firesheep

(get it in RSS or Atom)

SSCC 113 - Another Android hole, Tumblr forgets encryption, Nintendo under attack [PODCAST]

image-113-250

News, opinion, advice and research: Chet and Duck bring you their unique and entertaining combination of all four in their regular quarter-hour podcast.

Why not give it a quick listen?

Apple finally adopts HTTPS for the App Store - here's why it matters

Last year, a Googler named Dr. Elie Bursztein noticed that Apple's App Store protocols were using HTTP where HTTPS would have been much better.

Some time later, Apple has changed its ways.

Paul Ducklin explains why it matters...

Using Yahoo Mail? You should turn on this privacy option as soon as possible

Yahoo (finally!) to make SSL encryption the default for webmail

It has taken Yahoo a ridiculously long time, but it is finally rolling out an option that will help protect users' privacy when accessing their web-based email - HTTPS.

SSCC 72 - DigiNotar, DNS hijacking and Firesheep v2

Sophos Security Chet Chat 41

Mike Wood a Senior Threat Researcher with SophosLabs is Chet's guest. They discuss the upcoming Patch Tuesday, the new Firesheep and go in depth on the recent troubles at certificate authority DigiNotar.

Researchers extend Firesheep to exploit Google Search data leak

Firesheep infiltrates Google

A pair of security researchers have created their own version of the notorious Firesheep plugin to expose a data leak in the world's favourite search engine.

The proof-of-concept plugin exploits the use of unencrypted cookies by Google's Web History feature.

Juicejacking - an emergency phone charge can be a security risk

prohibition-square

You've heard of hijacking. And carjacking, truckjacking and shipjacking. You've probably also heard of sidejacking, sheepjacking and clickjacking.

That's nothing. Here comes juicejacking!

Twitter goes secure - say goodbye to Firesheep with "Always use HTTPS" option

Twitter goes secure - say goodbye to Firesheep with "Always use HTTPS" option

Good news on the social networking security front is that Twitter has finally got its act together to offer an Always use HTTPS option.

Find out how to use it, and why.

Ashton Kutcher's Twitter hacked with pro-SSL graffiti

kutcher-thumb

Could an open WiFi hotspot have allowed Ashton Kutcher's Twitter account to have been compromised at TED?

Free open WiFi suspected in Facebook hack of Missouri state representatives

missouri-state-thumb

If you're using free WiFi hotspots to connect to websites like Facebook, you had best be careful.

A number of politicians in Missouri appear to have learnt that lesson the hard way.

How to enable HTTPS/SSL encryption to secure your Facebook account

How to enable HTTPS/SSL encryption to secure your Facebook account

Many Facebook users can now choose to enable encryption when accessing their service. Watch this video to learn how to choose this function for enhanced security.

Facebook steps up security, but it's opt-in?

Fsecured

Facebook announced today they will be offering HTTPS access and a new form of authentication to thwart phishers, read on for the ins and outs of the new features.

Apple, Facebook, Adobe, Firesheep - 90 Sec Roundup - Nov 2010

featured-image

Don't just read the latest computer security news - watch it in just 90 seconds!

This month: Apple has all sorts of fun; Facebook decides its users are "inauthentic"; Adobe gets a sandbox to play in ; and Firesheep puts you on notice.

Extinguishing Firesheep for safe WiFi browsing

extinguishing-firesheep-250

Firesheep has already taught 750,000 people how to hijack your unencrypted WiFi sessions with a single click. So here's how to extinguish Firesheep with a technological defence that you can put together in just 60 seconds.

Dear Starbucks: The skinny on how you can be a security hero

StarbucksSecure150

Is there an easy way for free WiFi providers to restrict the damage Firesheep can do? We thought so, but it turns out not to be quite so easy after all.

Firesheep author takes backhanded pot-shot at free speech

FireSheep and freedom of speech

Two weeks ago, an automatic session-hijacking plugin was released for Firefox. It was named Firesheep, and it's been downloaded over 600,000 times so far.

Yet the decision to release Firesheep publicly is a controversial one.

Secure websites are insecure - ask Firesheep

fire-sheep

In the light of Firesheep, is it time for websites and social networks to enable https for all aspects of their services?