Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How can we protect ourselves and our data from Firesheep

Are you worried about the implications of Firesheep?

  • Yes I am

    Votes: 14 48.3%

  • No I am not

    Votes: 15 51.7%
  • Total voters
    29
D

DYER

macrumors 6502
Original poster
Oct 4, 2008
371
36
London, UK
Ok everyone, we all know that if we use unsecured wireless networks we now have an issue as any old idiot can use firesheep and wreak havoc with our information.
So what I would like to know is what is the best way of countering this?
I know of the Firefox plugin that can be used but to be honest I really don't like the idea of moving to firefox.

Can anyone think of any other ways to block firesheep - or any similar application from stealing our data?

I have been thinking long and hard and haven't come up with an answer.
Yes I agree not using an unsecured network would be a good start yet sometimes this is unavoidable and as part of my job requires me to use Twitter it could present quite an issue.

So everyone. Any ideas?
 
rprebel said:
HTTPS Everywhere? I haven't used it, so I could be wrong, but it looks like it does kind of the same thing.

https://www.eff.org/https-everywhere

EDIT: I just noticed where it says "Firefox plugin" on the https everywhere page. Oops.
EDIT: Just use https instead of http. Bookmark https://twitter.com and you should be set.
Click to expand...

Sorry to sound like an idiot, but is it seriously that simple???
I just noticed that is all one of the plug ins do and I have to say thank you very much indeed :)

Greatly appreciate it. Can't believe how simple that is tbh :)
 
There is a Safari extension called Twitter SSL. I do not know how well it works.
 
miles01110 said:
...don't use unsecured networks? Duh?
Click to expand...

Exactly. You have to show extra caution when using a public wifi connection. I'd never check my bank credentials on someone elses connection. If I needed to I would work on doing a SSH connection through a proxy or using my work VPN connection.

Firesheep definitely isn't the only way to do this type of activity. I have a few apps that can be used in this manner. They are network utilities and they work at a very basic level that you can't really block. Using en encrypted connection is the only way to keep you safe in these situations. The LifeHacker article on Firesheep has links at the bottom for methods to keep you safer on public wireless.
 
The danger of Firesheep (and any packet sniffer) is that it can sniff packets much easier on unsecured networks as opposed to WEP/WPA networks. Arp poisoning/MITM is not required for it to work well enough to be dangerous so the only solution is SSL. With MITM attacks, the SSL digital certificate can be spoofed so I use Mocha to detect Arp poisoning. Arp poisoning/MITM do effectively work on WEP/WPA (this includes WPA2).
 
Last edited:
DYER said:
As I said above, it is not always a viable option.
Click to expand...

Why not? If it is for work, they should supply you with a reliable secure way of getting onto the internet if it is required. Thus if you are moving, traveling from client to client, they should issue you a "MiFi" or compatible device. It is very bad corporate practice to assume, or even allow, employees to use unsecured networks for business transactions.
 
CylonGlitch said:
Why not? If it is for work, they should supply you with a reliable secure way of getting onto the internet if it is required. Thus if you are moving, traveling from client to client, they should issue you a "MiFi" or compatible device. It is very bad corporate practice to assume, or even allow, employees to use unsecured networks for business transactions.
Click to expand...

Well I do use a 3G card but its bloody unreliable so try and use cafe's on a regular basis. TBH its not a huge company in fact its quite small so I guess we are not working on the scale of many big US companies.
But my issue has been sorted anyway as e-mails and so on are on my BB anyways and all i do is tweet and check no sensitive web pages. I was just worried about the twitter stream being hacked.
 
DYER said:
As I said above, it is not always a viable option.
Click to expand...

If you are doing business over an unsecured wireless network and your company is allowing it, I don't know how I'd feel about doing business with your company. The privacy and legal implications from such a practice are quite significant.

"It's not always a viable option" - do you work primarily in a coffee shop or an airport?
 
miles01110 said:
If you are doing business over an unsecured wireless network and your company is allowing it, I don't know how I'd feel about doing business with your company. The privacy and legal implications from such a practice are quite significant.

"It's not always a viable option" - do you work primarily in a coffee shop or an airport?
Click to expand...

Many of us running single person consulting companies, in fact, do much of our work in Starbucks, etc.
 
miles01110 said:
...don't use unsecured networks? Duh?
Click to expand...

Not when you're dealing with personal, or sensitive info. I avoid unsecured networks when there's alternatives and even then if I'm on one, I don't do anything that involves my personal data.
 
To default to the https versions of many popular websites (twitter, facebook, etc), use the https version of the DuckDuckGo search engine. The https version of DuckDuckGo will direct you to the https pages for many popular websites that require login.

https://duckduckgo.com/. This is an overview of how it works.

At DuckDuckGo, our encrypted version goes even further and automatically changes links from a number of major Web sites to point to the encrypted versions of those sites. It is modeled after (and uses code from) the HTTPS Everywhere FireFox add-on. These sites include Wikipedia, Facebook, Twitter, and Amazon to name a few.
Click to expand...

DuckDuckGo also does not track you like the Google search engine.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back