8. What? How can u...
“SIDE-JACKING”
or Session Hijacking is where someone takes control of
your session and starts doing everything you can do or
worse on your account without your knowledge.
You have probably seen emails from your FB friends that
is spam but your friend did not send it. This is one type
of things that can happen.
9. Put on Protection
- Avoid insecure sites on open Wifi
- Avoid Starbucks Coffee. Nothing is free
- Secure your Wifi Network at least with WPA2 + pre-
shared key so you know who is connected at all times
- You are on your own most times. All the best.
10. SSL?
- Don matter. Attackers can redirect your browser using
SSLStrip
- Avoid insecure sites while on wifi.
- Sites like gmail by default are much better due to full
blown SSL all through.
-Logging out doesn’t make session invalid.
“Remember Me” check box?
11. Use only secure L/WAN
• At least WPA2 encryption (protects against
each other)
• Avoid Starbucks Wifi
• Check your network operators credentials
• ISPs?
• Try VPN
13. DONT EAT SHIT
• IGNORANT Service providers
• EXCUSES: We are working on it, we Care,
we are Scaling
14. GMAIL
Full SSL JAN 2010
“We had to deploy no additional machines and no
special Hardware.”
- http://www.imperialviolet.org/2010/06/25/
overlocking-ssl.html
15. How BAD?
Email not up there(Hotmail)
FB, Twitter is your main communication network
Loads of sites do it wrong
16. Its really BAAAD
Check this out
FIRESHEEP
Eric Butler
&
Ian Gallagher
San Diego October 21010
17. FIRESHEEP
Firefox Extension
Mac OS X
Windows XP
Firefox 3 Not 4
http://codebutler.github.com/firesheep
18. Companies Must Act
They MUST PROTECT there Users and Websites. Its their
Maternal Responsibility.
They Don’t?
DEMAND SSL EVERYWHERE
19. No Qs?
Good
the-CRAB
@ilinkoln
iLinkoln 23/10/2010