Firesheep
Hi,
I didn't know if this should be posted here or elsewhere, but here is a link to an article which sent shivers down my spine. I don't know if it applies simply to things like Facebook and Twitter, or if it also applies to things like Yahoo mail and Hotmail (since they don't use full-session SSL). |
I find it difficult to treat seriously a blog article which claims that "As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed". At best the user name will be shown. A photo? Does the insecure site takes photos, even when no camera is attached to the user's system???
|
FWIW, here's an article related to the one above. :eek:
|
MOZILLA did not create this!! (In case some were wondering)
Its not good at all! |
For some reason, this forum (EMD) remains vulnerable to this.
Even if I specify HTTPs when coming here, I find the connection switches over to HTTP. For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew. Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability. |
There is NO REASON to worry about using SSL on a site like this anyway.......
All we do is mostly discuss email here.thats nothing worth hiding! |
Based on my short bit of research, I don't see anything to be worried about. From what I've been able to determine, this Firesheep was created to demonstrates HTTP session hijacking attacks. Basically the capture sessions of other users on a unsecured WiFi connection. If your not using unsecured WiFi, nothing to worry about.
|
Quote:
And no one has any old PMs with private information in them lying around. Not! And no one uses TOR while logged in here. Not! |
Quote:
Quote:
Quote:
None of this is relevant to Firesheep anyway. Edit: I am using Tor now. ;) |
All times are GMT +9. The time now is 04:15 PM. |
Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy