[liberationtech] Firesheep: Making the Complicated Trivial
Douglas Finley
dafinley at gmail.com
Tue Oct 26 11:16:10 PDT 2010
Isn't Tor designed exactly for these circumstances?
On Tue, Oct 26, 2010 at 12:54 PM, Danny O'Brien <DObrien at cpj.org> wrote:
>
> On Oct 25, 2010, at 2:17 PM, Chris Palmer wrote:
>
> > On Oct 25, 2010, at 1:22 PM, Frank Corrigan wrote:
> >
> >> "Firesheep will scan local Wi-Fi networks. It will locate users who are
> >> logged into Facebook, Twitter, Google, Amazon, Dropbox, Evernote,
> >> Wordpress, Flickr, bit.ly and other services.
> >
> > Take a look at the "other services" that Firesheep can attack. A moment's
> reflection should disturb you even more deeply than you already were. :) EFF
> is going to be communicating with some of the more important sites.
> >
>
> I think one thing that could be made more clear is that Firesheep
> highlights a problem with unencrypted communications, not with open wifi
> networks. I'm reading a lot of reports that basically boil down to "don't
> use open wifi", which I suppose mitigates Firesheep specifically, up until
> the point that someone bundles ARP-spoofing into a Firesheep-like package,
> thereby making WPA networks vulnerable also (and I believe wifi networks
> "secured" with WEP are already vulnerable to Firesheep as it stands, though
> I haven't tried it).
>
> ObLibTech: the problem is even more pervasive if you're a
> activist/journalist, when your potential attacker may well be intercepting
> communications upstream, not just as a peer on your local network.
>
> I've written a little about this on the CPJ Internet blog here:
> http://cpj.org/internet/2010/10/protecting-journalists-from-firesheep.php
>
> d.
>
>
>
>
> > --
> > Chris Palmer
> > Technology Director, Electronic Frontier Foundation
> >
> > _______________________________________________
> > liberationtech mailing list
> > liberationtech at lists.stanford.edu
> >
> > Should you need to change your subscription options, please go to:
> >
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech
> >
> > If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
> >
> > You will need the user name and password you receive from the list
> moderator in monthly reminders.
> >
> > Should you need immediate assistance, please contact the list moderator.
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101026/3bc023c1/attachment.html>
More information about the liberationtech
mailing list