[Air-L] The end is nigh

live human.factor.one at gmail.com
Wed Oct 27 19:31:03 PDT 2010


I'm slightly tongue in cheek with that subject line, however something  
has come to pass this week which may change everything.
So for many years, security for typical online users has only been a  
passing thought, if a thought at all - so many users use the web via  
non end-to-end encrypted http.

This week at Toorcon 12 (hacker conference), a developer Eric Butler  
release a Firefox add-on called Firesheep that has put many major site  
engineers in a tizzy.
Using this quick, easy add-on a user can easily hijack the  
authenticated Facebook sessions of people sharing the same wi-fi  
network. Or any site's session, not just Facebook, if it's  
unencrypted. Basically, you can control another users Facebook account  
if they are logged into Facebook on the same wifi network as yourself.  
Or you can Twitter as them. Or be on Amazon or Google. All by  
downloading this little plug-in. Think your information's safe at the  
airport, using their wifi network? Think again.
I've downloaded the plug-in and know that it works.

So, my interest leads to these kinds of questions: how is this going  
to change our society's view on security? It only takes one incident  
in the news - say a tragic event befalls someone who had a stalker -  
before the lawsuits begin flying and no amount of tight legal EULA  
will stop this digital economy from slowing way down. Will Mom and Pop  
Wilson get to understand what an encrypted http is? Are we growing up  
in our society's education & understanding of technology?

Would love some feedback on these thoughts.
Firesheep can be found here: http://codebutler.com/firesheep

Cheers,
@SharonG



[Non-traditional undergraduate student still looking for an  
Anthropology or  Experimental, Applied, or Social Psychology graduate  
program to call home. Suggestions welcome.]



More information about the Air-L mailing list