We could use a private SSL proxy of sorts, no? That is, employing the same sort of man-in-the-middle tools, a web proxy but connecting to us via https. Does anyone reading along know if such a thing exists, or if existing SSL proxies can handle this? Sorry, I haven't been keeping up on proxies lately. I noticed http://proxy.org/ssl_proxies.shtml and it doesn't seem sensible to go trusting any unknown proxies out there... tips or experience? It looks like it would be a great journalistic expose to create some soc-net accounts and try to track how those accounts are accessed and abused and so forth... :)
Back to "the block": One could also use OpenVPN or similar VPN to route their web traffic through to a more secure uplink, right? The difficulties of open-access wifi are well-known, but I do find it interesting to see new adaptions of existing vectors: a firefox plugin, go figure!! ciao On Wed, Nov 3, 2010 at 11:35 AM, <[email protected]> wrote: > The block? If I understand the description correctly there > are only a few ways to avoid the exploit. > - Don't use WiFi where a hostile entity can listen. > - Block all cookies, preventing you from using the sites > which use cookies to identify you and which don't use SSL. > - Don't visit those same sites. > - Force those sites to use SSL. Of course if they don't > support it, this fails. > > None of these solutions reliably give you the capability to > visit social media sites from public WiFi. What block do > you refer to? > > Oh, wait. There is another way. You could VNC back to > your home network and visit the social media site indirectly > from there. This way you have encryption at the vulnerable > part of the connection. Downsides: more complex and slower. > -- > Allen Brown > http://brown.armoredpenguin.com/~abrown/<http://brown.armoredpenguin.com/%7Eabrown/> > Familiarity breeds contempt - and children. --- Mark Twain > > > ----- Original Message ----- > From: "Lorraine Kerwood" <[email protected]> > To: "Eugene Unix and Gnu/Linux User Group" <[email protected]> > Sent: Wednesday, November 3, 2010 12:24:18 AM > Subject: Re: [Eug-lug] Gizmag: Firesheep session hijacking tool > > Got the block from EFF. > > > > From: Allen Brown <[email protected]> > > Organization: Rex Kinetic Sculpture Team > > Reply-To: <[email protected]>, Eugene Unix and Gnu/Linux User Group > > <[email protected]> > > Date: Tue, 02 Nov 2010 17:58:23 -0700 > > To: Eugene Unix and Gnu/Linux User Group <[email protected]> > > Subject: [Eug-lug] Gizmag: Firesheep session hijacking tool > > > > Exploiting a security hole in many social networking sites > > http://www.gizmag.com/firesheep-http-hijacking-tool/16726/ > > -- > > Allen Brown > > http://brown.armoredpenguin.com/~abrown/<http://brown.armoredpenguin.com/%7Eabrown/> > > _______________________________________________ > EUGLUG mailing list > [email protected] > http://www.euglug.org/mailman/listinfo/euglug >
_______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
