[funsec] Firesheep protection?
silky
michaelslists at gmail.com
Tue Nov 2 16:03:37 CDT 2010
On Wed, Nov 3, 2010 at 7:07 AM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah <rMslade at shaw.ca> wrote:
> Working towards some protection (not just against Firesheep, but the real
> problem), anyone have comparative advice on the useability/effectiveness of:
>
> HTTPS Everywhere
> https://addons.mozilla.org/en-US/firefox/addon/229918/
> also at https://www.eff.org/https-everywhere
>
> Open Secure
> https://addons.mozilla.org/en-US/firefox/addon/11358/
> also at http://opensecext.blogspot.com
>
> Force-TLS
> https://addons.mozilla.org/en-US/firefox/addon/12714/
> also at http://forcetls.sidstamm.com/
>
> or any other recommendations?
Shouldn't we include a token in the cookie and validate/re-write it
upon each request? Anyone see a problem with this approach?
> ====================== (quote inserted randomly by Pegasus Mailer)
> rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
> Shadwell hated all Southeners and, by inference, was standing at
> the North Pole. - `Good Omens,' Neil Gaiman & Terry Pratchett
> victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://www.infosecbc.org/links http://twitter.com/rslade
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.
--
silky
http://dnoondt.wordpress.com/
"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."
More information about the funsec
mailing list