funsec mailing list archives
Re: Firesheep protection?
From: Robert Graham <robert_david_graham () yahoo com>
Date: Tue, 2 Nov 2010 22:55:18 -0700 (PDT)
It appears the developers have documented some of the plugin's technical limitations at https://addons.mozilla.org/en-US/firefox/addon/12714/. Is this supposed to be original research?
What? People recommended Force-TLS as protection against sidejacking. I tried it. It failed. I wouldn't call this "research", nor would I call it a particularly original idea. Although, I would call it "original" from the perspective that it was me who did it, as oppose to reporting on what others had done.
Hmm.... According to your closing comments, it fails under some circumstances (XmlHttp)
What? It failed under all circumstances to prevent sidejacking of Twitter.
Is it fair to pounce on Rob, grandpa of Ryan, Trevor, Devon & Hannah with "it does not work.... read <some blog>"?
Oops, I misunderstood his post. I thought he was recommending them, not asking about them. I apologize.
Out of curiosity, did you inform Collin Jackson and Adam Barth, or are you waiting for the developers to find <some blog>, much like MustLive and his 0-day XSS vulnerabilities?
What? I didn't know that Force-TLS was designed to protect against this problem. It doesn't sounds like it from the description. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Firesheep protection? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 02)
- Re: Firesheep protection? der Mouse (Nov 02)
- Re: Firesheep protection? Joel Esler (Nov 02)
- Re: Firesheep protection? Robert Graham (Nov 02)
- Re: Firesheep protection? Jeffrey Walton (Nov 02)
- Re: Firesheep protection? Robert Graham (Nov 02)
- Re: Firesheep protection? Jeffrey Walton (Nov 02)
- Re: Firesheep protection? silky (Nov 02)
- Re: Firesheep protection? Rich Kulawiec (Nov 02)
- Re: Firesheep protection? der Mouse (Nov 02)