OK, if some unimaginative journalist and/or editor can call a pair of bulging briefs “Weinergate” I can call this Twitter App “FireTweet”. Like Firesheep, Royal Test (FireTweet) is an attempt to demonstrate a privacy problem. Techcrunch reported this story and I have verified the privacy issue. Despite allegedly being unable to read private messages, applications
Audio: /us/resources/podcasts/120810_ESET_FireSheep.mp3
This isn’t a highly technical post by any means, but in a follow up I will explain some basics for less technical users and provide some information on protection. Recently a Firefox extension called Firesheep was released. Firesheep makes account hijacking easy enough that highly unskilled users can do it. Here’s how it works. A
Introduction As the sun is setting and I breathe some of the night time air I am inspired to write about Facebook. Yes, *the* Facebook, the third largest country if it were a physical place with boundaries under a common rule of law and government. When many people use a service such as this, it
What do these two topics have in common? More than you might think. The obvious is that neither has arrived yet. There is no proof of existence of either, you have to take it on faith. Neither will be here tomorrow… take my word for that. A story at http://www.reuters.com/article/2011/05/23/uk-linkedin-security-idUSLNE74M02820110523 explains how dreadfully poor security
An article came out yesterday from Clement Genzmer who is a security engineer at Facebook. His tagline is "searching and destroying malicious links". Those of us in the business of digital security and safety can certainly identify with that, especially the part where we aim to identify the criminals and work with law enforcement to
After the release of FireSheep, Facebook took an important step to help protect Facebook user accounts by allowing users to choose to keep an encrypted connection as long as they used just Facebook and intelligently designed apps. Savvy users immediately discovered that if they tried to use grossly insecure apps such as Farmville, 21 Questions,
Recently Senator Schumer from New York wrote a letter (http://www.infosecurity-us.com/view/16328/senator-schumer-current-internet-security-welcome-mat-for-wouldbe-hackers/) to Twitter, Yahoo, and Amazon asking them to make SSL the default for internet connections. What this means is that instead of an http connection they should provide and https connection by default. This is important because with http connections you are exposed to risk
Update 6/1/2011: Paul Laudanski has published an extensive guide to Facebook privacy, which is quite a remarkable feat since there is precious little privacy on Facebook :) Little privacy, but a whole lot of settings! Check it out at https://www.welivesecurity.com/2011/05/25/facebook-privacy Facebook comes up a lot in this blog. Recently I wrote about the Hidden Face
Facebook actually does have some exceptionally talented security professionals. They have almost no depth in privacy, but they have real security talent. A part of the problem is that the Facebook culture is anti-security and that is a very tough obstacle for their security professionals. Facebook security is by marketing design. Take a look at
With the release of Firesheep the Firefox add on HTTPS Everywhere has increased in popularity as it helps ensure that your Facebook session is encrypted. Using Facebook over https breaks the chat on Facebook however. The other day a friend of mine initiated a chat with me on Facebook. Imagine my surprise since I was
Yeah, usually these things are titled “for Dummies”, but you’re not a dummy if you don’t understand, you’re normal. This is related to the program “Firesheep” and I will attempt to make it very easy to understand the problem. The solution is a bit more complex. It all comes down to trust and discretion. Unfortunately
Recently a tool called “Firesheep” was released. Firesheep makes it so that virtually anyone can hijack Facebook, and some other accounts when they are being used on unsecured public wireless networks. Firesheep takes advantage of the fact that Microsoft, Facebook, Twitter, Yahoo, and scores of other companies really couldn’t care less about your privacy or
I’m sure that at some point you have listened to the radio. A signal goes out and all radios in range can tune in to the broadcast. WI-FI is essentially a radio signal that transmits and receives data. The access point and your computer exchange information, but all computers with wireless capabilities can receive the
[C. Nicholas Burnett, the manager for ESET LLC’s tier three technical support, contributed the following guest blog article on the FireSheep plugin for Firefox. Thank you very much, Carl! Aryeh Goretsky] The past several days have seen the security community abuzz about a program presented in San Diego at ToorCon 12 this last weekend called
