The SSL Blacklist add-on warning screen after loading a page
If you’re a Mozilla Firefox user and you haven’t installed the SSL Blacklist add-on from CodeFromThe70s.org yet, you should absolutely go there right now and click the
sslblacklist-4.0.30.xpi link. By installing this plugin you can help protect yourself from suspect SSL root certificate authorities, as well as make sure the sites you’re visiting are no longer using the demonstratively flawed MD5 hash algorithm.
ASIDE: I’d argue this plugin along with NoScript are the two greatest arguments for using Firefox. No other browser with these plugins are a match. I feel naked, cold and scared using anything else now.
MD5 is still probably safe, but the fact it has been shown to have problems should alert people running websites to move over to an SHA hash instead. If you find such a site, you absolutely want to let their admins know about it.
So far I’ve installed SSL Blacklist on my dad’s, sister’s and my machines and we’ve been warned the following sites are using MD5:
If we find any more we’ll add them to the list. Feel free to post a comment with links too. Be careful though, my spam filters block anything with more than three links so you may need to space them out. Cheers.