[Owasp-Malaysia] Fwd: [apwg] Website Sidejacking

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Wed Oct 27 19:45:34 EDT 2010


On Thu, Oct 28, 2010 at 7:21 AM, David Fetter <david at fetter.org> wrote:

> On Thu, Oct 28, 2010 at 07:14:18AM +0800, Muhammad Najmi Ahmad Zabidi
> wrote:
> >
> > Many of you have probably heard in the news about the new add-on for
> > Firefox called Firesheep.  This add-on makes it incredibly easy to
> > sidejack non-‘HTTPS’ log in sites (for example Facebook and Twitter)
> > if you connect to them over an open wireless network.  While the
> > ability to sidejack is nothing new this add-on makes it feasible for
> > anyone to do it with one click.  No programming or “hacker skills”
> > are needed.  As of this morning this add-on has been downloaded over
> > 312,000 times and has only been available since Sunday.
> >
> > We know many of you have personal Facebook accounts and wanted to
> > get this information to you as soon as possible.
>
> OK, stop right there.
>
> Facebook is a much, much bigger threat to your privacy than any
> Firefox plugin could ever be.
>
> If you're going to warn people about threats to their privacy, warn
> them about Facebook, not some amateurish little gizmo
> .
>


When we log in to social networking and agreed for their T & C we already
agreed to say "privacy is long gone".
What does privacy looks like when we tweet our location, enable Google
Latitude etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101028/581a19db/attachment.html 


More information about the Owasp-Malaysia mailing list