John covered Firesheep on IT the other but I think it’s relevant to us, as well.
As developers, we’re not only tasked with the responsibility of delivering solutions to others but with also making sure that said solutions are secure.
On top of that, there are often both client-side and server-side security issues of which we should be aware. When it comes to security, additional measures are always helpful.
Firesheep a Firefox extension that reveals whether or not a given site is vulnerable to HTTP session hijacking. This is extremely important for those of us that build applications that rely on authentication and cookies.
Easy to use, too. Download the extension or browse the source, but be sure to protect yourself. If you’re not fortunate to be able to tunnel through a VPN, run an extension such as HTTPS Everywhere from within Firefox.
This ensures that you’re browsing the more common sites via HTTPS rather than HTTP.
Cool stuff.
[HT: Eric Butler]
John Saddington says
Sweet! https://churchm.ag/use-firesheep-to-sniff-and-steal-cookies-and-identity/
Eric J says
Very Very cool
Justin @ BeDeviant says
Is there a Chrome extension that does the same thing? I’ve tried digging but can’t seem to find anything….
Tom says
Nope – it’s a Firefox-only plug-in. At least for now. Probably only a matter of time until someone ports it.
Marc says
What’d you do to get your Firefox setup that way?
Tom says
Do you mean displaying the sidebar for Firesheep or something else?