Educause Security Discussion mailing list archives
Re: Firesheep/Cain& Able
From: David Gillett <gillettdavid () FHDA EDU>
Date: Wed, 3 Nov 2010 13:20:32 -0700
I remember, a few years back, taking a sysadmin to task for an email that basically told users just "You should be afraid to use email." I can't see that "You should be afraid to use Web 2.0." is much of an improvement. Threat warnings need to include some kind of useful advice, something recipients can do to reduce their exposure. We're going to experiment with WPA2; I expect we'll roll that out to our production wireless networks soon. And in the meantime, I've added "HTTPS Everywhere" to the Firefox add-ons on all the machines I personally use or administer. David Gillett -----Original Message----- From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU] Sent: Monday, November 01, 2010 11:23 To: SECURITY () listserv educause edu Subject: Re: [SECURITY] Firesheep/Cain& Able On Mon, 01 Nov 2010 09:39:09 PDT, Isac Balder said:
Inform and educate users of sites that allow CSRF, XSS, etc.
"Dear Users: Most websites, including a lot that you'd expect better from, are vulnerable to CSRF and XSS attacks. Be careful out there..." Remember - "Web 2.0" isn't all that far from an *intentional* XSS attack. :) Given that, I wonder what sane and useful advice you could actually give users.
Current thread:
- Firesheep/Cain& Able Hudson, Edward (Nov 01)
- Re: Firesheep/Cain& Able SCHALIP, MICHAEL (Nov 01)
- Re: Firesheep/Cain& Able Michael Horne (Nov 01)
- Re: Firesheep/Cain& Able Isac Balder (Nov 01)
- Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
- Re: Firesheep/Cain& Able David Gillett (Nov 03)
- Re: Firesheep/Cain& Able Foerst, Daniel P. (Nov 02)
- Re: Firesheep/Cain& Able Webb, Justin (Nov 02)
- Re: Firesheep/Cain& Able Greg Williams (Nov 02)
- Re: Firesheep/Cain& Able Alex Keller (Nov 02)
- Re: Firesheep/Cain& Able Valdis Kletnieks (Nov 01)
- <Possible follow-ups>
- Re: Firesheep/Cain& Able John Ladwig (Nov 01)
- Re: Firesheep/Cain& Able John Ladwig (Nov 02)
- Re: Firesheep/Cain& Able Matt Giannetto (Nov 03)