Firesheep Highlights Web Privacy Problem

A new add-on program for the popular Firefox Web browser is stirring up longstanding concerns over how many websites electronically identify their users.

It’s a problem associated with the use of wireless networks. The add-on program, Firesheep, is designed to make it easy to intercept browser “cookies” used by popular Web sites like Facebook, Twitter and others to identify their users, thereby allowing Firesheep users to log-in to those Web sites posing as others.

To work, a user of Firesheep must have the program running on an ordinary computer on a shared wireless network where it can grab cookies after other users on the network log into popular Web sites, according to a post by Eric Butler, the developer of the program. Butler in his post suggests Firesheep works on “open” wireless networks, but doesn’t specify whether that includes networks where many strangers share a common password to access it, as in a café or convention center.

Source:
http://blogs.wsj.com/digits/2010/10/25/firesheep-highlights-web-privacy-problem/

Tool:
http://codebutler.com/firesheep

Posted in Internet, Privacy, Security | No Comments

evercookie

evercookie is a javascript API available that produces extremely persistent cookies in a browser. Its goal is to identify a client even after they’ve removed standard cookies, Flash cookies (Local Shared Objects or LSOs), and others.

evercookie accomplishes this by storing the cookie data in several types of storage mechanisms that are available on the local browser. Additionally, if evercookie has found the user has removed any of the types of cookies in question, it recreates them using each mechanism available.

Source:
http://samy.pl/evercookie/

Posted in Internet, Privacy | 1 Comment

Update your browsers!

Today, Firefox moved up to 3.6.11 and Google Chrome (stable release) moved up to 7.0.517.41. Lots of security fixes in these new versions.

Posted in Internet, Security | No Comments

Gmail Security Checklist

Whether you just regained access to Gmail, or you want to make sure your account is secure, take a minute to complete our Gmail security checklist to make sure your mail security measures are up to date.

Source:
https://mail.google.com/support/bin/static.py?page=checklist.cs&tab=29488

Posted in Internet, Privacy, Security | No Comments

Private browsing: it’s not so private

Research by Stanford University to investigate the privacy of the “private browsing” feature of many Web browsers suggests that the tools aren’t all that private after all, and that many kinds of information can be leaked by browsers when using the mode.

The paper is due to be presented next week at the USENIX security conference.

“InPrivate Browsing” in Internet Explorer, “Incognito mode” in Chrome, and “Private Browsing” in Firefox and Safari all strive to do the same two things: make it impossible for users of the same computer to figure out which sites the browser has been used to visit, and make it impossible for sites to know whether or not a particular user has previously visited them.

To keep browsing private from other users of the same machine, browsers must discard (or avoid creating) any history entries, cached items, cookies, and so on. To prevent sites from being able to track visitors, the browsers must ensure that they don’t send any cookies or other identifiable information from non-private sessions when in private mode.

The researchers found that the browsers’ protections were imperfect. Browsers did not properly isolate their private sessions from non-private ones, with the result that suitably crafted sites could trace visitors between private and non-private sessions. Sites could also leave persistent indications that they had been visited, allowing visits to be detected by local users.

Source:
http://www.malwarecity.com/news/private-browsing-its-not-so-private-883.html

Posted in Internet, Privacy | No Comments