Tag Archives: Firesheep

Yahoo turning on SSL

January 17, 2013 by Bruce Morton     No Comments

Yahoo is jumping on the SSL bandwagon to help secure their users’ email.

Filed Under: Secure Browsing, SSL Tagged With: GmailGmail, Google, Microsoft

Facebook Steps up SSL Game

November 20, 2012 by Bruce Morton     No Comments

A year and a half ago, I wrote a blog, Nice Try Facebook. This was my response to Facebook’s turning on of HTTPS for users. Probably a response to mitigate the new Firesheep attack. (BTW, happy second birthday Firesheep; more than 2.4 million downloads in two years.) My issue with Facebook was the HTTPS feature [Read More...]

Filed Under: Secure Browsing, SSL Tagged With: Firesheep, HTTPS, SSL

Happy Birthday, Firesheep!

October 24, 2011 by Bruce Morton     No Comments

It’s been a whole year since Firesheep was released. One year old and more than 1.9 million downloads of the Firefox plugin that allows an attacker to take over improperly secured accounts when accessed from a Wi-Fi hotspot. The solution to the problem is website operators need to secure everything in the session starting from [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: SSL

HTTPS Now

May 6, 2011 by Bruce Morton     No Comments

Do you want to make the Internet a safer place? Maybe this is something for you. Internet activists, Electronic Frontier Foundation (EFF) and Access have teamed to launch HTTPS Now, an international campaign aimed at soliciting consumers to help make web surfing safer. HTTPS Now comprises three initiatives: Individuals are encouraged to use HTTPS Everywhere, [Read More...]

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: Firesheep, HTTPS

Nice Try Facebook

February 2, 2011 by Bruce Morton     1 Comment

The good news? Facebook is enabling you to experience their social media site entirely over HTTPS. The bad news is that HTTPS is not turned on by default. So if you want HTTPS, then you will have to figure it out yourself. Although probably already in the works when Firesheep was released, it appears that [Read More...]

Filed Under: Secure Browsing, SSL Deployment Tagged With: Firesheep, HTTPS

SSL is about assurance

January 30, 2011 by Bruce Morton     No Comments

Troy Hunt, in his article “SSL is not about encryption,” says that SSL is about assurance and “establishing a degree of trust in a site’s legitimacy.” I have mixed feelings about the title, but agree with the points that Hunt makes. Here are some highlights: Users assume that high-profile sites (e.g., Facebook, Twitter, Dropbox) provide [Read More...]

Filed Under: Secure Browsing, SSL Deployment Tagged With: visual indicators

Cyber Monday

November 28, 2010 by Bruce Morton     No Comments

Monday, 29 November 2010 is Cyber Monday. What is Cyber Monday you might ask? Personally I had to get my terms straight between Black Friday, Cyber Monday, and Black Monday. Here’s a short refresher: Black Friday is the Friday after the US Thanksgiving holiday when the Christmas holiday shopping season unofficially kicks off. It’s called [Read More...]

Filed Under: EV SSL, Secure Browsing, SSL Tagged With: Firesheep, HTTPS, SSL

HTTP Strict Transport Security (HSTS)

November 26, 2010 by Bruce Morton     No Comments

I recently blogged about Firesheep, the Firefox extension that can be used to compromise a secure connection to a website that you have connected to from an open Wi-Fi hotspot. The truth is the vulnerability that Firesheep exposes is not new, but little was done about it. Not so anymore, help is on the way. [Read More...]

Filed Under: Secure Browsing, SSL Deployment Tagged With: Firefox, Firesheep, HSTS

Firesheep wake-up call

October 28, 2010 by Bruce Morton     3 Comments

Much has been written this past week about Firesheep. The bottom line: website operators must properly deploy SSL end-to-end security. Firesheep is a Firefox extension written by Eric Butler and was presented by Butler and security consultant, Ian Gallagher, this past weekend at ToorCon hacker conference in San Diego. Firesheep takes advantage of a known [Read More...]

Filed Under: Secure Browsing, SSL Deployment Tagged With: Firesheep, SSL