[kwlug-disc] Firesheep: Open WiFi cookie stealing for the masses ...

Chris Frey cdfrey at foursquare.net
Thu Oct 28 05:21:06 EDT 2010


On Wed, Oct 27, 2010 at 06:50:22PM -0400, Paul Nijjar wrote:
> I could be making some pretty bitter comments over this situation, but
> I will refrain. Suffice to say that I am quite frustrated and angry
> over this. 

Security, or the lack of it, is not something to get angry over,
in my opinion.  In reality, I think the entire digital world is
actually sitting on a house of cards, but everything keeps on
going, with the majority of the ignorant getting by without harm.

People continue to check POP3 email even if you tell them that
their password is going across the internet in the clear.
They don't care, because they've never had a problem, and even
if they did, fixing it is too hard.

It is interesting how security threats are not taken seriously
until one personally understands or experiences it themselves.
The buffer overflow attack was much more nebulous to me before
I tried my first exploit and saw it give me a root prompt with
no effort at all.  Then it was all too real, I took it seriously,
understood it, and actively defended against it based on my own
experience.

I think Firesheep is similar... suddenly sniffing is newbie-level easy
and many more people get to see a glimpse of the house of cards that
the web is built on.  But in a few weeks, people will continue on
like before, and panic will subside.  Some people will be smarter,
some will be more paranoid, some will take precautions, some will
continue to be lucky, and some will get burned.

Because most of the time, proper security is just too much effort.

You're worrying about your users getting hacked with Firesheep,
but this is just one attack vector.  Meanwhile there are many others
that are just as dangerous, and while you're pulling your hair out
trying to fix this hole, your users are eagerly clicking on the next
trojan horse email scam.

In the grand scheme of things, Firesheep will make internet security
better.  But only incrementally.  It will take a whole ton of Firesheep
to make any vast improvement.  This is not a problem you can fix
single handedly overnight... so no need to accept all the responsibility
or the anguish for it either.

- Chris




More information about the kwlug-disc_kwlug.org mailing list