[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...
unsolicited at swiz.ca
Wed Oct 27 16:28:40 EDT 2010
Paul Nijjar wrote, On 10/27/2010 9:43 AM:
> On Tue, Oct 26, 2010 at 07:18:03PM -0400, unsolicited wrote:
>> Paul Nijjar wrote, On 10/26/2010 3:26 PM:
>> Assuming by hotspot you mean public access - why do you feel you need to
>> do anything?
> Man. If you knew the computer proficiency of our users you would
> I may not have a legal responsibility to protect my users from script
> kiddies sniffing their credentials, but I am paid the big bucks to
> structure our services so that they are useful and safe.
>> - does something change here if you encrypt and put below it the really
>> easy password? [What's the difference between the two situations?]
>> (Granted, I can't sniff your session cookie easily under any form of
>> encryption, but open is open.)
> That is the question I am trying to resolve. Lori offered a partial
> answer. I guess I will have to dig deeper.
> I can't believe that this is not a solved problem.
It is. Think Chapters / starbucks or William's open wi-fi - who, as
far as I know, do nothing, use at your own risk, etc., etc.
Actually - doesn't Starbucks now need you to go to the til and get a
key? (Equivalent to a password.)
Publicly, I expect no one wants to state their position, as any
position will itself cause a kerfluffle. There is no right /
acceptable answer to everyone.
Perhaps Cedric can offer insight as to the issues and links towards
discussions on them.
I get part of your problem - you don't want to become 'the man' with
an ISP's apparent level of callousness, however, some of their
callousness has likely come out of simple self-defence.
More information about the kwlug-disc