The good thing is that Mozilla is quite fast on those and already confirmed the issue and is working to get it fixed. In summary, it is an addon that will make it really easy to basically anyone hack accounts by sniffing traffic on public hotspots, such as airports, coffee shops,etc... ---------------------------------------------------------------------------------------------------- Pedro Bueno (pbueno /%%/ isc. sans. org) Twitter: http://twitter.com/besecure |
Pedro 155 Posts ISC Handler Oct 26th 2010 |
Thread locked Subscribe |
Oct 26th 2010 1 decade ago |
Pedro,
I would remove that link to the PC World article, it really diminishes the impact of this threat. Considering that the writer ran this test using 2 browsers on the same machine, using the same network connection, over the same Access Point. If you want to run a test like this and then write an article about said test...it would be so much more viable to actually run the test from a HotSpot and not from within your home and not from the same PC. |
HackDefendr 65 Posts |
Quote |
Oct 26th 2010 1 decade ago |
It is worth noting that NoScript can force HTTPS on many popular sites such as twitter that otherwise use SSL only for login.
http://noscript.net/faq#https |
Anonymous |
Quote |
Oct 27th 2010 1 decade ago |
Cooling Down the Firesheep
- http://blog.mozilla.com/security/2010/10/27/cooling-down-the-firesheep/ 10.27.10 > https://addons.mozilla.org/en-US/firefox/addon/12714/ . |
Jack 160 Posts |
Quote |
Oct 27th 2010 1 decade ago |
Regarding Firefox 0-day hole.
there has been a lot of writing in the norwegian media the last days. Thuesday (26. okt) nobelpeaceprice.org was hacked. (yes - its the official peace price site) The site was effected with a trojan that was executed through a 0-day exploit in firefox. the malvare was undetected by 41 AV-tools norwegian soc article can be found: http://telenorsoc.blogspot.com/2010/10/nobelpeaceprizeorg-kompromittert.html goole from norwegian to english for info. |
Jack 3 Posts |
Quote |
Oct 27th 2010 1 decade ago |
A fix for this vulnerability has been released for Firefox and Thunderbird users.
Firefox 3.6.12 and 3.5.15 security updates now available * Firefox 3.6.12: http://firefox.com * Firefox 3.5.15: http://www.mozilla.com/firefox/all-older.html Thunderbird 3.1.6 and 3.0.10 security updates now available |
Jack 1 Posts |
Quote |
Oct 28th 2010 1 decade ago |
I am new to all this network security stuff, I amd currently attending shool, but I did do a little reading on this Firefox and it sounds like there could be alot of issues with it not being as secure as some other browsers.
I use your standard web browsers such as Yahoo and sometime Google systems on my home network, are they any more secure than this Firefox browser? |
Jack 1 Posts |
Quote |
Oct 29th 2010 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!