, with HTTPS Everywhere installed he doesn’t need to worry about the lock icon in the URL bar. After all, if HTTPS is available HTTPS Everywhere will automatically switch him over, and if it isn’t, there is nothing he can do about it anyway.
Johnny isn’t aware that HTTPS Everywhere is automatically sending a fingerprint of every HTTPS site he visits to HTTPS Observatory (allowing them to track his browsing if they wanted).
The extension might be infected/faked or collects data. Less extension -> lower attack surface.
High memory usage to parse the integrated rule list.
Malware these days is using HTTPS (as mentioned) more than ever before, increasing by the day. This is why modern gateway appliances are all going to be required to do SSL scanning. Deep inspection takes a locally installed Root certificates but normal SSL inspection doesn’t. HTTPS Everywhere isn’t required at all when you do SSL validation at the UTM level.
NoScript (by Giorgio Maone) is one of the most popular security extension when it comes to Firefox, in this quick tutorial I talk about its basics and show some configurations to work with it on a daily basis.