Taperssection.com

Gear / Technical Help => Post-Processing, Computer / Streaming / Internet Devices & Related Activity => Topic started by: Fatah Ruark (aka MIKE B) on October 31, 2010, 06:03:10 PM

Title: HEADS UP: Firesheep (public wifi "sniffer" - beware on public networks)
Post by: Fatah Ruark (aka MIKE B) on October 31, 2010, 06:03:10 PM

I'm sure some of you have heard about this new plugin for Firefox. Basically you install it and then go to a public network where you can log into the accounts of other users on the network with the click of a button.

Works pretty easy. I really haven't had a lot of time to play with it.

The solution to this is to use SSL if available, or ask the owner of the public network to turn on WPA/WPA2 and openly post the password to the network. WPA does not allow computers on the same network to talk to each other the same way they do on an unencrypted network.

Anyway...figured I'd let everyone know. Hopefully this will convince sites that have been targeted to offer SSL.

Title: Re: HEADS UP: Firesheep (public wifi "sniffer" - beware on public networks)
Post by: rjp on November 01, 2010, 10:21:01 PM

Quote from: Fatah Ruark (aka MIKE B) on October 31, 2010, 06:03:10 PM

WPA does not allow computers on the same network to talk to each other the same way they do on an unencrypted network.

That's actually a router function, independent of WPA. WPA will prevent someone who doesn't have the access password from sniffing traffic, but an authenticated user may be able to do so, depending on the router setup. For a router running DD-WRT firmware, the setting is called "AP Isolation," and blocks wireless-to-wireless traffic when turned on.

Title: Re: HEADS UP: Firesheep (public wifi "sniffer" - beware on public networks)
Post by: Fatah Ruark (aka MIKE B) on November 02, 2010, 05:22:13 PM

Cool. Thanks for fixing that. Always good to learn new stuff.