[funsec] Firesheep protection?
michaelslists at gmail.com
Tue Nov 2 16:03:37 CDT 2010
On Wed, Nov 3, 2010 at 7:07 AM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah <rMslade at shaw.ca> wrote:
> Working towards some protection (not just against Firesheep, but the real
> problem), anyone have comparative advice on the useability/effectiveness of:
> HTTPS Everywhere
> also at https://www.eff.org/https-everywhere
> Open Secure
> also at http://opensecext.blogspot.com
> also at http://forcetls.sidstamm.com/
> or any other recommendations?
Shouldn't we include a token in the cookie and validate/re-write it
upon each request? Anyone see a problem with this approach?
> ====================== (quote inserted randomly by Pegasus Mailer)
> rslade at vcn.bc.ca slade at victoria.tc.ca rslade at computercrime.org
> Shadwell hated all Southeners and, by inference, was standing at
> the North Pole. - `Good Omens,' Neil Gaiman & Terry Pratchett
> victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
> http://www.infosecbc.org/links http://twitter.com/rslade
> Fun and Misc security discussion for OT posts.
> Note: funsec is a public and open mailing list.
"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."
More information about the funsec