Cause mayhem! Bleat like Firesheep for security!

Have you had your identity stolen yet? It sure isn’t fun. And you were not the only one. Did you get through to and were you supported by the developer of the site? Likely not. Maybe you got your account restored. Maybe you were made to think it was in your power, your responsibility, and you had just been a dummie user?

A first solution exists to prevent the easy sidejack, but does not seem to get through. Many web sites still leave its users wide open to identity theft.

The basics

SideJacking is most common on sites that require authentication through a username and password and use a non-SSL cookie for that. Targets of sidejacking are online web mail and social networking sites.

What needs to change

SSL (full encryption) needs to be used exclusively, and authentication cookies need to have the “Secure” flag set, to keep users safer from sidejacking. But this is not in the hands of users. Sites must do it. And it is not that expensive.

And then there was Firesheep

EVERYBODY can now help cause all the mayhem, so that users can make their claims and be heard, and perhaps social networking sites will be more secure in the future.

Bleat!

You can download Firesheep here. And read about installation and how it works here. Then cause some mayhem without doing damage. Just leave a message that you ask the real owner of a by you sidejacked account to report the breach of security to administrators and log out again. Or better yet, if possible, sidejack an administrator account, leave a message, and leave. Then make sure you forget the logins and passwords. Integrity first!

And while we wait …

Get ForceTLS and/or HTTPS-Everywhere, stop using open WiFi, and surf anonymously.

Advertisements

Posted on October 27, 2010, in Tools and tagged , , , , . Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s