Tuesday, October 26, 2010

Re: Firesheep

Facebook does work if you type an https://, though I am not sure that it is=
necessarily secure.

You make a great point about capturing this teaching opportunity. This secu=
rity detail is one that I often forget to share with students.
~Jayme


On 10/26/10 4:33 AM, "Jason Johnson" <jasonpj@yahoo.com> wrote:

It is also a good teaching opportunity. Teach students and teachers that a=
ny
site you have to log in to always use https:// both for log-in AND for cont=
ent.
If it is not available (e.g. facebook) use a site that does. Even if you
secure your open wireless or use a hardwired LAN this tool and others like =
it
can be used pull traffic and data and end-to-end SSL between the browser an=
d the
server is the best assurance.

_J

____________________________
Jason at jasonpj@yahoo.com


________________________________
From: Bill Fitzgerald <dwfitzgerald@yahoo.com>
To: ISED-L@LISTSERV.SYR.EDU
Sent: Mon, October 25, 2010 3:04:48 PM
Subject: Firesheep

Hello, all,

Just wanted to give you a heads up about an app called "Firesheep" -
http://codebutler.com/firesheep

From the description:

"After installing the extension you'll see a new sidebar. Connect to any =
busy
open wifi network and click the big "Start Capturing" button. Then wait. A=
s
soon as anyone on the network visits an insecure website known to Fireshee=
p,
their name and photo will be displayed. Double-click on someone, and you'r=
e
instantly logged in as them."

So, a person can install a Firefox extension, and start taking over other
people's Facebook/etc accounts. There are some limitations to where it wil=
l
work (it works best over unsecured wireless) but it definitely lowers the =
bar
for non-technical people to start stealing other peoples accounts.

So, for those of you running school networks, it might be worth checking th=
is
out to see what is visible over your wireless.

This Firefox extension has been recommended as a means of mitigating the
effects: https://addons.mozilla.org/en-US/firefox/addon/12714/

Cheers,

Bill


[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=3D128874=
]
Submissions to ISED-L are released under a creative commons, attribution,
non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=3DISED-L


[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=3D128874=
]
Submissions to ISED-L are released under a creative commons, attribution, n=
on-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=3DISED-L


[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=3D128874 ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=3DISED-L