[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

unsolicited unsolicited at swiz.ca
Wed Oct 27 17:58:46 EDT 2010


Khalid Baheyeldin wrote, On 10/27/2010 5:47 PM:
> On Wed, Oct 27, 2010 at 5:38 PM, Paul Nijjar <paul_nijjar at yahoo.ca> wrote:
> 
>> On Wed, Oct 27, 2010 at 04:56:34PM -0400, Khalid Baheyeldin wrote:
>> http://www.computerworld.com/s/article/print/9193201/How_to_protect_against_Firesheep_attacks
>>> The root problem is sites using plain text HTTP, but there no solution
>> for
>>> it
>>> until each and every site out there implements SSL.
>>>
>>> This may never happen, or will take a long time.
>> I was going to write some reply about how having multple SSL sites on
>> a shared host is hard (which is why kwlug.org has plaintext logins). But
>> once again I have been proved ignorant:
>>
>> http://en.gentoo-wiki.com/wiki/Apache2/SSL_and_Name_Based_Virtual_Hosts
>>
> 
> You are missing the point.

I don't think so.

Paul's point is "What is a responsible admin to do?" What is 
appropriate, what is reasonable?

Which takes nothing away from what you're saying from a user perspective.

There need be no certificate expense, there are free certificates out 
there. Can't recall my favourite off the top of my head, but I 
remember reading articles where the biggest hurdle is just getting the 
various browsers to include that they are trusted certificate 
authorities / servers.

Not to say a 'prudent' admin doesn't also establish vpn capabilities 
for their enterprise.

Isn't the root cause, here, really, and merely, never use open wi-fi?




More information about the kwlug-disc mailing list