Test yoself before you wreck yoself

[Thomphoolery]

http://codebutler.com/firesheep

Interesting tool.

-j

[Djfurball]

Yikes.

[Omegaman]

<a href="http://www.youtube.com/v/chNc7nGhQ4M" target="_blank">http://www.youtube.com/v/chNc7nGhQ4M</a>

What he meant to say was... "Keaton always said, 'I don't believe in God, but I'm afraid of him.' Well I believe in God, and the only thing that scares me is Evercookie."

Evercookie

Brought to you buy the same person who created the Samy Worm attack on MySpace years ago.

[Skuld]

I know that quote (with out the Evercookie =^.^=)!!! Usual Suspects is one of my fav movies... Saddly at work I can't check that video file... >.> Will watch on my phone instead!

[Falaenx]

This should produce some decent entertainment for me today at the university.

[Nazgrax]

This should produce some decent entertainment for me today at the university.

[Omegaman]

http://codebutler.com/firesheep

Interesting tool.

-j

From TechCrunch...a how to guide on installing a Firefox plugin to help circumvent what Firesheep attempts to exploit.  I haven't tested these yet, and I'm not certain the plugins work on all Firefox versions.  You will probably have to keep yourself updated on this.  This isn't an end all, be all fix, and you have to manually type in the sites you want to ensure get forced to HTTPS, but it's better than nothing.  Understand, this isn't a browser exploit, this is simply the website's problem, swapping you back to nonSSL after the login session and only authenticating you with an insecure cookie which gets sent back and forth during the entire session on those sites.

Current websites vulnerable by Firesheep: Amazon, Basecamp, bit.ly, Enom, FaceBook, FourSquare, Github, Google, Hacker News, Harvest, The New York Times, Pivotal Tracker, Twitter, ToorCon, Evernote, Dropbox, Windows Live, Cisco, Slicehost, Gowalla, Flickr

Sites potentially soon to be supported by Firesheep:  Yahoo, eBay, Linkedin, Digg, Reddit, Wikipedia, Blogger, GoDaddy, Posterous, Tumbr, Netflix, YouTube, SlashDot, MobileMe, PayPal, Salesforce, Craigslist, MySpace, Match, AOL

As I've said many times, please try to avoid logging in to any site over a wifi or unprotected/unsecure internet connection. 

There still exist programs like Cain&Abel for password sniffing over networks and raw data dumps.  I think there are even mobile apps now that piggy back Cain&Abel and Wireshark. 

As Thom said, "Test yoself before you wreck yoself."

[Thomphoolery]

Current websites vulnerable by Firesheep: Amazon, Basecamp, bit.ly, Enom, FaceBook, FourSquare, Github, Google, Hacker News, Harvest, The New York Times, Pivotal Tracker, Twitter, ToorCon, Evernote, Dropbox, Windows Live, Cisco, Slicehost, Gowalla, Flickr

Sites potentially soon to be supported by Firesheep:  Yahoo, eBay, Linkedin, Digg, Reddit, Wikipedia, Blogger, GoDaddy, Posterous, Tumbr, Netflix, YouTube, SlashDot, MobileMe, PayPal, Salesforce, Craigslist, MySpace, Match, AOL

For those who don't want to install a Firefox plugin, you can simply make sure you use the https version instead of the http version in most cases. For instance, https://www.google.com/* instead of http://www.google.com/

-j

[Djfurball]

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

Never knew that Flash had its own cookies, and that you can remove them from that page.

TMYK