The Glade 4.0

"Turn the lights down, the party just got wilder."
It is currently Sun Nov 24, 2024 10:44 am

All times are UTC - 6 hours [ DST ]




Post new topic Reply to topic  [ 3 posts ] 
Author Message
 Post subject: Firesheep...
PostPosted: Mon Nov 01, 2010 12:20 pm 
Offline
User avatar

Joined: Thu Sep 03, 2009 3:08 am
Posts: 6465
Location: The Lab
Using this add-on may or may not be violate federal wiretapping laws... but that hasn't stopped half a million people from downloading it...

The good news is, you can protect yourself.. just don't use these sites! :p

http://www.computerworld.com/s/article/ ... r_sessions

Computerworld wrote:
A new Firefox add-on lets "pretty much anyone" scan a Wi-Fi network and hijack others' access to Facebook, Twitter and a host of other services, a security researcher warned today.

The add-on, dubbed "Firesheep," was released Sunday by Eric Butler, a Seattle-based freelance Web application developer, at the ToorCon security conference, which took place Oct. 22-24 in San Diego.

Butler said he created Firesheep to show the danger of accessing unencrypted Web sites from public Wi-Fi spots.

Although it's common for sites to encrypt user log-ons with HTTPS or SSL, few encrypt the actual traffic. "This leaves the cookie, and the user, vulnerable," said Butler in a post to his personal blog. "On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy."

With a user's cookie in hand, a criminal can do anything the user can do on a site, Butler noted. Among the sites that Firesheep can hijack are Facebook, Twitter, Flickr, bit.ly, Google and Amazon.

Butler did not reply to an interview request Monday.

"None of this is new, the flaw certainly isn't," said Richard Wang, the U.S. manager of SophosLabs, the research arm of Abingdon, England-based security company Sophos. "But Firesheep makes it so easy to discover [unencrypted traffic and cookies] that pretty much anyone can use it to listen to what others are doing at public hot spots."

Firesheep adds a sidebar to Mozilla's Firefox browser that shows when anyone on an open network -- such as a coffee shop's Wi-Fi network -- visits an insecure site. "Double-click on someone [in the sidebar] and you're instantly logged on as them," said Butler in his short description of his add-on.

The add-on appears to be irresistible: Since Butler posted Firesheep on Sunday it's been downloaded nearly 50,000 times.

Butler created Firesheep to illustrate the wide-ranging problem of unencrypted sites and public networks. "Web sites have a responsibility to protect the people who depend on their services," he said. "They've been ignoring this responsibility for too long, and it's time for everyone to demand a more secure Web. My hope is that Firesheep will help the users win."

Wang said he was hopeful that the add-on would prompt more sites to encrypt their sessions. "The hope here is of increased use of HTTPS," he said. But he also urged more public networks to secure users, although he acknowledged the logistics -- handing out the passwords that users would need in order to connect -- would be daunting. "It's the old 'security-vs.-convenience' argument," he noted.

Users can protect themselves, said Wang, by refusing to access insecure sites while at open networks.

He added that people who are more technically inclined could rely on a secure proxy server, perhaps one run on their work machine, which their laptops would in turn access. "But that's not a solution for the average user," Wang admitted.

Firesheep, which works with the Windows and Mac OS X versions of Firefox, can be downloaded free of charge at the GitHub site.

Butler is working on Firesheep for the Linux edition of Firefox.


Top
 Profile  
Reply with quote  
 Post subject:
PostPosted: Fri Nov 05, 2010 11:27 am 
Offline
Manchurian Mod
User avatar

Joined: Fri Sep 04, 2009 9:40 am
Posts: 5866
This post was far more awesome than I imagined. It even features a guy named, "Wang."

_________________
Buckle your pants or they might fall down.


Top
 Profile  
Reply with quote  
 Post subject: Re:
PostPosted: Sun Nov 07, 2010 9:37 pm 
Offline
Lean, Mean, Googling Machine
User avatar

Joined: Thu Sep 03, 2009 9:35 am
Posts: 2903
Location: Maze of twisty little passages, all alike
Corolinth wrote:
This post was far more awesome than I imagined. It even features a guy named, "Wang."


Now that you mention it...
Quote:
Users can protect themselves, said Wang, by refusing to access insecure sites while at open networks.

This sounds like some kind of sex-ed innuendo about orgies.

_________________
Sail forth! steer for the deep waters only!
Reckless, O soul, exploring, I with thee, and thou with me;
For we are bound where mariner has not yet dared to go,
And we will risk the ship, ourselves and all.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC - 6 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 154 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group