Tuesday, October 26, 2010

Re: Firesheep

Just ran across this article:
http://www.computerworld.com/s/article/9193201/How_to_protect_against_Firesheep_attacks

Lucy Gray

On Tue, Oct 26, 2010 at 1:43 PM, Bill Fitzgerald <dwfitzgerald@yahoo.com>wrote:

> There are two firefox extensions that can help mitigate this - both can be
> used
> to force https when it's available:
>
> https://www.eff.org/https-everywhere
>
>
> https://addons.mozilla.org/en-US/firefox/addon/12714/
>
> These extensions will only work on sites that have http enabled.
>
> But yes, this is definitely a teachable moment.
>
> Cheers,
>
> Bill
>
>
> ----- Original Message ----
> From: Jayme Johnson <jjohnson@village-school.org>
> To: ISED-L@LISTSERV.SYR.EDU
> Sent: Tue, October 26, 2010 6:44:34 AM
> Subject: Re: Firesheep
>
> Facebook does work if you type an https://, though I am not sure that it
> is
> necessarily secure.
>
> You make a great point about capturing this teaching opportunity. This
> security
> detail is one that I often forget to share with students.
> ~Jayme
>
>
> On 10/26/10 4:33 AM, "Jason Johnson" <jasonpj@yahoo.com> wrote:
>
> It is also a good teaching opportunity. Teach students and teachers that
> any
> site you have to log in to always use https:// both for log-in AND for
> content.
> If it is not available (e.g. facebook) use a site that does. Even if you
> secure your open wireless or use a hardwired LAN this tool and others like
> it
> can be used pull traffic and data and end-to-end SSL between the browser
> and the
> server is the best assurance.
>
> _J
>
> ____________________________
> Jason at jasonpj@yahoo.com
>
>
>
>
> ________________________________
> From: Bill Fitzgerald <dwfitzgerald@yahoo.com>
> To: ISED-L@LISTSERV.SYR.EDU
> Sent: Mon, October 25, 2010 3:04:48 PM
> Subject: Firesheep
>
> Hello, all,
>
> Just wanted to give you a heads up about an app called "Firesheep" -
> http://codebutler.com/firesheep
>
> From the description:
>
> "After installing the extension you'll see a new sidebar. Connect to any
> busy
> open wifi network and click the big "Start Capturing" button. Then wait.
> As
> soon as anyone on the network visits an insecure website known to
> Firesheep,
> their name and photo will be displayed. Double-click on someone, and
> you're
> instantly logged in as them."
>
> So, a person can install a Firefox extension, and start taking over other
> people's Facebook/etc accounts. There are some limitations to where it
> will
> work (it works best over unsecured wireless) but it definitely lowers the
> bar
> for non-technical people to start stealing other peoples accounts.
>
> So, for those of you running school networks, it might be worth checking
> this
> out to see what is visible over your wireless.
>
> This Firefox extension has been recommended as a means of mitigating the
> effects: https://addons.mozilla.org/en-US/firefox/addon/12714/
>
> Cheers,
>
> Bill
>
>
>
>
> [ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874]
> Submissions to ISED-L are released under a creative commons, attribution,
> non-commercial, share-alike license.
> RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
>
>
>
>
> [ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874]
> Submissions to ISED-L are released under a creative commons, attribution,
> non-commercial, share-alike license.
> RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
>
>
>
>
> [ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874]
> Submissions to ISED-L are released under a creative commons, attribution,
> non-commercial, share-alike license.
> RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
>
>
>
>
>
> [ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874]
> Submissions to ISED-L are released under a creative commons, attribution,
> non-commercial, share-alike license.
> RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
>

[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L