Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firesheep Author Reflects On Wild Week

Posted by Soulskill on from the don't-be-baa-aad dept.

alphadogg writes "Firesheep, the Mozilla Firefox add-on released about a week ago that lets you spot users on open networks visiting unsecured websites, has given creator Eric Butler more than his 15 minutes of fame. More than 542,000 downloads later, Firesheep has thrown Butler into the middle of heated discussions regarding everything from the ethics of releasing the code to the legality of using it to the need for website vendors to clean up their security acts. Butler, who describes himself as a freelance Web application and software developer, reflects on the past week's happenings in a new blog post that reads in part: 'I've received hundreds of messages from people who are extremely happy that the issue of website security is receiving attention. Some, however, have questioned if Firesheep is legal to use. I'd like to be clear about this: It is nobody's business telling you what software you can or cannot run on your own computer. Like any tool, Firesheep can be used for many things. In addition to raising awareness, it has already proven very useful for people who want to test their own security as well as the security of their (consenting) friends. A much more appropriate question is: "Is it legal to access someone else's accounts without their permission."'"

3 of 229 comments (clear)

  1. I'd like to use a more IT related version... by Anonymous Coward · · Score: 5, Interesting

    It is more like saying "If someone is unknowingly using software with security holes, you are allowed to spy on them". Actually, it is exactly like saying that.

    At least in my country we have laws regarding privacy and secrecy of correspondency. If the mailman accidentally brings me my neighbor's post, it is illegal for me to read them. Yes, it might be impossible to catch me but it would still be illegal and unethical. Similarly, I am not allowed to spy on communication someone intends to be private and personal, even if they're unknowingly using software with security holes. Nor should I be.

    Some people argue that we shouldn't outlaw anything that we can't effectively monitor (IE: We shouldn't outlaw this because we couldn't catch most of the people doing this anyways). I understand their point but I respectfully disagree.

  2. This isn't about manufacturers by rsborg · · Score: 3, Interesting

    This is about public/paid wifi hotspot operators and the whole business model of offering open wifi.

    I have yet to see any major hotspot provider that secures their access, although in theory it would be possible, most don't do it because noone feels unsafe yet.

    Firesheep may change that.

    --
    Make sure everyone's vote counts: Verified Voting
  3. Re:While I sorta agree with what the guy is saying by Anonymous Coward · · Score: 4, Interesting

    A lot of people may not remember but MS tried to blame the "tools" back when the first MS TCP exploits started showing up in the mid 90's. Remebver winnuke.c in 1997? You could send OOB data packets from Linux and Samba (and eventually from other Windows machines) to Windows machines which would kill any Windows machine instantly. MS played this off as rogue software that is doing things that it shouldn't as the real problem, not their faulty TCP stack that handled it poorly. Even news releases were worded that way blaming others for the problem. They did release a patch over a month later. Remember Land and Teardrop? MS had the same response then as well. Although Linux and several others were affected by that too but the owners took responsibility for it and fixed it without blaming it on the boogy man.