funsec mailing list archives
Re: Firesheep protection?
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 2 Nov 2010 18:08:56 -0400
On Tue, Nov 2, 2010 at 4:37 PM, Robert Graham <robert_david_graham () yahoo com> wrote:
Force-TLS doesn't work, as I document here: http://erratasec.blogspot.com/2010/10/re-firesheep.html
It appears the developers have documented some of the plugin's technical limitations at https://addons.mozilla.org/en-US/firefox/addon/12714/. Is this supposed to be original research?
I suggest people actually try them out before recommending them.
Hmm.... According to your closing comments, it fails under some circumstances (XmlHttp), which appears to be documented by the developers. Is it fair to pounce on Rob, grandpa of Ryan, Trevor, Devon & Hannah with "it does not work.... read <some blog>"? Out of curiosity, did you inform Collin Jackson and Adam Barth, or are you waiting for the developers to find <some blog>, much like MustLive and his 0-day XSS vulnerabilities? Jeff
----- Original Message ---- From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca> To: funsec () linuxbox org Sent: Tue, November 2, 2010 4:07:16 PM Subject: [funsec] Firesheep protection? Working towards some protection (not just against Firesheep, but the real problem), anyone have comparative advice on the useability/effectiveness of: HTTPS Everywhere https://addons.mozilla.org/en-US/firefox/addon/229918/ also at https://www.eff.org/https-everywhere Open Secure https://addons.mozilla.org/en-US/firefox/addon/11358/ also at http://opensecext.blogspot.com Force-TLS https://addons.mozilla.org/en-US/firefox/addon/12714/ also at http://forcetls.sidstamm.com/ or any other recommendations? [SNIP]
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Firesheep protection? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 02)
- Re: Firesheep protection? der Mouse (Nov 02)
- Re: Firesheep protection? Joel Esler (Nov 02)
- Re: Firesheep protection? Robert Graham (Nov 02)
- Re: Firesheep protection? Jeffrey Walton (Nov 02)
- Re: Firesheep protection? Robert Graham (Nov 02)
- Re: Firesheep protection? Jeffrey Walton (Nov 02)
- Re: Firesheep protection? silky (Nov 02)
- Re: Firesheep protection? Rich Kulawiec (Nov 02)
- Re: Firesheep protection? der Mouse (Nov 02)