Topic: HEADS UP: Firesheep (public wifi "sniffer" - beware on public networks)

[Fatah Ruark (aka MIKE B)]

I'm sure some of you have heard about this new plugin for Firefox. Basically you install it and then go to a public network where you can log into the accounts of other users on the network with the click of a button.

Works pretty easy. I really haven't had a lot of time to play with it.

The solution to this is to use SSL if available, or ask the owner of the public network to turn on WPA/WPA2 and openly post the password to the network. WPA does not allow computers on the same network to talk to each other the same way they do on an unencrypted network.

Anyway...figured I'd let everyone know. Hopefully this will convince sites that have been targeted to offer SSL.

[rjp]

WPA does not allow computers on the same network to talk to each other the same way they do on an unencrypted network.

That's actually a router function, independent of WPA. WPA will prevent someone who doesn't have the access password from sniffing traffic, but an authenticated user may be able to do so, depending on the router setup. For a router running DD-WRT firmware, the setting is called "AP Isolation," and blocks wireless-to-wireless traffic when turned on.

[Fatah Ruark (aka MIKE B)]

Cool. Thanks for fixing that. Always good to learn new stuff.