On Wed, Nov 3, 2010 at 7:07 AM, Rob, grandpa of Ryan, Trevor, Devon & Hannah <[email protected]> wrote: > Working towards some protection (not just against Firesheep, but the real > problem), anyone have comparative advice on the useability/effectiveness of: > > HTTPS Everywhere > https://addons.mozilla.org/en-US/firefox/addon/229918/ > also at https://www.eff.org/https-everywhere > > Open Secure > https://addons.mozilla.org/en-US/firefox/addon/11358/ > also at http://opensecext.blogspot.com > > Force-TLS > https://addons.mozilla.org/en-US/firefox/addon/12714/ > also at http://forcetls.sidstamm.com/ > > or any other recommendations?
Shouldn't we include a token in the cookie and validate/re-write it upon each request? Anyone see a problem with this approach? > ====================== (quote inserted randomly by Pegasus Mailer) > [email protected] [email protected] [email protected] > Shadwell hated all Southeners and, by inference, was standing at > the North Pole. - `Good Omens,' Neil Gaiman & Terry Pratchett > victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html > http://blogs.securiteam.com/index.php/archives/author/p1/ > http://www.infosecbc.org/links http://twitter.com/rslade > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. -- silky http://dnoondt.wordpress.com/ "Every morning when I wake up, I experience an exquisite joy — the joy of being this signature." _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
