HTTPS Everywhere: Fend Off Firesheep

The Web is an insecure place and getting more insecure all the time. The latest threat, the Firesheep add-in for Firefox, is particularly dangerous because it is exceedingly simple to use. Someone with absolutely no hacking experience can grab your private login information to sites such as Facebook and Amazon, and then log in as you and do anything they want, as if they were you. The free Firefox add-in HTTPS Everywhere helps protect against that threat and other privacy invaders by effectively encrypting information when you visit certain Web sites.

A collaboration between the Electronic Frontier Foundation and the Tor Project (which employs a network and free software to help protect people’s privacy), HTTPS Everywhere ensures that when you visit certain sites, all of your communications are encrypted and secure.

To use it, all you need to do is install it. Once you do that, HTTPS Everywhere does its work invisibly. Among the sites it works on are Facebook, Twitter, Google Search, Wikipedia, Paypal, the New York Times, the Washington Post, and others. It works only when the sites themselves use the HTTPS protocol, and works only on a group of specific sites. So it won’t protect you everywhere. And it won’t protect you when you use other Internet services, such as an instant messaging client, or use client-based email such as Outlook.

Source:
http://www.networkworld.com/reviews/2010/112710-https-everywhere-fend-off.html?source=nww_rss

Posted in Internet, Privacy, Security | No Comments

FireShepherd – The FireSheep Killer

FireShepherd, a small console program that floods the nearby wireless network with packets designed to turn off FireSheep, effectively shutting down nearby FireSheep programs every 0.5 sec or so, making you and the people around you secure from most people using FireSheep. The program kills the current version of FireSheep running nearby, but the user is still in danger of all other session hijacking mechanisms. Do not do anything over a untrusted network that you cannot share with everyone.

-Know that this is only a temporary solution to the FireSheep problem, created to give people the chance to secure themselves and the others around them from the current threat, while the security vulnerabilities revealed by FireSheep are being fixed.

Source:
http://notendur.hi.is/~gas15/FireShepherd/

Posted in Internet, Privacy | No Comments

Firesheep Highlights Web Privacy Problem

A new add-on program for the popular Firefox Web browser is stirring up longstanding concerns over how many websites electronically identify their users.

It’s a problem associated with the use of wireless networks. The add-on program, Firesheep, is designed to make it easy to intercept browser “cookies” used by popular Web sites like Facebook, Twitter and others to identify their users, thereby allowing Firesheep users to log-in to those Web sites posing as others.

To work, a user of Firesheep must have the program running on an ordinary computer on a shared wireless network where it can grab cookies after other users on the network log into popular Web sites, according to a post by Eric Butler, the developer of the program. Butler in his post suggests Firesheep works on “open” wireless networks, but doesn’t specify whether that includes networks where many strangers share a common password to access it, as in a café or convention center.

Source:
http://blogs.wsj.com/digits/2010/10/25/firesheep-highlights-web-privacy-problem/

Tool:
http://codebutler.com/firesheep

Posted in Internet, Privacy, Security | No Comments

evercookie

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Source:
http://samy.pl/evercookie/

Posted in Internet, Privacy | 1 Comment

Update your browsers!

Today, Firefox moved up to 3.6.11 and Google Chrome (stable release) moved up to 7.0.517.41. Lots of security fixes in these new versions.

Posted in Internet, Security | No Comments