Slashdot Mirror
Herding Firesheep In NYC — Do Users Care?
An anonymous reader writes "Following the Firesheep uproar, I spent some time telling people who don't read Slashdot about the vulnerability that open WiFi networks create in what seemed like the most effective way possible: by sidejacking their accounts and sending them messages about how it happened. The results were surprising — would users really rather leave their accounts open to intruders rather than stay off Facebook at Starbucks? The link recounts the experience, and also lists some rough numbers of how many accounts could be compromised at a popular NY Starbucks location."
You would be arrested. Breaking into someones house to point out that you can break into their house still leaves you with a breaking and entering charge. Even if you caused no damage and took nothing, you're still going to jail brainiac.
People leave themselves signed into facebook all the time in my university library. Some people just don't care that much.
I hope his guy well. But there's gotta be somebody who thought up the idea of sending him a cease and desist letter just for the fun of it - or extracting a few thousand dollars from him.
... that some users might weigh the costs of security against the costs of being insecure and opt to be insecure. As an example, I don't generally lock the doors of my car. I've found that if I do, people that want to get in when I'm not there break the windows and take what they want anyway. Locking my car doors merely causes the extra headache of replacing the glass alongside whatevever gets stolen. Yet the author of TFA would consider me a moron for being within the universe of people that have an intruder yet still refuse to lock their doors.
Bingo. The article he linked to talks about VPNs. Seriously, WTF? The threat Firesheep poses is basically this - some guy harassing strangers in a Starbucks. Maybe if you're very unlucky a friend/enemy doing the same. Weigh up the options, which is easier - ignoring the occasional douchebag who causes trouble in Starbucks vs buying service from a VPN provider. It's not surprising most people choose the former and you don't need an experiment to realize it!
I wonder if the problem isn't linked to the spread of specific remedy rather than actual understanding. We've all told confused relatives and friends to delete random messages appearing in their accounts, and to avoid clicking on links or buying products that promise some online miracle. That's possibly what those last hold-outs in TFA were reflexivly doing. In effect we're trained people to behave in a way that was understood to improve security, without providing them the context to protect themselves in any other situation. Like teaching a child not to stick their hand into the sitting-room fireplace but failing to mention that stoves, heaters, and engines all get bloody hot too. Hell that's a flawed lesson as well...they should have been taught about heat and burning as concepts. I'm not really sure how to solve the issue though. At the end of the day a large portion of the population lack the skills, time, interest, or motivation to learn about what is becoming the increasingly complicated world of computer security. I'm a proud geek and I couldn't tell you how secure firefox add-ons are, or which virus scanner does the most reliable work, or how the hell to stop random ports blah blah blah
That being said only 5 out of 20 actually ignored the advice. Of those another 1 took a little more effort but finally learned his lesson. That's not bad odds considering.
So, does your insurance company give you a discount for providing easier access to thieves?
So that's the reason. None of them noticed his messages because they were too busy staring at his crotch.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
A lot of the time it seems people would rather not know, or be dismissive of their risk because they just simply cannot comprehend the details or do not want to. There is nothing else you can do for them. Someone once said about people: you can explain it to them, they will understand it, and then they will ignore it.
boycott slashdot February 10th - 17th check out: altSlashdot.org
How exactly VPN can help there? You're still passing unencrypted data to Facebook. All the gain is that it's less likely than someone listens to the traffic between the VPN provider and Facebook compared to the unpalatable liquid venue you're in.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
What gives this guy the right to do this? He should be prosecuted!
Maybe he should go around picking locks and leaving notes in peoples house about how easy it is to get into the house.
Self important prick.
My sister understood that after I showed her how easy it can be to dig up information on people who do not take any precautions, ie. her previous employer who fired her. But that anecdote aside, I think I agree with previous voices.. great big lawsuit is afoot.
This post is provided without warranty as to reliability, accuracy or otherwise or fitness for any particular purpose.
Yes, exactly.
Your kind of thinking is exactly why the software security business routinely finds itself mystified by the behavior of ordinary people. It's not that those people are dumb. It's that some geeks end up with a wildly distorted view of risk. Let's review the risks here:
I'd still happily log into Facebook from a coffee shop post-Firesheep because frankly, the chances of me encountering some bizarre creep is very low. If they do steal my session cookie and I notice they are tampering with my account, I can solve this problem by logging out, leaving, and logging back in again somewhere else.
you're joking right? how do you think all the interior cameras get in side the house?
they contact the family, sign a contract to get permission to break in and pay for damages etc., and then set up cameras.
I do this too. x2 if you have a convertible. Replacing a top is hardly a cheap or easy job B-)
I will be honest with you, that is one huge paragraph that I did not read (too long, sorry), but I will go based off of you having No they don't care.
It is something I learned from non computer saavy people. They just want it to work. They don't care about anything after that. If it breaks, oh well, they have a friend that is good with computers that can fix it while they sit there not paying any attention to the fact that they got hacked.
I know if that personally happened to me, the first thing I would do is standup and look around. Why? Chances are the person is in starbucks with you, so you look for the person that notices you standing up. Just start shouting at the guy. Honestly, what are the chances it is some big burly guy? If you look really mad, hopefully they will get all scared.
If not, well, hopefully you are a good runner.
If the person whose pc I am fixing is willing to learn what I am doing to their pc, I fix it. I seriously stopped fixing my friends and family's pc's unless they agreed that they would be willing to learn what I was doing.
Hey, that is how I learned. If you refuse to learn about the machine you are using, when it hurts you, then there will not be much you can do.
You know that they make forklift drivers get certified, right?
The world is how you make it
Your kind of thinking is exactly why the software security business routinely finds itself mystified by the behavior of ordinary people. It's not that those people are dumb. It's that some geeks end up with a wildly distorted view of risk.
In my case, that 'distortion' is the application of automation. Yeah, today very few people are side-jacking facebook. But I can remember when phishing, 411-scams, and even spam were all so rare that those didn't pose a significant risk either. But all of those, and pretty much every significant risk on the net, became problematic due to the application of automation. Side-jacking facebook is ripe for similar automation. And don't think for a second that attacks that are automated will be so blatant that you can easily notice tampering with your account -- that would defeat the purpose of malicious side-jacking in the first place.
When information is power, privacy is freedom.
So you think it's easier for criminal gangs to build and deploy thousands of small, hard to discover automatic wifi sniffers/repeaters all across the country than to simply infect computers with malware? Anything valuable is already SSL protected so that scheme would be very expensive, labor intensive, easy to discover, dangerous for the criminals and useless against high value targets like banks or gmail accounts.
formatting aside:
Great job. that pretty well sums the majority of the people I know.
the remainder: are having an affair/stealing money/doing something they shouldn't and keep hearing "people can get information about you!" in the news.
Firesheep does Amazon too. Let the wrong person on your Amazon account and you might be in for a surprise when your credit card statement arrives.
Give me Classic Slashdot or give me death!
FB requires your current password to change your password.
And goatse harms people otherwise uninvolved.
I gave Firesheep a try today, and am surprised how many times my own cookies come up inside it without me directly visiting those sites. My google account came up without me browsing at all -- perhaps one of my firefox add-ons was using it, or maybe google latitude on my phone was triggering it? My facebook account came up when browsing other non-facebook sites as well, most likely from facebook connect. The users could have stopped visiting facebook after getting his warning messages and still had their cookies exposed.
Your statement is stupid. Who is going to pay the deductable if there was no damage to the vehicle and there was nothing of value in the vehicle?
Insurance companies need not be involved. Why should they? Over the crackhead change in your centre console?
As a potential lottery winner, I totally support tax cuts for the wealthy
Tho one could question why Amazon should keep a copy of the credit card info at all.
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
But not to delete it!
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
...vs buying service from a VPN provider.
Ummm...how many people reading this article actually bought VPN service from someone else? I run OpenVPN or Tunnelblick on my laptops and VPN home. Even the least tech-savvy geek on /. should be able to at least port-forward through SSH. (If you can't please turn in your geek card now.)
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?
Generally speaking, it's not cost-effective to carry comprehensive insurance on a vehicle more than two or three years old. Consequently, I only carry liability insurance on my vehicle.
But even if it were prudent for me to carry comprehensive insurance, whatever contents of the car that might get stolen would almost certainly be lower than the deductible while the price of replacing a broken window will almost certainly be higher than the deductible.
For example I set up my sisters computer with a firewall, anti-virus, anti-malware software and installed FireFox.
What happened?
My sister and her husband got sick of the question popping up all the time, "Do you want to allow this program to access the internet?" and instead of reading and the checking the box "Do this always" they found it easier to turn off the firewall and the anti-virus (more stupid questions they didn't bother to read). And to top it up, they thought IE was more familiar and started (against my strong advice) using it again.
But they didn't have to be the one spending 20h+ trying to rescue what was left after 50+ different virus and adware fighting over the control of the computer.
It's the same with getting their account hacked, it not their problem (they think), it's mine.
If people would handle their cars the same way they handle their computer the car industries wouldn't have any problem with sales today...
And if people handled strangers the same IRL that they handle them on the Internet we would have everyone giving away their keys to their house if a stranger asked for it (of just give it to them without them asking...).
I will never understand why people feel so safe on Internet.
The funny thing is I bet if he'd put "You're at the [XYZ Street] Starbucks on an insecure connection, and absolutely anyone here can access your account with the right (free) tool." followed by a nice image implying "Click here to install a tool to protect yourself", a very good percentage of them would have clicked it!.
Back when I was a student in college, we were using DEC VAX/VMS systems to provide service to the campus network.
I loved the help menu. It was VERY useful to do all sorts of things, such as creating your LOGIN.COM file. With the LOGIN.COM file, you could set your command prompt, establish which home directory to use, create macros to start batch jobs...you name it.
Occasionally, we'd come across someone who forgot to log out of their session, and just left ms-kermit running on their terminal.
If it was the first time, we'd telnet into their mail client and send them an email from themselves, warning them to be more careful. If it was the second time, we had a bit more fun.
Such as setting their home directory ATTRIB *.* +H
The best was when we edited their LOGIN.COM file, so that whenever they tried to execute *any* commands, it would send a pmail to the sysadmin saying, "I'm an idiot who left his account open, and I need an adult to fix it for me, please?"
Not surprisingly, the sysadmin WAS amused by this, and had great fun exacerbating the torture. It was a different era, when sysadmins had PhD's and a sense of humor.
Fond memories...
[End Of Line]
My favorite coffee shop has RJ45 ports at the tables on a switched network.
Still sniffable, obviously, but at least not passively: One must do some amount of ARP poisoning or MAC overflow in order to get much meaningful data.
Kid-proof tablet..
Clearly, the people in the article have blocked Facebook messages from themselves. I've done this myself, in fact. It's the only way to keep the dozens of warnings I receive every day about how insecure Facebook is from clogging my inbox.
A lot of people might, dumbass. Where I live, I can't get more than 1 meg up for home service (under $70/mo), so using my home connection as a general purpose VPN forwarding point would suck ass on many sites.
Also, since the issue here is about the Facebook population... the intersection of Facebook users and SSH port forward capable people is probably a very small percentage of Facebook users.
Luckily I don't have a geek card to turn in, and if I was forced to have one I would gladly turn it in, since the more self-identified geeks and hackers I meet in recent times, the more I come to the conclusion they're mostly idiots at this point. Ever since "geek" became some kind of shibboleth, it's been all down hill.
Fuck being a geek. There is no virtue in being capable in one area to the detriment at all others. It is indeed possible to dedicate one's brain to both number theory and cryptographic fundamentals, and still be able to solve simple cost-benefit problems.
Would no the option of not using Firefox with Firesheep enabled remove the security issue that goes along with wifi browsing? I dropped Firefox about a year ago because it was too slow, too much baggage, I run the Chromium browser or Google Chrome browser almost exclusively. Haven't heard aof any such vulnerabilities with wifi or otherwise there ??
Comments ?
Clive DaSilva Email: clive.dasilva@gmail.com Ubuntu 18.10 Kernel 4.18
Your online accounts are not like a car.
You can't very easily "empty" your online accounts.
Once someone breaks in, they can do things with your account without having to do any further "hotwiring".
Simply accessing the account through "hijacking" a session doesn't break anything that needs to be repaired after the fact, so leaving your account vulnerable to hijacking doesn't save you anything.
You might find the utility of open wifi to be worth the risk that your transmissions can be intercepted, read, and your accounts hijacked. But if it starts happening, like, more than once, most likely you'll change your mind quickly.
We really need a wifi protocol that allows open yet private access via encrypted tunnel. We *really* need to get off http and do *everything* over https. We *REALLY* need to fix the terrible mess that is SSL certificate authority based trust.
You see? You see? Your stupid minds! Stupid! Stupid!
So you think it's easier for criminal gangs to build and deploy thousands of small, hard to discover automatic wifi sniffers/repeaters all across the country than to simply infect computers with malware?
(A) Mischaracterization
No need to "build and deploy" a bunch of fancy shit - all its takes is for individual petty thieves with cheap laptops to spend an hour or so at each of the hotspots around their neighbourhoods each week. Small time scammers work for small time profits all the time. Just look at how frequently credit card theft is committed by low-paid clerks and shoulder surfers. Sniffing wifi is a hell of a lot less risky than either of those.
(B) False Dichotomy
Just because one means of attack is available doesn't preclude entirely different people from attacking via another avenue.
When information is power, privacy is freedom.
Why do you need hardware when all the hardware is already out there? A sidejacking worm will do the trick:
Deface people's facebook pages to convince them to download the worm. Worm runs locally, quietly sidejacks other people's facebook pages and defaces them. Cycle continues and sidejack worm spreads through all the coffee shops in the country, stealing personal information and credit card numbers as it goes.
Honestly, the BEST thing you could have done for them would have been to deface their accounts, disclosing that they were warned in advance but "too stupid" to take the threat seriously.
No, that's the worst thing anyone could have done. Trying to "educate" random strangers by defacing their property and interfering with their lives reeks of arrogance. Why do you think you know what's best for other people better than they do, and what gives you the right to force your opinion on them?
If you deface their accounts and they lose their jobs because of it, I doubt they'll be very thankful.
*Switched* network. Read smarter, not harder.
Well, they offer to keep it. If you decline that offer and they still keep it, then there's a problem. But if they're keeping it because you asked them to to make your purchases more convenient, then, no, you may not question why they're keeping a copy of your credit card info. You would already know that they need to keep that info in order to keep the info.
Can you be Even More Awesome?!
One click shopping (tm) :)
DNA in your Linux: DNALinux
The hacker runs Firefox with the Firesheep extension, not you.
It doesn't matter what you run, you're still vulnerable if you're sending cookies in the clear.
I'm confused.
Wouldn't just logging in to https.facebook.com and log on from there solve the problem?
Sig Battery depleted. Reverting to safe mode.
I just checked, and they held two sets of card data for me while i don't recall ever saying yes to them doing so...
comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
Yeah, why not just sit in the coffee house running FireShepard instead? ;-P
Again, why do we make such exceptions when it comes to technology? If you show ignorance and stupidity in caring for your home, children, pets, automobile, home appliances, or other things the world is happy to apply those labels to you. Show the same lack of interest, attention, effort, and common sense toward technology and you're not stupid or ignorant. You're just "weighing your options and risks".
You would have difficulty with your insurance coverage if your house was robbed and they discovered that you didn't lock your doors and windows. Or even left them wide open. You are forced to maintain insurance on a variety of things (car, home, health) so that you don't impact other people for your own risk assessments. But when it comes to technology, we permit this "aw, shucks" mentality. Even though identity theft of various types and degrees carry just as much damage to people well beyond just the direct "victim".
Also, there is absolutely no viable analogy between protecting your network and "if I lock my door, they'll just break the window".
By the way, what are these "costs" that you're talking about? Every wifi router in the last decade allows some type of WPA/WEP/whatever encryption. There is no cost involved in setting up WPA/WEP and then putting a sign up in your cafe that says "THE WIFI PASSWORD IS 'P@SSWORD'". Problem solved. Are you really suggesting there is any cost/benefit comparison that would find that trivial action too costly for the return?
No, the easiest and cheapest solution (almost stupidly so) is to set WPA/WEP on your access point and then post the network password on the wall of your business. The effort and cost involved is that of minutes and pennies and the reward (both in good will toward your customers and actual security) is nearly infinite in comparison.
Right, and there's fewer than 100 people killed in the US by lightning strikes, so it must not be that big a deal to walk around outside in a thunderstorm?
Obligatory XKCD.
It's the same logic of anyone else in any other environment and ignoring network security is just as stupid as ignoring all other types of security.
Go ahead and play the odds. Until the day that it bites you in the ass. I figured my lojak was a waste of money, because it's not like my car was ever going to be stolen. Especially considering where I live. Until it was stolen and it was returned a few hours later, when it was located by our police department via the lojak system.
And then the time my apartment was robbed of about $30,000 worth of items. Hey, what are the odds? There are tens of thousands of people in this city, so the odds of a bad guy being in my area and focusing on my dwelling and actually going through it is so tiny! Except when it actually happens.
Protecting your local network from something like firesheep is trivial. Will it protect everything from end to end? Of course not. Logging into sites via HTTP/plaintext will still leave you exposed at some point of the transaction, but you can at least protect yourself on your own local network. You don't need "VPN" and you don't need expensive or difficult to configure applications and utilities. You need three minutes. That's it. You are not weighing unlikely security violation versus hundreds or thousands of dollars of equipment and labor. You're weighing security against three minutes of your time to protect it. That's it.
You protect your network for the same reason you don't operate your computer directly plugged into the internet, with no form of firewall between the two of you so that you are exposed to bots and trojans and viruses of all types. It's trivial to protect against, so we protect against it.
What we NEED to do is stop excusing people's laziness and lack of interest, because it's "technology" and therefore we are just "elitists" for calling ignorant people ignorant and advising them to take precautions. Reminds me of all those idiots who got themselves into mortgage problems. Well, gosh, I couldn't be expected to make any effort to understand things for myself! I just do stuff and hope that the statistics are always in my favor!
How exactly VPN can help there? You're still passing unencrypted data to Facebook.
I was going to answer your question, but you already did:
All the gain is that it's less likely than someone listens to the traffic between the VPN provider and Facebook compared to the unpalatable liquid venue you're in.
*Less likely* is the key. That's how a VPN helps. Security nerds seem to think you have to be 100% secure (conveniently ignoring the fact that 100% security is impossible) or you're not secure at all. That's a good mindset for finding security holes, but it's a horrible mindset for worrying about one's own personal security. In the real world, you do what you can to reasonably reduce your risks and take your chances.
It's at least a little ironic that you don't think VPNs go far enough. To me, such a solution is extremely overboard. What average person is going to set up a VPN? Might as well suggest they drive to Facebook HQ and post directly from there.
No. Firesheep hijacks/copies sessions.
After logging in on https facebook redirects you to http, firesheep gets your session. pwned.
The risk is actually very low until stuff like firesheep becomes common enough amongst wifi cafe users (whether via malware or pranksters).
Currently you're more likely to lose your entire laptop to a thief at a cafe.
A WEP or PSK-WPA password is going to do absolutely nothing to prevent a malicious individual from sniffing network traffic at a wifi hotspot. By friggin definition of there being a SINGLE PRE-SHARED KEY, the malicious individual can automatically decrypt the traffic. Sweet Jesus.
Please contact slashdot admin to have your account closed.
Ah, I see. Didn't actually get that far since I have no use for Facebook.
Why would they redirect insecure? SSL takes very little additional resources once your session key is established?
Seems they could solve this if the weren't so cheap.
Sig Battery depleted. Reverting to safe mode.
When real crimes happen like a break in, you'll be lucky if the cops show up in a few hours or even at all. Good luck explaining that someone else logged into your facebook account. Now if they heard you had an ounce of weed then its a different story...
Only the State obtains its revenue by coercion. - Murray Rothbard
This is exactly why I use an anonymous VPN service [1]. As one goes up the food chain to the core fiber links which route the core Internet traffic, the fewer people have access to the traffic and/or logging capability. To boot, if they have logging capability at the core, they would have it at the edges. There are a *lot* fewer people that have access from the core router to Facebook's page than have access (either with admin access, or are on the same subnet and can sniff/change stuff in transit.)
Essentially all someone can do with my network traffic between the endpoint connection and to my VM is drop packets and deny service. If someone is able to intercept/modify traffic going from the VPS to FB, then not just myself, but a lot of people, have very big problems on their hands.
I highly recommend people use a VPS, or if the bandwidth needs are not that high, to consider a VPS (like linode). This not just keeps people from sniffing/intercepting/modifying your traffic, but gets rid of the geotagging ad "services" which love to slurp up where people physically are. It is only a matter of time before crooks use this to find when someone is out of town to time home invasions and/or break-ins.
[1]: There are a lot of anonymous VPN services, with a lot of smoke generated about which ones "log" and which ones don't. It would be nice to get a straight answer on this, but until then, I tend to stay with what the other business users use to secure their traffic.
I didn't say they would be thankful. I said they would take personal security seriously. They either aren't bright enough or concerned enough to take a direct and courteous warning seriously. Most people DON'T take warnings seriously, until it bites them in the ass.
The problem being, people who really want to bite them in the ass aren't going to deface them. They are going to harvest information from them and use if for their own malicious ends. At worst, they can use the information to physically stalk, maybe even murder these people in real life.
I am saying pull some reversible mischief before someone does something serious. The only people who might lose their jobs over a hacked Facebook account would be those who work in tech security and should have know better. The odds of that are slim though.
What is it, if not "arrogance" that makes a person fail to take appropriate action for themselves? If someone tells you your shoe is untied, do you say thanks or just ignore them because tying your shoe is too much hassle unless you are tripping on it?
I'd still happily log into Facebook from a coffee shop post-Firesheep because frankly, the chances of me encountering some bizarre creep is very low. If they do steal my session cookie and I notice they are tampering with my account, I can solve this problem by logging out, leaving, and logging back in again somewhere else.
One of the articles about FireSheep discussed the fact that not all websites handle the logout properly on the server side.
So FIY, logging off and finding another AP may not kill their session.
[Fuck Beta]
o0t!
Maybe you should RTFA.
This guy took the non-dick approach. He got into their accounts and sent them messages from themselves saying how he did it and how to protect themselves. He even sent a followup after a while saying "I was serious". They still didn't care. I am saying, the warning should not be private/ignorable, after that.
If you want to call it bullying, so be it. But this is the equivalent of a bully saying "I am going to beat you up behind the school after class." and then you actually show up behind the school for him to do it. He may be the bully, but your still the idiot.
You're advocating a false sense of security. Please stop, before someone unwittingly follows your technical advice.
And people here wonder complain about the stereotype "geek" are always portrayed as socially inept to point of almost being sick. Unfortunately, that part of the stereotype fits this blogger perfectly.
What would you think if you encounter these incidents:-
I guess it will be a BIG revelation to the author of TFA when (if?) he realize that a LOT of things in our life is not secured by technical means, but rather social norms. Girls don't wear steel skirts to avoid people lifting it, social norms dictate that people don't do it (although some would still do it). Girls don't always wear pants to keep people from peeking underskirt, and most people don't. People talking on mobile phone don't carry white noise devices to block people eavesdropping, and yet most of the time nobody will eavesdropping on your phone conversations.
Similarly, people using public networks except human decency to prevent those with technical means to eavesdropping or hijack their Facebook traffic (their banking traffic, however, is another story). I guess having human decency is too much to expect from this blogger.
Congratulations on showing your technical powers to the ignorant masses, those people will go on their lives knowing they just encountered a stupid jerk that is not worth the time to respond to.
P.S. I write programs for a living and I am ashamed to be working in the same field as that blogger. I hope more people would understand not all programmers are sick like that.
Forced SSL doesn't even work for Google, Twitter, and Facebook and probably most other sites even if they support SSL. That's because the javascript on those pages will opt to transmit authentication cookies in the clear. http://www.digitalsociety.org/2010/10/even-forced-ssl-is-broken-for-facebook-google-twitter/
Small time scammers work for small time profits all the time.
So what value exactly would a small time crook get out of hacking random facebook accounts? The likelihood of him finding monetizable information in a random account would be quite low.
Really, unless deployed large-scale, this is mostly useful for mischief rather than rip-off.
So what value exactly would a small time crook get out of hacking random facebook accounts? The likelihood of him finding monetizable information in a random account would be quite low.
(A) Major failure of imagination.
Apologies for having to reach out to you like this,this had to come in a hurry .my bags, cash , .I just don't have enough money to get back home,I can't ,would appreciate whatever you can put in.) Promise to refund you as soon .please let me know if this is okay with you so i can forward the
due to the urgency of the situation.
Presently,I'm stuck in England and need help getting home.I made a trip this
past weekend to London, UK and unfortunately, I was robbed
cards and cell phones were taken at gunpoint. It was a terrible
experience.right now i need help getting back home , i've been to the embassy
and the Police here but they're not helping issues at all,the good thing is I
still have my passport
have access to funds without my credit card, I've made contact with my bank but
they need more time to come up with a new one. I was wondering if you could help
with a quick loan that I can give back as soon as I get in.All i really need is
$1,250
as i get back home in a couple of days. you can have it wired to me via Western
Union
necessary wiring details.
waiting to hear from you
Bob
When information is power, privacy is freedom.
And after that, go back into your Mom's basement, erm, I mean the Bat Cave, and feel all smug about the ten kinds of awesome that you are.
I question the intelligence of those who do not take appropriate steps to safeguard their personal information. I have *NO* doubts, however, about the intelligence of someone who would commit almost 50 violations of the Electronic Communications Privacy Act (each one of those violations a felony) and then blog about it.
Laws affecting technology will always be bad until enough techies become lawyers.
Don't forget to add the VPN provider (and all of its employees) to your threat model.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
I was awesome way before that. KEE KEE!
So many goody two-shoes following up on this... except none have you dimwits have been bright enough to suggest another way of actually getting these people to take threats seriously. Half assed wanna-be good samaritans, with no conviction to follow through. Go Slashdotter, go!
I guess the HTTP request FireShepherd sends is meant to exploit some bug in FireSheep to cause it to crash. That should be fun...for about 5 seconds, until the flaw is fixed in Firesheep, or it's just modified to recognize and ignore FireShepherd's HTTP request of death.
But looking at the code gave me another idea. Why not send out tons of random fake requests to the sites FireSheep hijacks cookies for, "poisoning the well" of hijackable cookies? Should at least make things more difficult for the nasty cookie-jackers...
"When information is power, privacy is freedom" - Jah-Wren Ryel
> I was awesome way before that. KEE KEE!
Obviously.
> except none have you dimwits have been bright enough to suggest another way of actually getting these people to take threats seriously
0) s/have/of/ :)
1) dimwits? Why, thank you
2) As evidenced by the story author, his approach does not always work. For some, it will never work so your escalation will fail for those.
3) Why do I have to present another way? Pointing out that this approach is immature does not require me to dance around a tree. So why should I be required to fix your problem for you?
4) Your suggestion is illegal.
> Half assed wanna-be good samaritans, with no conviction to follow through.
If you do what you proposed, your own conviction might be of a kind you won't like.
Though that might be the solution to the virgin-in-a-basement situation. But then, it will most likely be of a kind you won't like.
Why? They are free to choose. They chose.
Not if I beat the crap out of him.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Things like the stereo, etc. are generally covered by the auto insurer. WIth one exception (I left my backpack full of textbooks in my car overnight and it was stolen) most of the time when someone has broken into my car it was to steal the stereo, etc.
But, yes, were I to store personal possessions in my vehicle, that would be something to take up with my homeowner's insurer