[liberationtech] Firesheep: Making the Complicated Trivial
Jillian C. York
jilliancyork at gmail.com
Tue Oct 26 11:33:44 PDT 2010
As someone relatively savvy who has actually had my password sniffed during
a conference (whilst using open wi-fi), I find this incredibly troubling. I
had overlooked upgrading my copy of Tweetdeck, and the version I had did not
encrypt passwords. A kid at the conference, trying to prove a point,
sniffed a bunch of folks' passwords; all of them were using third-party
Twitter platforms that did not encrypt passwords.
I was aware of the issue, but was lax in my updates. Others had no idea
this was even an issue. I think that's the point at which we need to start.
On Tue, Oct 26, 2010 at 2:30 PM, Seth David Schoen <schoen at eff.org> wrote:
> Douglas Finley writes:
>
> > Isn't Tor designed exactly for these circumstances?
>
> It lets you change one set of people spying on you and taking over your
> sessions for another.
>
>
> http://www.metafilter.com/67162/Amazing-discoveries-in-plaintext-Tor-exit-traffic
>
> Firesheep can probably be used unmodified by a Tor exit node operator
> on an unswitched wired network that their exit node is on.
>
> Sometimes having a random stranger in a position to spy on you _is_
> probably safer than the local network operator and ISP, though!
>
> --
> Seth Schoen
> Senior Staff Technologist schoen at eff.org
> Electronic Frontier Foundation https://www.eff.org/
> 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click
> above) next to "would you like to receive list mail batched in a daily
> digest?"
>
> You will need the user name and password you receive from the list
> moderator in monthly reminders.
>
> Should you need immediate assistance, please contact the list moderator.
>
--
Berkman Center for Internet and Society |
https://cyber.law.harvard.edu/people/jyork
jilliancyork.com | @jilliancyork | tel: +1-857-891-4244
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20101026/766fa5b8/attachment.html>
More information about the liberationtech
mailing list