![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
seawolf10 posting in ![[community profile]](https://www.dreamwidth.org/img/silk/identity/community.png){kind=small}
scans_dailyLong story short, someone worked out a simplified way to take advantage of open wi-fi connections...and released it as a Firefox add-on for mass consumption. There are security options that help with it, though.
I figure anyone who was planning to use the add-on already knows about it, but our folks don't, and wouldn't be inclined to use it in any case. (Mods, if you disagree, feel free to pull the post.)
Detailed description of the problem: http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/
Security option 1: http://techcrunch.com/2010/10/25/firesheep/
Security option 2: https://www.eff.org/https-everywhere
The second option is a little more useful, since it comes pre-loaded with https rules for some major sites. I'd suggest running both.
Tech-head/hacker discussion, with some more security info: http://news.ycombinator.com/item?id=1827928
No, LJ and Dreamwidth don't have the appropriate security protocols. Trying to use these add-ons with them can give you trouble. If I'm understanding the problem correctly (which I may not be), for the next couple months, don't do anything important (possibly excluding functions that already have SSL security, like online ordering) over a wi-fi connection, until the major sites upgrade their security protocols. And clear your cookies regularly.
For legality, have three old pages from Digger...which I seem to have posted before. Eh, it was over a year ago.
Attempts at diplomacy don't go well...
I figure anyone who was planning to use the add-on already knows about it, but our folks don't, and wouldn't be inclined to use it in any case. (Mods, if you disagree, feel free to pull the post.)
Detailed description of the problem: http://techcrunch.com/2010/10/24/firesheep-in-wolves-clothing-app-lets-you-hack-into-twitter-facebook-accounts-easily/
Security option 1: http://techcrunch.com/2010/10/25/firesheep/
Security option 2: https://www.eff.org/https-everywhere
The second option is a little more useful, since it comes pre-loaded with https rules for some major sites. I'd suggest running both.
Tech-head/hacker discussion, with some more security info: http://news.ycombinator.com/item?id=1827928
No, LJ and Dreamwidth don't have the appropriate security protocols. Trying to use these add-ons with them can give you trouble. If I'm understanding the problem correctly (which I may not be), for the next couple months, don't do anything important (possibly excluding functions that already have SSL security, like online ordering) over a wi-fi connection, until the major sites upgrade their security protocols. And clear your cookies regularly.
For legality, have three old pages from Digger...which I seem to have posted before. Eh, it was over a year ago.
Attempts at diplomacy don't go well...
no subject
Date: 2010-10-26 11:28 am (UTC)no subject
Date: 2010-10-26 04:49 pm (UTC)He got off comparatively easy.
...so not exactly, but he may be named after him!
no subject
Date: 2010-10-26 04:50 pm (UTC)Thanks!
no subject
Date: 2010-10-26 04:02 pm (UTC)no subject
Date: 2010-10-26 07:01 pm (UTC)no subject
Date: 2010-10-26 07:28 pm (UTC)no subject
Date: 2010-10-27 01:22 am (UTC)