I am glad you mentioned Firesheep. I have warning clients not to log in through the admin panel when visiting public WiFi places like Starbucks and Barnes & Noble because there is a good chance that bad folks are trolling for passwords with Firesheep.
It has caused me to spend more time working from home where I use a wired connection than from my local Starbucks because I don't have a secure way to access Joomla admin panels. I am thinking that Firesheep is going to sell a lot of SSL certs. I am suggesting SSL to clients if they need to use wireless to access their sites. On Fri, Dec 3, 2010 at 1:44 PM, Gary Mort <[email protected]> wrote: > With the release of Firesheep....and my nomadic system lifestyle, I am > seriously reconsidering my former view of "man in the middle" attacks as a > low priority issue. > Looking over the Remember Me plugin, I note that it is easily hijacked via > Firesheep to allow a user without too much technical sophistication to > impersonate someone on a Joomla powered website if it is connected to > through normal HTTP instead of HTTPS. > The simple solution, which I am implementing for myself, is to setup a VPN > to an external system on the internet and tunnel all my traffic through > there. That at least removes the issue with open wifi access. > While self signed certificates can cause general users to become > uncomfortable and not wish to continue on a website, for my own sanity I'm > thinking a short little plugin that always redirects specific users who log > on to the https connection to log on again would be in order. > > > _______________________________________________ > New York PHP SIG: Joomla! Mailing List > http://lists.nyphp.org/mailman/listinfo/joomla > > NYPHPCon 2006 Presentations Online > http://www.nyphpcon.com > > Show Your Participation in New York PHP > http://www.nyphp.org/show_participation.php > -- Stephen Britton Technology Consultant [email protected] ph: 914-661-0040 _______________________________________________ New York PHP SIG: Joomla! Mailing List http://lists.nyphp.org/mailman/listinfo/joomla NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
