How To Protect Your Login Information From Firesheep. TechCrunch reader Steve Manuel claims to have found a workaround to Firesheep, the controversial Firefox extension that allows anyone on an insecure open Wifi network to access user login info for almost every single social network in existence.
Firesheep banks on the fact that most social sites default to the HTTP protocol because it’s quicker. The already existing Firefox extension Force-TLS attempts to circumvent this by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep. Like the alternative option HTTPS Everywhere, the Force-TLS Firefox extension allows your browser to change HTTP to HTTPS on sites that you indicate in the Firefox Add On “Preferences” menu, protecting your login information and ensuring a secure connection when you access social sites. HTTPS encrypts user data, so if a script like Firesheep’s like tries to pull it, it can’t be read.
How to configure: 1. 2. 3. Thanks: Steve Manuel Teaser Image: Kevin Steele. How To: Avoid Getting Fleeced By Firesheep. Over the last 24 hours the world has been abuzz with talk about a small Firefox extension.
Usually Firefox extensions don’t make headlines, but in this case one did. Why? This extension is called Firesheep, and it’s scary. The Firesheep plugin can hijack your Facebook, Twitter, and Flikr sessions while you are connected to unsecured wifi. What do we mean hijack? Yeah, wow. First off I want to tell you about my day yesterday (it relates, trust me). I dash to one of my favourite coffee places close by (which I also knew had open wifi) after getting Firesheep all loaded up (it took less than a minute). Holy crap. Just like everyone said, running Firesheep I could see who was logged into Facebook and a bunch of other sites and with a double-click be that person. I’m not usually a terribly paranoid person online, but this gave me the willies. First thing, if you have a wireless network at home and you haven’t set up a WPA (or even WEP) password on it, do it now.
Firesheep - codebutler. When logging into a website you usually start by submitting your username and password.
The server then checks to see if an account matching this information exists and if so, replies back to you with a "cookie" which is used by your browser for all subsequent requests. It's extremely common for websites to protect your password by encrypting the initial login, but surprisingly uncommon for websites to encrypt everything else. This leaves the cookie (and the user) vulnerable. HTTP session hijacking (sometimes called "sidejacking") is when an attacker gets a hold of a user's cookie, allowing them to do anything the user can do on a particular website.
On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy. This is a widely known problem that has been talked about to death, yet very popular websites continue to fail at protecting their users. After installing the extension you'll see a new sidebar. That's it. Privacy advocates fear massive fed health database. Computerworld - Several privacy groups have raised alarms over plans by the U.S.
Office of Personnel Management (OPM) to build a database that would contain information about the healthcare claims of millions of Americans. The concerns have surfaced because the OPM has provided few details about the new database and because the data collected will be shared with law enforcement, third-party researchers and others. In a letter to OPM Director John Berry, the Center for Democracy and Technology (CDT) and 15 other organizations asked the agency to release more details on the need for the database and how the data contained in it will be protected and used.
The OPM "should not create this massive database full of detailed individual health records without giving the public a full and fair chance to evaluate the specifics of the program," the letter cautioned. "There are far too many unknowns about the program for it to be acceptable," at this point, Geiger said. FireShepherd. FireShepherd, a small console program that floods the nearby wireless network with packets designed to turn off FireSheep, effectively shutting down nearby FireSheep programs every 0.5 sec or so, making you and the people around you secure from most people using FireSheep.
The program kills the current version of FireSheep running nearby, but the user is still in danger of all other session hijacking mechanisms. Do not do anything over a untrusted network that you cannot share with everyone. -Know that this is only a temporary solution to the FireSheep problem, created to give people the chance to secure themselves and the others around them from the current threat, while the security vulnerabilities revealed by FireSheep are being fixed. Optional command line switches: -i *IP* Ip Destination for packets, local router is recommended. (A trivial facebook server is default) The local router can be found with the tracert command.
Note that a dot represents a packet being sent.