Re: Firesheep protection?

[Robert Graham <robert_david_graham () yahoo com>]

Force-TLS doesn't work, as I document here:
http://erratasec.blogspot.com/2010/10/re-firesheep.html

I suggest people actually try them out before recommending them.


----- Original Message ----
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rMslade () shaw ca>
To: funsec () linuxbox org
Sent: Tue, November 2, 2010 4:07:16 PM
Subject: [funsec] Firesheep protection?

Working towards some protection (not just against Firesheep, but the real 
problem), anyone have comparative advice on the useability/effectiveness of:

HTTPS Everywhere 
https://addons.mozilla.org/en-US/firefox/addon/229918/
also at https://www.eff.org/https-everywhere

Open Secure
https://addons.mozilla.org/en-US/firefox/addon/11358/
also at http://opensecext.blogspot.com

Force-TLS
https://addons.mozilla.org/en-US/firefox/addon/12714/
also at http://forcetls.sidstamm.com/

or any other recommendations?

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca    slade () victoria tc ca    rslade () computercrime org
Shadwell hated all Southeners and, by inference, was standing at
the North Pole.        - `Good Omens,' Neil Gaiman & Terry Pratchett
victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
http://blogs.securiteam.com/index.php/archives/author/p1/
http://www.infosecbc.org/links http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.



      
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.