Firesheep protection and using https

Most of the readers should already be familiar with 'FireSheep', the program that turns MitM attacks and cookie jacking into a simple double click exercise. Well there are some new preventative measures, if you are feeling paranoid on a public network. New programs like 'BlackSheep', and 'FireShepherd' send out fake cookies, that if jacked will inform the victim that threats are on the network or crash the attacker's FireSheep. So if you are feeling extra cautious, you can use these programs to lay out some honeypots, although under programs like 'WireShark' these honeypots are quite obvious. Really, the most secure thing you can do, is just always visit sites using thier encrypted url from the beginning (that's the one that starts with https). This will save credentials from being sent clear text from the beginning! If you can't remember that though, there are other great applications such as 'Https Everywhere', that will automatically use encryption when visiting any site on your list. Personally though, I keep it optional, giving me that choice between speed or security, but you have to know the risks.

Published with Blogger-droid v1.6.5