The block? If I understand the description correctly there are only a few ways to avoid the exploit. - Don't use WiFi where a hostile entity can listen. - Block all cookies, preventing you from using the sites which use cookies to identify you and which don't use SSL. - Don't visit those same sites. - Force those sites to use SSL. Of course if they don't support it, this fails.
None of these solutions reliably give you the capability to visit social media sites from public WiFi. What block do you refer to? Oh, wait. There is another way. You could VNC back to your home network and visit the social media site indirectly from there. This way you have encryption at the vulnerable part of the connection. Downsides: more complex and slower. -- Allen Brown http://brown.armoredpenguin.com/~abrown/ Familiarity breeds contempt - and children. --- Mark Twain ----- Original Message ----- From: "Lorraine Kerwood" <[email protected]> To: "Eugene Unix and Gnu/Linux User Group" <[email protected]> Sent: Wednesday, November 3, 2010 12:24:18 AM Subject: Re: [Eug-lug] Gizmag: Firesheep session hijacking tool Got the block from EFF. > From: Allen Brown <[email protected]> > Organization: Rex Kinetic Sculpture Team > Reply-To: <[email protected]>, Eugene Unix and Gnu/Linux User Group > <[email protected]> > Date: Tue, 02 Nov 2010 17:58:23 -0700 > To: Eugene Unix and Gnu/Linux User Group <[email protected]> > Subject: [Eug-lug] Gizmag: Firesheep session hijacking tool > > Exploiting a security hole in many social networking sites > http://www.gizmag.com/firesheep-http-hijacking-tool/16726/ > -- > Allen Brown http://brown.armoredpenguin.com/~abrown/ _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
