Monday, November 8, 2010

Firesheep

Session hijacking is nothing new with early tools such as Ferret supporting this attack. This Firefox extension, Firesheep, has simplied the attack.
I can't wait for the Linux version to be released so that I can play with it. Ways of avoiding becoming a victim of session hijacking are:
  1. Using encrypted wireless networks.
  2. Using a VPN tunnel over insecure wireless networks.
  3. Use full HTTPS sessions. HTTPS Everywhere is one tool that automates the use of HTTPS for popular websites like Facebook.
  4. Be wary of links sent via email or instant messaging.

No comments:

Post a Comment