to force https when it's available:
https://www.eff.org/https-everywhere
https://addons.mozilla.org/en-US/firefox/addon/12714/
These extensions will only work on sites that have http enabled.
But yes, this is definitely a teachable moment.
Cheers,
Bill
----- Original Message ----
From: Jayme Johnson <jjohnson@village-school.org>
To: ISED-L@LISTSERV.SYR.EDU
Sent: Tue, October 26, 2010 6:44:34 AM
Subject: Re: Firesheep
Facebook does work if you type an https://, though I am not sure that it is
necessarily secure.
You make a great point about capturing this teaching opportunity. This security
detail is one that I often forget to share with students.
~Jayme
On 10/26/10 4:33 AM, "Jason Johnson" <jasonpj@yahoo.com> wrote:
It is also a good teaching opportunity. Teach students and teachers that any
site you have to log in to always use https:// both for log-in AND for content.
If it is not available (e.g. facebook) use a site that does. Even if you
secure your open wireless or use a hardwired LAN this tool and others like it
can be used pull traffic and data and end-to-end SSL between the browser and the
server is the best assurance.
_J
____________________________
Jason at jasonpj@yahoo.com
________________________________
From: Bill Fitzgerald <dwfitzgerald@yahoo.com>
To: ISED-L@LISTSERV.SYR.EDU
Sent: Mon, October 25, 2010 3:04:48 PM
Subject: Firesheep
Hello, all,
Just wanted to give you a heads up about an app called "Firesheep" -
http://codebutler.com/firesheep
From the description:
"After installing the extension you'll see a new sidebar. Connect to any busy
open wifi network and click the big "Start Capturing" button. Then wait. As
soon as anyone on the network visits an insecure website known to Firesheep,
their name and photo will be displayed. Double-click on someone, and you're
instantly logged in as them."
So, a person can install a Firefox extension, and start taking over other
people's Facebook/etc accounts. There are some limitations to where it will
work (it works best over unsecured wireless) but it definitely lowers the bar
for non-technical people to start stealing other peoples accounts.
So, for those of you running school networks, it might be worth checking this
out to see what is visible over your wireless.
This Firefox extension has been recommended as a means of mitigating the
effects: https://addons.mozilla.org/en-US/firefox/addon/12714/
Cheers,
Bill
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution,
non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution,
non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution,
non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L
[ For info on ISED-L see https://www.gds.org/podium/default.aspx?t=128874 ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=ISED-L