EmailDiscussions.com  

Go Back   EmailDiscussions.com > Miscellaneous > The Off-Topic Lounge
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

The Off-Topic Lounge APPROPRIATE FAMILY-FRIENDLY TOPICS ONLY - READ THE RULES!
This forum is for posting anything (excluding topics prohibited by the forum rules) that's unrelated to email. General discussions, in other words.

Reply
 
Thread Tools
Old 26 Oct 2010, 01:42 AM   #1
B4its2L8
Master of the @
 
Join Date: Dec 2007
Location: Hiding under my bed
Posts: 1,465
Firesheep

Hi,

I didn't know if this should be posted here or elsewhere, but here is a link to an article which sent shivers down my spine. I don't know if it applies simply to things like Facebook and Twitter, or if it also applies to things like Yahoo mail and Hotmail (since they don't use full-session SSL).
B4its2L8 is offline   Reply With Quote

Old 26 Oct 2010, 02:53 AM   #2
janusz
The "e" in e-mail
 
Join Date: Feb 2006
Location: EU
Posts: 4,747
I find it difficult to treat seriously a blog article which claims that "As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed". At best the user name will be shown. A photo? Does the insecure site takes photos, even when no camera is attached to the user's system???
janusz is offline   Reply With Quote
Old 26 Oct 2010, 11:45 PM   #3
B4its2L8
Master of the @
 
Join Date: Dec 2007
Location: Hiding under my bed
Posts: 1,465
FWIW, here's an article related to the one above.
B4its2L8 is offline   Reply With Quote
Old 11 Nov 2010, 07:16 PM   #4
Bamb0
Master of the @
 
Join Date: Feb 2005
Location: USA
Posts: 1,427
MOZILLA did not create this!! (In case some were wondering)

Its not good at all!
Bamb0 is offline   Reply With Quote
Old 30 Aug 2020, 05:21 AM   #5
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,449
For some reason, this forum (EMD) remains vulnerable to this.
Even if I specify HTTPs when coming here, I find the connection switches over to HTTP.
For example, if I click on "New Posts", I arrive at an insecure page, even though the link is to https://emaildiscussions.com/search.php?do=getnew.

Enabling HSTS would fix the security problem, but I guess/recall Edwin is inactive, and it would impact usability.
elvey is offline   Reply With Quote
Old 30 Aug 2020, 06:22 AM   #6
Bamb0
Master of the @
 
Join Date: Feb 2005
Location: USA
Posts: 1,427
There is NO REASON to worry about using SSL on a site like this anyway.......

All we do is mostly discuss email here.thats nothing worth hiding!
Bamb0 is offline   Reply With Quote
Old 30 Aug 2020, 02:29 PM   #7
chrisretusn
Cornerstone of the Community
 
Join Date: Aug 2006
Location: Philippines
Posts: 701
Based on my short bit of research, I don't see anything to be worried about. From what I've been able to determine, this Firesheep was created to demonstrates HTTP session hijacking attacks. Basically the capture sessions of other users on a unsecured WiFi connection. If your not using unsecured WiFi, nothing to worry about.
chrisretusn is offline   Reply With Quote
Old 23 Sep 2020, 11:22 AM   #8
elvey
The "e" in e-mail
 
Join Date: Jan 2002
Location: San Francisco
Posts: 2,449
Quote:
Originally Posted by Bamb0 View Post
There is NO REASON to worry about using SSL on a site like this anyway.......

All we do is mostly discuss email here.thats nothing worth hiding!
Right, and I'm sure not one of the users here uses the same password for this site that they use for a site where security is more important. Not!

And no one has any old PMs with private information in them lying around. Not!

And no one uses TOR while logged in here. Not!
elvey is offline   Reply With Quote
Old 24 Sep 2020, 12:26 AM   #9
chrisretusn
Cornerstone of the Community
 
Join Date: Aug 2006
Location: Philippines
Posts: 701
Quote:
Originally Posted by elvey View Post
Right, and I'm sure not one of the users here uses the same password for this site that they use for a site where security is more important. Not!
At least one. I suspect more than one. I have a lot of passwords and the one used with this site is unique.

Quote:
And no one has any old PMs with private information in them lying around. Not!
Again at least one. Nothing with private information my PM's. I have 22 of them.

Quote:
And no one uses TOR while logged in here. Not!
LOL, you got me there. I'm not using Tor right now.

None of this is relevant to Firesheep anyway.

Edit: I am using Tor now.
chrisretusn is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 02:02 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy