?

Log in

No account? Create an account

October 27th, 2010

via siderea's post

You used to need a little bit of technical clue to steal people's logins to insecure sites like LiveJournal, Facebook, etc. There is now a Firefox extension called Firesheep that makes this extremely user-friendly: absolutely any random loser at the coffee shop, the airport, work, or school can take over your accounts if you're using wireless. (For the record: using Firesheep can get you fired, kicked out of school, or sent to jail if you're caught, so don't.)

Some advice follows. Follow it and get your friends to, too. If you have any friends who are unlikely to follow this advice, you will want to drop them from your friends list on any social networks, because it is a near certainty that somebody else is going to be controlling some of their accounts soon.

Use HTTPS Everywhere to mitigate the problem.

HTTPS Everywhere protects Facebook, LiveJournal, and Google accounts by forcing them to use SSL.

Since this is a Firefox-only extension, you'll want to avoid using other browsers. I'd delete or rename them or move them aside.

HTTPS Everywhere isn't enough.

Most services won't work with HTTPS Everywhere (though it's possible that the ones you care about do). For example, I crossed out LiveJournal up above because, contrary to rumor, HTTPS Everywhere doesn't help. You want to use an SSH Proxy.

This is a decent way to get privacy from work/school too. Quick guide for Mac and Linux/Unix usersCollapse )

Privacy is something you often don't realize you need until it's too late. If you don't understand this, ask for help; if I know you, I will happily spend some time with you to reduce the chance that somebody I know will have their account taken over.

In the long run, I think this is a good thing. Sending personal traffic, much less login information, unencrypted over the internet makes a joke of privacy, but most people just haven't been noticing. The noise about this stands a good chance of closing that particular hole.