[Owasp-Malaysia] Fwd: [apwg] Website Sidejacking

Muhammad Najmi Ahmad Zabidi najmi.zabidi at gmail.com
Wed Oct 27 20:33:12 EDT 2010


On Thu, Oct 28, 2010 at 8:14 AM, David Fetter <david at fetter.org> wrote:

> On Thu, Oct 28, 2010 at 07:45:34AM +0800, Muhammad Najmi Ahmad Zabidi
> wrote:
> > On Thu, Oct 28, 2010 at 7:21 AM, David Fetter <david at fetter.org> wrote:
> > > On Thu, Oct 28, 2010 at 07:14:18AM +0800, Muhammad Najmi Ahmad Zabidi
> > > wrote:
> > > >
> > > > Many of you have probably heard in the news about the new add-on
> > > > for Firefox called Firesheep.  This add-on makes it incredibly
> > > > easy to sidejack non-‘HTTPS’ log in sites (for example Facebook
> > > > and Twitter) if you connect to them over an open wireless
> > > > network.  While the ability to sidejack is nothing new this
> > > > add-on makes it feasible for anyone to do it with one click.  No
> > > > programming or “hacker skills” are needed.  As of this morning
> > > > this add-on has been downloaded over 312,000 times and has only
> > > > been available since Sunday.
> > > >
> > > > We know many of you have personal Facebook accounts and wanted
> > > > to get this information to you as soon as possible.
> > >
> > > OK, stop right there.
> > >
> > > Facebook is a much, much bigger threat to your privacy than any
> > > Firefox plugin could ever be.
> > >
> > > If you're going to warn people about threats to their privacy,
> > > warn them about Facebook, not some amateurish little gizmo
> >
> > When we log in to social networking and agreed for their T & C we
> > already agreed to say "privacy is long gone".  What does privacy
> > looks like when we tweet our location, enable Google Latitude etc.
>
> If you imagine that Facebook is doing less to invade your privacy than
> Firesheep is, you're just not getting what they take in a billion
> dollars a year doing.  They don't stop invading your privacy when you
> leave the web page.  They don't stop when you leave their service
> entirely.  They don't stop when you and all your friends leave.  They
> just plain don't ever stop.
>
> With some silly little browser plugin, it's at least in principle
> possible to take some individual action and make it go away.
>
> With Facebook, it's going to take direct action by governments: laws
> and treaties.  And it's going to take at least one privacy disaster
> with a large body count to get those governments to act.  Now's the
> time to start making sure they have a not-crazy set of ideas for what
> to do when these disasters strike, because they *will* act, and
> decisively.
>
> Cheers,
> David.
>



I heard one of the speaker of HITB KL said, sort of;

When a service comes free, then people is the commodity.

So much for a free stuff :p
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20101028/16a0e7f0/attachment-0001.html 


More information about the Owasp-Malaysia mailing list