Firefox Update Offers Always-on HTTPS – Response From Industry Expert.

By   ISBuzz Team
Writer , Information Security Buzz | Nov 19, 2020 03:53 am PST

As part of our dot your expert comments, industry experts reacted on Mozilla’s latest Firefox release, which offers users always-on HTTPS encryption. You can read the blog from Mozilla here.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Kevin Bocek
Kevin Bocek , VP Security Strategy & Threat Intelligence
November 19, 2020 11:55 am

This is a welcome move from Mozilla, and an important step towards a fully-encrypted web that on the whole, makes us safer online than we are now. HTTPS protects user privacy by setting up encrypted and trusted tunnels between browsers and servers, underpinned by TLS machine identities. By introducing always-on HTTPS, Mozilla aims to ensure that all user connections will be encrypted in this way, ensuring that Firefox won’t make any unencrypted connections without the user’s permission.

However, it’s important to realise that as browsers implement always-on HTTPS encryption, cybercriminals will default to using TLS machine identities as a fundamental part of their toolkits. Without them, cybercriminal’s sites will be flagged as unsecure and attackers will be locked out of targeting their victims.

Despite this, HTTPS doesn’t necessarily guarantee online safety – it forces cybercriminals into arming themselves with TLS machine identities in order to preserve their capabilities. Always-on HTTPS is therefore a reminder of just how valuable TLS machine identities are in the wrong hands, and a reminder that organisations must ensure that their security tools are all able to inspect encrypted HTTPS tunnels as we move to a 100% TLS encrypted communications world. This creates a need for centralised intelligence and automation to ensure that all security tools – such as firewalls, intrusion detection and prevention, or analytics are fed and updated with all the relevant machine identities to ensure they can inspect all traffic that flows within HTTPS tunnels.

Last edited 3 years ago by Kevin Bocek

Recent Posts

Would love your thoughts, please comment.x