[Air-L] The end is nigh
plandweh at cs.cmu.edu
Thu Oct 28 08:00:43 PDT 2010
Hey all - just going to point out this article,which mentions two
other firefox plugins that can be used to prevent yourself from being
firesheep'd. The war continues...
On Thu, Oct 28, 2010 at 6:31 AM, jeremy hunsinger <jhuns at vt.edu> wrote:
> while hardware level encryption would be nice... and it could in theory solve this problem... using it as a solution is sort of like... 'oh the water is polluted, let's route it through a sealed viaduct' solution. Sure, it works, but it doesn't address the cause, which is poor session management in browsers and other tools. This is a software problem at its base. you could have the same problem with a multi-link serial network, you could have the same problem on an ethernet network, or basically any broadcast level network with multidimensional routing. making the network itself stronger so people can't get on it, is one option, but as i said it doesn't address the direct problem which is that two computers which are trusting each other, are not using sufficient credentials to establish and maintain that trust. a session is basically a system of trust, one computer trusts the other computer to be what it says. also keep in mind that... you could always watch people'
> s open traffic and insert date into open streams, so the question is whether or not this is new or whether the system is actually broken at all. some of you may remember i demonstrated logs and insertions back at ir 2.0 as part of my 'scare the living daylights out of you over internet security' talk. this tool just makes that talk easier it seems.
> The Air-L at listserv.aoir.org mailing list
> is provided by the Association of Internet Researchers http://aoir.org
> Subscribe, change options or unsubscribe at: http://listserv.aoir.org/listinfo.cgi/air-l-aoir.org
> Join the Association of Internet Researchers:
More information about the Air-L