[Owasp-Malaysia] Fwd: [apwg] Website Sidejacking

David Fetter david at fetter.org
Wed Oct 27 19:21:13 EDT 2010

On Thu, Oct 28, 2010 at 07:14:18AM +0800, Muhammad Najmi Ahmad Zabidi wrote:
> Many of you have probably heard in the news about the new add-on for
> Firefox called Firesheep.  This add-on makes it incredibly easy to
> sidejack non-‘HTTPS’ log in sites (for example Facebook and Twitter)
> if you connect to them over an open wireless network.  While the
> ability to sidejack is nothing new this add-on makes it feasible for
> anyone to do it with one click.  No programming or “hacker skills”
> are needed.  As of this morning this add-on has been downloaded over
> 312,000 times and has only been available since Sunday.
> We know many of you have personal Facebook accounts and wanted to
> get this information to you as soon as possible.

OK, stop right there.

Facebook is a much, much bigger threat to your privacy than any
Firefox plugin could ever be.

If you're going to warn people about threats to their privacy, warn
them about Facebook, not some amateurish little gizmo.

David Fetter <david at fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter at gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

More information about the Owasp-Malaysia mailing list