Re: Firesheep protection?

[silky <michaelslists () gmail com>]

On Wed, Nov 3, 2010 at 7:07 AM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah <rMslade () shaw ca> wrote:
> Working towards some protection (not just against Firesheep, but the real
> problem), anyone have comparative advice on the useability/effectiveness of:
>
> HTTPS Everywhere
> https://addons.mozilla.org/en-US/firefox/addon/229918/
> also at https://www.eff.org/https-everywhere
>
> Open Secure
> https://addons.mozilla.org/en-US/firefox/addon/11358/
> also at http://opensecext.blogspot.com
>
> Force-TLS
> https://addons.mozilla.org/en-US/firefox/addon/12714/
> also at http://forcetls.sidstamm.com/
>
> or any other recommendations?

Shouldn't we include a token in the cookie and validate/re-write it
upon each request? Anyone see a problem with this approach?



> ======================  (quote inserted randomly by Pegasus Mailer)
> rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
> Shadwell hated all Southeners and, by inference, was standing at
> the North Pole.        - `Good Omens,' Neil Gaiman & Terry Pratchett
> victoria.tc.ca/techrev/rms.htm blog.isc2.org/isc2_blog/slade/index.html
> http://blogs.securiteam.com/index.php/archives/author/p1/
> http://www.infosecbc.org/links http://twitter.com/rslade
> _______________________________________________
> Fun and Misc security discussion for OT posts.
> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
> Note: funsec is a public and open mailing list.

-- 
silky

http://dnoondt.wordpress.com/

"Every morning when I wake up, I experience an exquisite joy — the joy
of being this signature."

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.