So how do you check to insure that your network is using incription? And what if you're away and wish to use a freely available network? For example, I use one e-mail for almost all things but another for financial/legal matters. If I use my regular e-mail and stay away from shopping sites and ones that use my legal name, is it safe for me to browse the net via an unsecured network or can they actually hack into my computer itself?
Thanks, Eleni On 11/4/10, David Ferrin <ow...@jaws-users.com> wrote: > This is true folks. > David Ferrin > ow...@jaws-users.com > I believe that tomorrow is another day, and I'll probably screw that one up > too. > ----- Original Message ----- > From: "Aiden Gardiner" <aiden.gardiner....@googlemail.com> > To: <blind-computing@jaws-users.com> > Sent: Thursday, November 04, 2010 1:05 PM > Subject: Re: [Blind-Computing] daily term > > > this is what the firesheep firefox extention does. It was designed to > demonstrate how much of a risk this attack poses. now a user who has the > extention can go to any open wireless hotspot, such as in a cafe, see > exactly who is on the network with them, and their profile picture if they > are logged onto a website the extention supports and by simply > double-clicking on the person's name, they hijack that individual's account. > the only fix is for hotspot admins to employ WPA encryption at the very > least, or for websites to force SSL for the entire session, which > unfortunately not many do. I say this as a warning to everyone, whether you > run your own wireless network or not, make sure the network your connecting > to uses at least WPA encryption, wep encryption simply is not enough any > more because it's now so easy to brake into those networks. > > Aiden > ----- Original Message ----- > From: "David Ferrin" <d...@jaws-users.com> > To: <blind-computing@jaws-users.com> > Sent: Thursday, November 04, 2010 12:15 PM > Subject: [Blind-Computing] daily term > > >> sidejacking >> >> "When logging into a Web site you usually start by submitting your >> username and password. The server then checks to see if an account >> matching this information exists and if so, replies back to you with a >> 'cookie,' which is used by your browser for all subsequent requests." >> >> Most Web sites protect your username and password with a secure HTTPS >> connection. Unfortunately, many immediately drop back into insecure HTTP >> once a visitor is signed in - and the site sends its cookie back over a >> now-insecure connection. Anybody snooping on your conversation can make a >> copy of the cookie and use it to interact with the Web site in precisely >> the same way you do. >> David Ferrin >> Most people don't know what they're doing and a lot of them are really >> good at it. >> For answers to frequently asked questions about this list visit: >> http://www.jaws-users.com/help/ > > > For answers to frequently asked questions about this list visit: > http://www.jaws-users.com/help/ > > > For answers to frequently asked questions about this list visit: > http://www.jaws-users.com/help/ > For answers to frequently asked questions about this list visit: http://www.jaws-users.com/help/
