[foaf-protocols] At a Cafe? I Can Hack Your Facebook, Twitter, Etc...With a Firefox Extension
Mischa Tuffield
mischa.tuffield at garlik.com
Tue Oct 26 12:34:09 CEST 2010
On 26 Oct 2010, at 01:31, Kingsley Idehen wrote:
> On 10/25/10 6:12 PM, Melvin Carvalho wrote:
>> On 25 October 2010 23:45, Kingsley Idehen<kidehen at openlinksw.com> wrote:
>>> On 10/25/10 3:41 PM, Dan Brickley wrote:
>>>> On Mon, Oct 25, 2010 at 9:21 PM, Melvin Carvalho
>>>> <melvincarvalho at gmail.com> wrote:
>>>>> Whenever you connect to an unsecured WiFi network, you're taking a
>>>>> chance, but now it's easier than ever for someone to gain access to
>>>>> all of your social network login information. A new Firefox extension
>>>>> called Firesheep makes it simple for anyone to see that you're
>>>>> connected to the network, grab your login information for any number
>>>>> of social networks, and take over your online identity.
>>>>>
>>>>> Without this, hacking your account over an unsecured wireless network
>>>>> may not be rocket science, but it surely isn't the one-click magic
>>>>> made possible by Firesheep.
>>>>>
>>>>> http://www.readwriteweb.com/archives/at_a_cafe_i_can_hack_your_facebook_twitterwith_a_f.php
FWIW, might be slightly off topic (apologies if so), but I wrote my I have written up how I go about trying to secure the firefox instance on my laptop :
http://mmt.me.uk/blog/2010/10/26/https/
Mischa *goes back to lurking, sorry about the shameless plug, good work on WebID stuff, I must get me one ...
>>>>>
>>>>> Another issue that WebID solves?
>>>> I don't think WebID solves it; rather, it will boost SSL adoption, and
>>>> that will make WebID a slightly easier sell, by bringing these kinds
>>>> of technology more into mainstream use.
>>> This program showcases a pain in a manner that pretty easy to comprehend.
>>>
>>> The solution is SSL everywhere. The "Why" part is accentuated by the
>>> scenario-case i.e. starbucks lifestyle.
>> But can a company like, say, facebook afford to switch it's data
>> center servers over to SSL? Surely the cost we be in the 10s or 100s
>> of millions?
>>
>
> Chump change if the perform basic "cost vs benefit" analysis. Absolute
> chump change.
>
> Would FB be ready to take out a 100 Million Dollar insurance policy with
> "not becoming the next MySpace or Friendster" in mind? Of course they
> would :-)
>
> The thing about the Web is that things happen so fast, these are truly
> exponential times.
>
> Web 2.0 companies all play to the "we listen to our customers mantra..".
> Well, let's see what happens once a ground swell of users have played
> with Firesheep. As you know, there will be more Firesheeps along the
> way. it's in the nature of all programmers to one-up other programmers :-)
>
>
> Kingsley
>
>>>> It is quite possible to use
>>>> WebID just for login, then drop down to an insecure HTTP/cookies
>>>> mechanism which then gets FireSheep'd.
>>> Not so, if the real moral here to social-networks is: authenticate and
>>> transmit data securely via SSL. That's what you get via WebIDs which
>>> place you into the WebID protocol realm of SSL, by default.
>>>
>>> Basically, why use WebID for authentication, solely? It also contributes
>>> to authorization using ACLs with all data transmitted over HTTPS.
>>>
>>> To conclude, WebID protocol and ACLs that leverage it should become the
>>> norm. Folks that continue to undermine the importance of this effort
>>> will ultimately find out the painful way (IMHO). Users are gradually
>>> catching on, and the Web of Linked Data will make the "catching on"
>>> process easier, as it gets denser.
>>>
>>>> So I wouldn't present WebID as
>>>> a solution, more as part of a general trend to making better use of
>>>> certs and SSL in mainstream Web sites.
>>> WebID protocol does imply use of HTTPS beyond authentication, at least
>>> in my world view :-) Thus, I see this as a very nice usecase re. WebID
>>> protocol virtues for developers of social networking solutions.
>>>
>>> I will have my iPad and Notebook in tow when I next visit Starbucks
>>> (never used them in such places until now) :-)
>>>
>>> Kingsley
>>>
>>>> cheers,
>>>>
>>>> Dan
>>>> _______________________________________________
>>>> foaf-protocols mailing list
>>>> foaf-protocols at lists.foaf-project.org
>>>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>>>>
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Kingsley Idehen
>>> President& CEO
>>> OpenLink Software
>>> Web: http://www.openlinksw.com
>>> Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter/Identi.ca: kidehen
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> foaf-protocols mailing list
>>> foaf-protocols at lists.foaf-project.org
>>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>>>
>
>
> --
>
> Regards,
>
> Kingsley Idehen
> President& CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
>
>
>
>
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
___________________________________
Mischa Tuffield PhD
Email: mischa.tuffield at garlik.com
Homepage - http://mmt.me.uk/
Garlik Limited, 1-3 Halford Road, Richmond, TW10 6AW
+44(0)845 652 2824 http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10 9AD
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20101026/7580a60c/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 841 bytes
Desc: This is a digitally signed message part
Url : http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20101026/7580a60c/attachment.pgp
More information about the foaf-protocols
mailing list