EmailDiscussions.com

EmailDiscussions.com (http://www.emaildiscussions.com/index.php)
-   The Off-Topic Lounge (http://www.emaildiscussions.com/forumdisplay.php?f=23)
-   -   Firesheep (http://www.emaildiscussions.com/showthread.php?t=60642)

B4its2L8 26 Oct 2010 01:42 AM

Firesheep
 
Hi,

I didn't know if this should be posted here or elsewhere, but here is a link to an article which sent shivers down my spine. I don't know if it applies simply to things like Facebook and Twitter, or if it also applies to things like Yahoo mail and Hotmail (since they don't use full-session SSL).

janusz 26 Oct 2010 02:53 AM

I find it difficult to treat seriously a blog article which claims that "As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed". At best the user name will be shown. A photo? Does the insecure site takes photos, even when no camera is attached to the user's system???

B4its2L8 26 Oct 2010 11:45 PM

FWIW, here's an article related to the one above. :eek:

Bamb0 11 Nov 2010 07:16 PM

MOZILLA did not create this!! (In case some were wondering)

Its not good at all!

elvey 30 Aug 2020 05:21 AM

For some reason, this forum (EMD) remains vulnerable to this.
Even if I specify HTTPs when coming here, I find the connection switches over to HTTP.
For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew.

Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability.

Bamb0 30 Aug 2020 06:22 AM

There is NO REASON to worry about using SSL on a site like this anyway.......

All we do is mostly discuss email here.thats nothing worth hiding!

chrisretusn 30 Aug 2020 02:29 PM

Based on my short bit of research, I don't see anything to be worried about. From what I've been able to determine, this Firesheep was created to demonstrates HTTP session hijacking attacks. Basically the capture sessions of other users on a unsecured WiFi connection. If your not using unsecured WiFi, nothing to worry about.

elvey 23 Sep 2020 11:22 AM

Quote:

Originally Posted by Bamb0 (Post 617458)
There is NO REASON to worry about using SSL on a site like this anyway.......

All we do is mostly discuss email here.thats nothing worth hiding!

Right, and I'm sure not one of the users here uses the same password for this site that they use for a site where security is more important. Not!

And no one has any old PMs with private information in them lying around. Not!

And no one uses TOR while logged in here. Not!

chrisretusn 24 Sep 2020 12:26 AM

Quote:

Originally Posted by elvey (Post 617603)
Right, and I'm sure not one of the users here uses the same password for this site that they use for a site where security is more important. Not!

At least one. I suspect more than one. I have a lot of passwords and the one used with this site is unique.

Quote:

And no one has any old PMs with private information in them lying around. Not!
Again at least one. Nothing with private information my PM's. I have 22 of them.

Quote:

And no one uses TOR while logged in here. Not!
LOL, you got me there. I'm not using Tor right now.

None of this is relevant to Firesheep anyway.

Edit: I am using Tor now. ;)


All times are GMT +9. The time now is 04:15 PM.


Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy