Cause mayhem! Bleat like Firesheep for security!
Have you had your identity stolen yet? It sure isn’t fun. And you were not the only one. Did you get through to and were you supported by the developer of the site? Likely not. Maybe you got your account restored. Maybe you were made to think it was in your power, your responsibility, and you had just been a dummie user?
A first solution exists to prevent the easy sidejack, but does not seem to get through. Many web sites still leave its users wide open to identity theft.
SideJacking is most common on sites that require authentication through a username and password and use a non-SSL cookie for that. Targets of sidejacking are online web mail and social networking sites.
What needs to change
SSL (full encryption) needs to be used exclusively, and authentication cookies need to have the “Secure” flag set, to keep users safer from sidejacking. But this is not in the hands of users. Sites must do it. And it is not that expensive.
And then there was Firesheep
EVERYBODY can now help cause all the mayhem, so that users can make their claims and be heard, and perhaps social networking sites will be more secure in the future.
You can download Firesheep here. And read about installation and how it works here. Then cause some mayhem without doing damage. Just leave a message that you ask the real owner of a by you sidejacked account to report the breach of security to administrators and log out again. Or better yet, if possible, sidejack an administrator account, leave a message, and leave. Then make sure you forget the logins and passwords. Integrity first!
And while we wait …
- Firesheep Sniffs Out User Credentials at Wi-Fi Hotspots [Downloads] (lifehacker.com)
- How to guard yourself and your Mac from Firesheep and Wi-Fi snooping (tuaw.com)
- Secure websites are insecure – ask Firesheep (sophos.com)
- Firesheep, a day later (codebutler.com)