Firesheep looks for authentication cookies in open wireless networks & steals them. People using social network sites need to be cautious about their network.
This type of attack can be made by using tools like wireshark but then it requires certain level of expertise.
In order to defend from firesheep you have to access your sites from https connection, that can be achieved by using HTTPS Everywhere. It's a firefox addson which forces the users to use https connection always. It is developed by the Electronic Frontier Foundation (EFF) and Tor Project. Like Firesheep, HTTPS Everywhere doesn't support every Web site — but it does support popular sites, like Github, Dropbox, Bit.ly, Twitter, Hotmail, and Facebook.Chrome and Chromium users can use the
--force-https option to force HTTPS connections, though this has some drawbacks in that you can't connect to non-HTTPS sites and self-signed CA certificates will not be allowed access.
No comments:
Post a Comment