Secure your cookies

In light of the publicity created by Firesheep, HTTPS Everywhere has been updated to force websites to activate a secure flag in cookies used to authenticate their users.
I finally tested Firesheep. It is painfully easy to use for hijacking sessions. Here I start Firesheep on a Windows machine (via RDP) and I log into Facebook on a Ubuntu system. As seen in the screenshot, Firesheep quickly captures the cookie of that session and permits easy access to the active account.
at No comments:
Labels: , , , , ,

Blacksheep

Security vendor, Zscaler, unleashes a tool named Blacksheep to warn users of the presence of a machine running Firesheep. It doesn't mitigate session hijacking but sounds an alarm to alert of a malicious party in close proximity.
at No comments:
Labels: , , ,

Firesheep

Session hijacking is nothing new with early tools such as Ferret supporting this attack. This Firefox extension, Firesheep, has simplied the attack.
I can't wait for the Linux version to be released so that I can play with it. Ways of avoiding becoming a victim of session hijacking are:
  1. Using encrypted wireless networks.
  2. Using a VPN tunnel over insecure wireless networks.
  3. Use full HTTPS sessions. HTTPS Everywhere is one tool that automates the use of HTTPS for popular websites like Facebook.
  4. Be wary of links sent via email or instant messaging.
at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)

dnssecaudit.py

Since I was on a roll with Copilot, I decided to automate DNSSEC auditing with the following Python script. Not the most creative tool name....

  • "An error occured in avast! engine: Invalid argument"
    This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
  • Encrypted mails
    I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...