Tuesday, October 26, 2010

Re: Firesheep

It is also a good teaching opportunity. Teach students and teachers that any
site you have to log in to always use https:// both for log-in AND for content.
If it is not available (e.g. facebook) use a site that does. Even if you
secure your open wireless or use a hardwired LAN this tool and others like it
can be used pull traffic and data and end-to-end SSL between the browser and the
server is the best assurance.

_J

____________________________
Jason at jasonpj@yahoo.com


________________________________
From: Bill Fitzgerald <dwfitzgerald@yahoo.com>
To: ISED-L@LISTSERV.SYR.EDU
Sent: Mon, October 25, 2010 3:04:48 PM
Subject: Firesheep

Hello, all,

Just wanted to give you a heads up about an app called "Firesheep" -
http://codebutler.com/firesheep

From the description:

"After installing the extension you'll see a new sidebar. Connect to any busy
open wifi network and click the big "Start Capturing" button. Then wait. As
soon as anyone on the network visits an insecure website known to Firesheep,
their name and photo will be displayed. Double-click on someone, and you're
instantly logged in as them."

So, a person can install a Firefox extension, and start taking over other
people's Facebook/etc accounts. There are some limitations to where it will
work (it works best over unsecured wireless) but it definitely lowers the bar
for non-technical people to start stealing other peoples accounts.

So, for those of you running school networks, it might be worth checking this
out to see what is visible over your wireless.

This Firefox extension has been recommended as a means of mitigating the
effects: https://addons.mozilla.org/en-US/firefox/addon/12714/

Cheers,

Bill


[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution,
non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L


[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L

Posted by the ISED-L listserv at