How can we protect ourselves and our data from Firesheep

Discussion in 'Mac Apps and Mac App Store' started by DYER, Oct 25, 2010.

?

Are you worried about the implications of Firesheep?

  1. Yes I am

    14 vote(s)
    48.3%
  2. No I am not

    15 vote(s)
    51.7%
  1. DYER macrumors 6502

    Joined:
    Oct 4, 2008
    Location:
    London, UK
    #1
    Ok everyone, we all know that if we use unsecured wireless networks we now have an issue as any old idiot can use firesheep and wreak havoc with our information.
    So what I would like to know is what is the best way of countering this?
    I know of the Firefox plugin that can be used but to be honest I really don't like the idea of moving to firefox.

    Can anyone think of any other ways to block firesheep - or any similar application from stealing our data?

    I have been thinking long and hard and haven't come up with an answer.
    Yes I agree not using an unsecured network would be a good start yet sometimes this is unavoidable and as part of my job requires me to use Twitter it could present quite an issue.

    So everyone. Any ideas?
     
  2. rprebel macrumors 6502

    rprebel

    Joined:
    Aug 22, 2010
    Location:
    Where the bluebonnets bloom
    #2
    HTTPS Everywhere? I haven't used it, so I could be wrong, but it looks like it does kind of the same thing.

    https://www.eff.org/https-everywhere

    EDIT: I just noticed where it says "Firefox plugin" on the https everywhere page. Oops.
    EDIT: Just use https instead of http. Bookmark https://twitter.com and you should be set.
     
  3. DYER thread starter macrumors 6502

    Joined:
    Oct 4, 2008
    Location:
    London, UK
    #3
    Sorry to sound like an idiot, but is it seriously that simple???
    I just noticed that is all one of the plug ins do and I have to say thank you very much indeed :)

    Greatly appreciate it. Can't believe how simple that is tbh :)
     
  4. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #4
    There is a Safari extension called Twitter SSL. I do not know how well it works.
     
  5. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #5
    ...don't use unsecured networks? Duh?
     
  6. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #6
    Exactly. You have to show extra caution when using a public wifi connection. I'd never check my bank credentials on someone elses connection. If I needed to I would work on doing a SSH connection through a proxy or using my work VPN connection.

    Firesheep definitely isn't the only way to do this type of activity. I have a few apps that can be used in this manner. They are network utilities and they work at a very basic level that you can't really block. Using en encrypted connection is the only way to keep you safe in these situations. The LifeHacker article on Firesheep has links at the bottom for methods to keep you safer on public wireless.
     
  7. mulo macrumors 68020

    mulo

    Joined:
    Aug 22, 2010
    Location:
    Behind you
  8. munkery, Oct 25, 2010
    Last edited: Nov 13, 2010

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #8
    The danger of Firesheep (and any packet sniffer) is that it can sniff packets much easier on unsecured networks as opposed to WEP/WPA networks. Arp poisoning/MITM is not required for it to work well enough to be dangerous so the only solution is SSL. With MITM attacks, the SSL digital certificate can be spoofed so I use Mocha to detect Arp poisoning. Arp poisoning/MITM do effectively work on WEP/WPA (this includes WPA2).
     
  9. DYER thread starter macrumors 6502

    Joined:
    Oct 4, 2008
    Location:
    London, UK
    #9
    As I said above, it is not always a viable option.
     
  10. CylonGlitch macrumors 68030

    CylonGlitch

    Joined:
    Jul 7, 2009
    Location:
    SoCal
    #10
    Why not? If it is for work, they should supply you with a reliable secure way of getting onto the internet if it is required. Thus if you are moving, traveling from client to client, they should issue you a "MiFi" or compatible device. It is very bad corporate practice to assume, or even allow, employees to use unsecured networks for business transactions.
     
  11. DYER thread starter macrumors 6502

    Joined:
    Oct 4, 2008
    Location:
    London, UK
    #11
    Well I do use a 3G card but its bloody unreliable so try and use cafe's on a regular basis. TBH its not a huge company in fact its quite small so I guess we are not working on the scale of many big US companies.
    But my issue has been sorted anyway as e-mails and so on are on my BB anyways and all i do is tweet and check no sensitive web pages. I was just worried about the twitter stream being hacked.
     
  12. benhollberg macrumors 68020

    benhollberg

    Joined:
    Mar 8, 2010
    #12
    Won't work on my university's secure network but works on the unsecure which nobody uses.
     
  13. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #13
    If you are doing business over an unsecured wireless network and your company is allowing it, I don't know how I'd feel about doing business with your company. The privacy and legal implications from such a practice are quite significant.

    "It's not always a viable option" - do you work primarily in a coffee shop or an airport?
     
  14. colourfastt macrumors 6502a

    colourfastt

    Joined:
    Apr 7, 2009
    #14
    Many of us running single person consulting companies, in fact, do much of our work in Starbucks, etc.
     
  15. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #15
    The fact that you are a single-person consulting company doesn't necessitate doing business over an unsecured connection, unless I'm missing something?
     
  16. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #16
    Not when you're dealing with personal, or sensitive info. I avoid unsecured networks when there's alternatives and even then if I'm on one, I don't do anything that involves my personal data.
     
  17. munkery, Nov 6, 2010
    Last edited: Nov 6, 2010

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #17
    To default to the https versions of many popular websites (twitter, facebook, etc), use the https version of the DuckDuckGo search engine. The https version of DuckDuckGo will direct you to the https pages for many popular websites that require login.

    https://duckduckgo.com/. This is an overview of how it works.

    DuckDuckGo also does not track you like the Google search engine.
     
  18. gianthobbit macrumors 6502

    Joined:
    Apr 20, 2010
    #18
    Couple things, use FireShepard or BlackSheep (http://www.zscaler.com/blacksheep.html). Problem is there only for FireFox at the moment. I came here to see if anyone knew of a way to do this in Safari as that is my go to on my MBA.
     

Share This Page