'Firesheep' tells us that web security is broken
Web developers insist on doing it their way...
Published 10:43, 29 October 10
Eric Butler's Firesheep plugin has been causing a stir, as it makes it extremely simple to hijack other people's web account.
Once you have installed the plug-in into Firefox, you can see the unprotected websites that other people access over the network you are connected to, whether through WiFi or shared network cable. You just click to gain access to their private pages.
I would not wish to encourage illegal wiretapping, but this demonstrates the illusion of security that websites have forced on their users for years. When the Jericho Forum Commandments were written several years ago, we said:
Surviving in a Hostile World
4. Devices and applications must communicate using open, secure protocols.
Security through obscurity is a flawed assumption - secure protocols demand open peer review to provide robust assessment and thus wide acceptance and use. Let's use this new awareness from Firesheep to pressure websites to provide adequate protection for their users. And maybe Defcon's ""Wall of Sheep" will at long last come tumbling down.
Andrew Yeomans, Jericho Forum Board member