I was “hacked” the other day as I sat across from Jared who was using Firesheep (read here and here) and it definitely sucked.
“This is serious!” I thought for a second – and then I continued to blog away. But later I asked the team if they had any suggestions and Tom brought up the HTTPS Everywhere plugin for FireFox that can help keep those prying hacking bastardos out of your stuff!
Check it out and let me know if you have any other good suggestions. I didn’t escape without being taken advantage though:
Luckily my hacker was a nice person, and it was obvious that it was a “hack” because I would never openly endorse a mediocre designer like Jared.
đŸ˜‰
dewde says
Jared just got totally pwnt.
peace | dewde
Stephen Bateman says
After doing some googling, it looks like there isn’t a Safari equiv?
So should I plan on not using the internet in public places…?
Geek for Him says
Use the internet is fine, just don’t log into anything you want kept private is all.
Geek for Him says
Reading a bit more about the plugin it is a beta product which is a great thing, one that is lively and being worked on as we speak.
The only thing though is that our blogs could be in harms way as it doesn’t support self hosted sites.
Any ideas on that one?
Jared Erickson says
that was an issue i was able to log into any of Johns wordpress sites as well. and HTTPS Everywhere did not help at all..
But I guess if John was more then a mediocre coder he could fix that…
Tom says
It doesn’t support self-hosted WordPress installations because the plug-in requires the presence of HTTPS and that’s always up to the server administrator to implement.
If you were to implement HTTPS on your own server, you could add a rule to HTTPS Everywhere that would direct you to the secure login path rather than the default HTTP login path.
Albert Grassia says
Well you can also use Fireshepherd (http://notendur.hi.is/~gas15/FireShepherd/) to flood/kill any firesheep sniffers in the area. Its scary to see that so many insecure sites are out there.
If you are in a public wifi setting and logging into a site that does not utilize https then you should be cautious.
As of now there is no plug in for Safari to use something like Fire Sheep. Firefox is becoming the most vulnerable. There is another tool bar that is gaining attention that can easily affect sites with XSS attacks and SQL injections.
Always browse carefully. Use protection.
Use a Proxy or surf through a tunnel that will mask your ip in a public wifi setting.
– Albert
dewde says
2 solutions:
1. Buy a DROID. Wifi tethering means you are the only one on your very own wifi network.
2. Create an SSH tunnel and then route web requests through that.
peace | dewde