[liberationtech] Firesheep: Making the Complicated Trivial

Danny O'Brien DObrien at cpj.org
Tue Oct 26 10:54:20 PDT 2010 

On Oct 25, 2010, at 2:17 PM, Chris Palmer wrote:

> On Oct 25, 2010, at 1:22 PM, Frank Corrigan wrote:
> 
>> "Firesheep will scan local Wi-Fi networks. It will locate users who are
>> logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote,
>> Wordpress, Flickr, bit.ly and other services.
> 
> Take a look at the "other services" that Firesheep can attack. A moment's reflection should disturb you even more deeply than you already were. :) EFF is going to be communicating with some of the more important sites.
> 

I think one thing that could be made more clear is that Firesheep highlights a problem with unencrypted communications, not with open wifi networks. I'm reading a lot of reports that basically boil down to "don't use open wifi", which I suppose mitigates Firesheep specifically,  up until the point that someone bundles ARP-spoofing into a Firesheep-like package, thereby making WPA networks vulnerable also (and I believe  wifi networks "secured" with WEP are already vulnerable to Firesheep as it stands, though I haven't tried it). 

ObLibTech: the problem is even more pervasive if you're a activist/journalist, when your potential attacker may well be intercepting communications upstream, not just as a peer on your local network.

I've written a little about this on the CPJ Internet blog here: 
http://cpj.org/internet/2010/10/protecting-journalists-from-firesheep.php

d.




> -- 
> Chris Palmer
> Technology Director, Electronic Frontier Foundation
> 
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.

More information about the liberationtech mailing list