Hey all - just going to point out this article,which mentions two other firefox plugins that can be used to prevent yourself from being firesheep'd. The war continues... http://techcrunch.com/2010/10/25/firesheep/ On Thu, Oct 28, 2010 at 6:31 AM, jeremy hunsinger <jhuns@vt.edu> wrote:
while hardware level encryption would be nice... and it could in theory solve this problem... using it as a solution is sort of like... 'oh the water is polluted, let's route it through a sealed viaduct' solution. Sure, it works, but it doesn't address the cause, which is poor session management in browsers and other tools. This is a software problem at its base. you could have the same problem with a multi-link serial network, you could have the same problem on an ethernet network, or basically any broadcast level network with multidimensional routing. making the network itself stronger so people can't get on it, is one option, but as i said it doesn't address the direct problem which is that two computers which are trusting each other, are not using sufficient credentials to establish and maintain that trust. a session is basically a system of trust, one computer trusts the other computer to be what it says. also keep in mind that... you could always watch people' s open traffic and insert date into open streams, so the question is whether or not this is new or whether the system is actually broken at all. some of you may remember i demonstrated logs and insertions back at ir 2.0 as part of my 'scare the living daylights out of you over internet security' talk. this tool just makes that talk easier it seems. _______________________________________________ The Air-L@listserv.aoir.org mailing list is provided by the Association of Internet Researchers http://aoir.org Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
Join the Association of Internet Researchers: http://www.aoir.org/