This is true folks. David Ferrin ow...@jaws-users.com I believe that tomorrow is another day, and I'll probably screw that one up too. ----- Original Message ----- From: "Aiden Gardiner" <aiden.gardiner....@googlemail.com> To: <blind-computing@jaws-users.com> Sent: Thursday, November 04, 2010 1:05 PM Subject: Re: [Blind-Computing] daily term
this is what the firesheep firefox extention does. It was designed to demonstrate how much of a risk this attack poses. now a user who has the extention can go to any open wireless hotspot, such as in a cafe, see exactly who is on the network with them, and their profile picture if they are logged onto a website the extention supports and by simply double-clicking on the person's name, they hijack that individual's account. the only fix is for hotspot admins to employ WPA encryption at the very least, or for websites to force SSL for the entire session, which unfortunately not many do. I say this as a warning to everyone, whether you run your own wireless network or not, make sure the network your connecting to uses at least WPA encryption, wep encryption simply is not enough any more because it's now so easy to brake into those networks. Aiden ----- Original Message ----- From: "David Ferrin" <d...@jaws-users.com> To: <blind-computing@jaws-users.com> Sent: Thursday, November 04, 2010 12:15 PM Subject: [Blind-Computing] daily term > sidejacking > > "When logging into a Web site you usually start by submitting your > username and password. The server then checks to see if an account > matching this information exists and if so, replies back to you with a > 'cookie,' which is used by your browser for all subsequent requests." > > Most Web sites protect your username and password with a secure HTTPS > connection. Unfortunately, many immediately drop back into insecure HTTP > once a visitor is signed in - and the site sends its cookie back over a > now-insecure connection. Anybody snooping on your conversation can make a > copy of the cookie and use it to interact with the Web site in precisely > the same way you do. > David Ferrin > Most people don't know what they're doing and a lot of them are really > good at it. > For answers to frequently asked questions about this list visit: > http://www.jaws-users.com/help/ For answers to frequently asked questions about this list visit: http://www.jaws-users.com/help/ For answers to frequently asked questions about this list visit: http://www.jaws-users.com/help/