+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 30

Thread: WARNING! Protect yourself on social networking sites. READ.

  1. #1
    Plane Touched Zarathustra's Avatar
    Join Date
    Apr 2010
    Location
    MMO Capitol of the World
    Posts
    173

    Default WARNING! Protect yourself on social networking sites. READ.

    For those of you that use Facebook, twitter and the like. A new hacking tool has been released that makes stealing your login access extremely simple, and it is possible for anyone to use.

    Protect yourself by getting extensions for your browser that force a site to use HTTPS if it is available. These extensions exist for Chrome, Firefox and others.

    This link shows how easy it is to steal login data.

    http://codebutler.com/firesheep


    This link talks about how to protect your login data: http://techcrunch.com/2010/10/25/firesheep/

    Quote from Lifehacker site
    Firefox: Firesheep sniffs out and steals cookies—and the account and identity of the owner in the process—of popular web sites (like Facebook and Twitter) from the browsing sessions of other users on the Wi-Fi hot spot you're attached to.

    Firesheep is a proof-of-concept Firefox extension created by Eric Butler to show how leaky the security many popular web sites (like Facebook, Flickr, Amazon.com, Dropbox, Evernote, and more) employ is. The problem, as Firesheep shockingly demonstrates, is that many web sites only encrypt your login. Once you are logged in they use an unsecured connect with a simple cookie check. Anyone from your IP address (that of the Wi-Fi hotspot) with that cookie can be you. When using Firesheep on a public hot spot any session it can intercept is displayed in the Firesheep pane with the user's name and photograph (when available). Simply click on their name to intercept the session and start browsing the website as though you are them.

    What can you do to protect yourself against such a painfully easy attack against your privacy and security? You can set up an SSH SOCKS proxy to encrypt your traffic, effectively sending your site sessions and accompanying cookies through a sniff-proof tunnel. For a less involved alternative, however, you could use something like the previously mentioned HTTPS Everywhere Firefox extension or Force-TLS (highlighted by TechCrunch). Essentially, these extensions will force popular sites to send data via the more secure HTTPS protocol, which encrypts data as it's sent, and while it's slightly slower, it's definitely worth using HTTPS when available.

    Firesheep is free, works wherever Firefox does, and requires a wireless card capable of operating in promiscuous mode.
    Last edited by Zarathustra; 10-27-2010 at 09:08 AM.

  2. #2
    Telaran Lowe's Avatar
    Join Date
    Apr 2010
    Location
    Garden Grove, CA
    Posts
    62

    Default

    No virus scan for 10 years, never worried about anything... I simply just watch what I click ....... No issues

  3. #3
    Plane Touched -Riley's Avatar
    Join Date
    Aug 2010
    Location
    Southern Alberta, Canada
    Posts
    242

    Default

    Quote Originally Posted by Lowe View Post
    No virus scan for 10 years, never worried about anything... I simply just watch what I click ....... No issues
    i do the same! except i haven't had no anti virus for that long maybe like 4 years now
    Rhyli@Hailol

  4. #4
    Plane Touched Zarathustra's Avatar
    Join Date
    Apr 2010
    Location
    MMO Capitol of the World
    Posts
    173

    Default

    Quote Originally Posted by Lowe View Post
    No virus scan for 10 years, never worried about anything... I simply just watch what I click ....... No issues
    Nothing to do with what you click.

    It has to do with sites that store your login data in cookies, and the site is not encrypted, meaning not using HTTPS.

    This specific hack functions on WIFI, meaning if you are logged into WIFI at your favorite coffee shop, and go to Facebook or twitter, this simple hack will grab your login data, giving the user full access to your account. It is extremely easy to use, and hundreds of thousands of downloads have already occurred.
    Last edited by Zarathustra; 10-27-2010 at 09:21 AM.

  5. #5
    Plane Touched -Riley's Avatar
    Join Date
    Aug 2010
    Location
    Southern Alberta, Canada
    Posts
    242

    Default

    Quote Originally Posted by Zarathustra View Post
    Haha, has nothing to do with what you click.

    It has to do with sites that store your login data in cookies, and the site is not encrypted, meaning not using HTTPS.

    This specific hack functions on WIFI, meaning if you are logged into WIFI at your favorite coffee shop, and go to Facebook or twitter, this simple hack will grab your login data, giving the user full access to your account. It is extremely easy to use, and hundreds of thousands of downloads have already occurred.
    i only use my pc which my router is connnected to, and i am a full Linux and OS X user, so i really don't have to worry about this.
    Rhyli@Hailol

  6. #6
    Telaran Lowe's Avatar
    Join Date
    Apr 2010
    Location
    Garden Grove, CA
    Posts
    62

    Default

    Quote Originally Posted by Zarathustra View Post
    Nothing to do with what you click.

    It has to do with sites that store your login data in cookies, and the site is not encrypted, meaning not using HTTPS.

    This specific hack functions on WIFI, meaning if you are logged into WIFI at your favorite coffee shop, and go to Facebook or twitter, this simple hack will grab your login data, giving the user full access to your account. It is extremely easy to use, and hundreds of thousands of downloads have already occurred.
    I know what I'm doing... I'm literate and the people who get hijacked aren't... it's that simple.

  7. #7
    Ascendant Slyde's Avatar
    Join Date
    Apr 2010
    Location
    California USA
    Posts
    1,669

    Default

    I never use wireless connections, but I do keep my virus software current.

  8. #8
    Shadowlander jabs's Avatar
    Join Date
    Oct 2010
    Posts
    23

    Default

    This is mostly a warning for people who access these sites via a public access point like a university or Starbucks. People who only use the internet at their homes do not need to worry about it.

  9. #9
    Rift Disciple Jaudark's Avatar
    Join Date
    Jul 2010
    Posts
    161

    Default

    since it's an off-topic discussion:

    wtb more seizure
    Last edited by Jaudark; 10-27-2010 at 10:03 AM.

  10. #10
    Plane Touched -Riley's Avatar
    Join Date
    Aug 2010
    Location
    Southern Alberta, Canada
    Posts
    242

    Default

    Quote Originally Posted by Jaudark View Post
    since it's an off-topic discussion:

    wtb more seizure
    your the first commenter on my sig, people can always turn off signatures lol
    Rhyli@Hailol

  11. #11
    Rift Disciple starspun's Avatar
    Join Date
    Apr 2010
    Location
    Snoreway
    Posts
    157

    Default

    Quote Originally Posted by ZeroRiley View Post
    your the first commenter on my sig, people can always turn off signatures lol
    "People can always turn off signatures" is not a valid excuse for having an obnoxious and possibly seizure-inducing signature.

  12. #12
    Rift Chaser Kitty's Avatar
    Join Date
    Jun 2010
    Location
    Ontario, Canada
    Posts
    328

    Default

    Quote Originally Posted by ZeroRiley View Post
    your the first commenter on my sig, people can always turn off signatures lol
    You were probably not aware of the effect that image can have on some people with epilepsy. You should change it before a mod does it for you. I now regret looking at Zarathustra's thread - thanks for the headache.

    On topic: I have a solution! I will not use Facebook...

  13. #13
    Prophet of Telara Skythe's Avatar
    Join Date
    Apr 2010
    Location
    Candy moutain
    Posts
    1,025

    Default

    Quote Originally Posted by Kitty View Post
    Quote Originally Posted by ZeroRiley View Post
    your the first commenter on my sig, people can always turn off signatures lol
    You were probably not aware of the effect that image can have on some people with epilepsy. You should change it before a mod does it for you. I now regret looking at Zarathustra's thread - thanks for the headache.

    On topic: I have a solution! I will not use Facebook...
    I support the notion for you to turn that hideous thing off.
    Not to mention, what's with the red font? Are you trying to make whatever your write unreadable?
    It is an ironic habit of human beings to run faster when we have lost our way.
    -Me? I am Someone, Somebody. Anybody. Anyone.

  14. #14
    Plane Walker Quinton's Avatar
    Join Date
    Aug 2010
    Location
    Canton, Ohio
    Posts
    425

    Default

    Quote Originally Posted by Jaudark View Post
    since it's an off-topic discussion:

    wtb more seizure
    Wow seriously! LOL.. it was like instant headache *Searches for his advil* lol

  15. #15
    Ascendant Mira's Avatar
    Join Date
    Jul 2010
    Location
    Little Rock, Ark., USA
    Posts
    1,650

    Default

    I really hate to complain about anyone's signature, but really, that is just too much, it made it very hard to read anything. Please consider changing it.

+ Reply to Thread
Page 1 of 2 1 2 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts