firesheep

Firesheep - How Can Public WiFi Protect Its Users?

Posted Tue, 2010-11-02 18:41 by matthew

Firesheep continues to get huge Buzz around the blog-o-sphere. It has opened up a lot of eyes regarding security and how inherently insecure the Web can be. The truth is, Websites should start to deal with the issues of side-jacking. One of the arguments is that servers might not be able to handle the extra load. Whether that is a valid argument or not is rather debatable. Sites may not have to encrypt every page to give logged in users protection.

When I loaded up Firesheep the first time, I noted that I couldn't sidejack one of my own accounts on either of my wireless networks. Why was that I wondered? What was special about my network that was different than the coffee shop down the street? I have a wireless router kicking around that isn't used for anything - it is in mint condition. Opening it wide I was able to hijack one laptop in the house with another - but after applying WPA password encryption the security hole seemed to have cleared up. At VERY least coffeeshops, libraries, schools, churches, and any other group that might have wireless available to folks should secure it with some level of WPA. This ought to solve the firesheep issue.

But searching around to get more clarity on the issue made it clear to me, that even though firesheep is a nuisance and will make me think twice about using public wifi - there is only one way to do it.

Firesheep - Lets Make the Common Man Hacker Ready!

Posted Tue, 2010-10-26 20:21 by matthew

Do you use firefox? Can you download an extension? If you do and can, firesheep has just given you the tools to hack into social network accounts and engage in mayhem. Seriously, yesterday at Toorcon 12, Eric Butler announced he was releasing firesheep. This is an extension that allows anybody to sniff, on a network, for users that have logged into apps like Facebook and Twitter capture their session and hijack their account.