Happy Birthday, Firesheep!

Bruce Morton

It’s been a whole year since Firesheep was released. One year old and more than 1.9 million downloads of the Firefox plugin that allows an attacker to take over improperly secured accounts when accessed from a Wi-Fi hotspot.

The solution to the problem is website operators need to secure everything in the session starting from the login. Some big websites have done so — such as bitly, Dropbox, GitHub, Gmail and Windows Live — where SSL is on by default.

Facebook has made incremental improvements by giving the users a choice to enable SSL for their account and by transitioning apps to SSL. Google will soon be securing searches, since the Google web history has been shown to be vulnerable to Firesheep.

Other sites are slowly making improvements, but not at the pace expected given the 1.9 million Firesheep downloads.

Bruce Morton
Bruce Morton
Director, Certificate Technology & Standards

Bruce Morton has worked in the public key infrastructure and digital certificate industry for more than 15 years and has focused on SSL and other publicly trusted certificates since 2005. He has been an active member of the CA/Browser Forum that released guidelines for extended validation (EV) certificates and Baseline Requirements for SSL certificates. Bruce oversees the governance and compliance of Entrust’s publicly trusted PKI.


Add to the Conversation