On Tue, Nov 2, 2010 at 4:37 PM, Robert Graham <[email protected]> wrote: > Force-TLS doesn't work, as I document here: > http://erratasec.blogspot.com/2010/10/re-firesheep.html It appears the developers have documented some of the plugin's technical limitations at https://addons.mozilla.org/en-US/firefox/addon/12714/. Is this supposed to be original research?
> I suggest people actually try them out before recommending them. Hmm.... According to your closing comments, it fails under some circumstances (XmlHttp), which appears to be documented by the developers. Is it fair to pounce on Rob, grandpa of Ryan, Trevor, Devon & Hannah with "it does not work.... read <some blog>"? Out of curiosity, did you inform Collin Jackson and Adam Barth, or are you waiting for the developers to find <some blog>, much like MustLive and his 0-day XSS vulnerabilities? Jeff > > ----- Original Message ---- > From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <[email protected]> > To: [email protected] > Sent: Tue, November 2, 2010 4:07:16 PM > Subject: [funsec] Firesheep protection? > > Working towards some protection (not just against Firesheep, but the real > problem), anyone have comparative advice on the useability/effectiveness of: > > HTTPS Everywhere > https://addons.mozilla.org/en-US/firefox/addon/229918/ > also at https://www.eff.org/https-everywhere > > Open Secure > https://addons.mozilla.org/en-US/firefox/addon/11358/ > also at http://opensecext.blogspot.com > > Force-TLS > https://addons.mozilla.org/en-US/firefox/addon/12714/ > also at http://forcetls.sidstamm.com/ > > or any other recommendations? > > [SNIP] _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
