[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Paul Nijjar paul_nijjar at yahoo.ca
Tue Oct 26 15:26:02 EDT 2010

On Tue, Oct 26, 2010 at 01:57:17PM -0400, Khalid Baheyeldin wrote:
> So, it is finally here.
> We have always known that unencrypted WiFi is bad, and someone
> can sniff the traffic and find the session cookie to the sites you login
> to and use it to login as you.
> Now, there is a FireFox extension that automates all that (Windows
> and Mac OS/X only). No packet sniffing or manually editing headers.

We are running an unauthenticated hotspot. It currently is
unencrypted. What should we do?

My inclination is to enable WPA with a super-dumb passphrase. If
everybody knows the WPA passphrase then am I offering any protection?

Expecting everybody to use SSL is unreasonable in this context. Yes, I
know that this is what people *should* do, but I live in the real
world, not the fairy land where people do what they should. 

- Paul


More information about the kwlug-disc mailing list