Herding Firesheep In NYC — Do Users Care?

Posted by timothy on Friday October 29, 2010 @11:14AM from the not-so-much dept.

An anonymous reader writes "Following the Firesheep uproar, I spent some time telling people who don't read Slashdot about the vulnerability that open WiFi networks create in what seemed like the most effective way possible: by sidejacking their accounts and sending them messages about how it happened. The results were surprising — would users really rather leave their accounts open to intruders rather than stay off Facebook at Starbucks? The link recounts the experience, and also lists some rough numbers of how many accounts could be compromised at a popular NY Starbucks location."

2 of 200 comments (clear)

Min score:

Reason:

Sort:

Re:If you did this to me by pthisis · 2010-10-29 11:40 · Score: 4, Informative

It Takes a Thief got the owner's permission before staging the break-ins. If you got someone's permission before attempting to sidejack their account, you'd probably be in the clear. Without it, you're breaking the law.

--
rage, rage against the dying of the light
Even forced SSL doesn't work by George_Ou · 2010-10-29 21:01 · Score: 4, Informative

Forced SSL doesn't even work for Google, Twitter, and Facebook and probably most other sites even if they support SSL. That's because the javascript on those pages will opt to transmit authentication cookies in the clear. http://www.digitalsociety.org/2010/10/even-forced-ssl-is-broken-for-facebook-google-twitter/