Get flash to fully experience Pearltrees
TechCrunch reader Steve Manuel claims to have found a workaround to Firesheep , the controversial Firefox extension that allows anyone on an insecure open Wifi network to access user login info for almost every single social network in existence. Firesheep banks on the fact that most social sites default to the HTTP protocol because it’s quicker. The already existing Firefox extension Force-TLS attempts to circumvent this by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep. Like the alternative option HTTPS Everywhere , the Force-TLS Firefox extension allows your browser to change HTTP to HTTPS on sites that you indicate in the Firefox Add On “Preferences” menu, protecting your login information and ensuring a secure connection when you access social sites. HTTPS encrypts user data, so if a script like Firesheep’s like tries to pull it, it can’t be read.
Over the last 24 hours the world has been abuzz with talk about a small Firefox extension. Usually Firefox extensions don’t make headlines, but in this case one did. Why?
When logging into a website you usually start by submitting your username and password. The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests. It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website.
Computerworld - Several privacy groups have raised alarms over plans by the U.S. Office of Personnel Management (OPM) to build a database that would contain information about the healthcare claims of millions of Americans. The concerns have surfaced because the OPM has provided few details about the new database and because the data collected will be shared with law enforcement, third-party researchers and others. In a letter to OPM Director John Berry, the Center for Democracy and Technology (CDT) and 15 other organizations asked the agency to release more details on the need for the database and how the data contained in it will be protected and used.
FireShepherd, a small console program that floods the nearby wireless network with packets designed to turn off FireSheep, effectively shutting down nearby FireSheep programs every 0.5 sec or so, making you and the people around you secure from most people using FireSheep. The program kills the current version of FireSheep running nearby, but the user is still in danger of all other session hijacking mechanisms. Do not do anything over a untrusted network that you cannot share with everyone. -Know that this is only a temporary solution to the FireSheep problem, created to give people the chance to secure themselves and the others around them from the current threat, while the security vulnerabilities revealed by FireSheep are being fixed.