Linux Today: Linux News On Internet Time.

10 Ways to Protect Yourself from Firesheep Attacks

Nov 08, 2010, 22:37 (0 Talkback[s])
(Other stories by Lisa Phifer)

"Years after BlackHat sidejacking demos, far too many websites remain vulnerable to this session cookie hijack attack. Frustrated by apathy and inaction, web developer Eric Butler and colleague Ian Gallagher decided to raise awareness with Firesheep – a Firefox plug-in that makes sidejacking as easy as 1-2-3.

"These and other sites vulnerable to session hijacking really need to be fixed to properly protect all exchanges with SSL/TLS. This is by far the most desirable antidote. Website operators simply cannot continue to ignore sidejacking, given the relative ease with which vulnerable sites can be exploited – especially in open public networks.

"In the meantime, what can ordinary users do to limit their own exposure to Firesheep and older, less-user-friendly sidejacking tools, such as Ferret, Hamster, or Cookie Monster? Here we consider ten steps that have been suggested to reduce your risk of being sidejacked – and why many are impractical or incomplete"

Complete Story

Related Stories: