|
The Off-Topic Lounge APPROPRIATE FAMILY-FRIENDLY TOPICS ONLY - READ THE RULES! This forum is for posting anything (excluding topics prohibited by the forum rules) that's unrelated to email. General discussions, in other words. |
|
Thread Tools |
26 Oct 2010, 12:42 AM | #1 |
Master of the @
Join Date: Dec 2007
Location: Hiding under my bed
Posts: 1,465
|
Firesheep
Hi,
I didn't know if this should be posted here or elsewhere, but here is a link to an article which sent shivers down my spine. I don't know if it applies simply to things like Facebook and Twitter, or if it also applies to things like Yahoo mail and Hotmail (since they don't use full-session SSL). |
26 Oct 2010, 01:53 AM | #2 |
The "e" in e-mail
Join Date: Feb 2006
Location: EU
Posts: 4,945
|
I find it difficult to treat seriously a blog article which claims that "As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed". At best the user name will be shown. A photo? Does the insecure site takes photos, even when no camera is attached to the user's system???
|
11 Nov 2010, 06:16 PM | #4 |
Master of the @
Join Date: Feb 2005
Location: USA
Posts: 1,876
|
MOZILLA did not create this!! (In case some were wondering)
Its not good at all! |
30 Aug 2020, 04:21 AM | #5 |
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
|
For some reason, this forum (EMD) remains vulnerable to this.
Even if I specify HTTPs when coming here, I find the connection switches over to HTTP. For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew. Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability. |
30 Aug 2020, 05:22 AM | #6 |
Master of the @
Join Date: Feb 2005
Location: USA
Posts: 1,876
|
There is NO REASON to worry about using SSL on a site like this anyway.......
All we do is mostly discuss email here.thats nothing worth hiding! |
30 Aug 2020, 01:29 PM | #7 |
Cornerstone of the Community
Join Date: Aug 2006
Location: Philippines
Posts: 846
|
Based on my short bit of research, I don't see anything to be worried about. From what I've been able to determine, this Firesheep was created to demonstrates HTTP session hijacking attacks. Basically the capture sessions of other users on a unsecured WiFi connection. If your not using unsecured WiFi, nothing to worry about.
|
23 Sep 2020, 10:22 AM | #8 | |
The "e" in e-mail
Join Date: Jan 2002
Location: San Francisco
Posts: 2,458
|
Quote:
And no one has any old PMs with private information in them lying around. Not! And no one uses TOR while logged in here. Not! |
|
23 Sep 2020, 11:26 PM | #9 | |||
Cornerstone of the Community
Join Date: Aug 2006
Location: Philippines
Posts: 846
|
Quote:
Quote:
Quote:
None of this is relevant to Firesheep anyway. Edit: I am using Tor now. |
|||