> White Papers > Symantec Corporation > Protecting Users from Firesheep and Other Sidejacking Attacks with SSL

Protecting Users from Firesheep and Other Sidejacking Attacks with SSL

Symantec Corporation

The recent release of the Firesheep Wi-Fi attack tool has increased awareness among both users and attackers of the inherent insecurity of unprotected HTTP connections. Users on unprotected networks who connect to websites through plain HTTP connections expose their connections to those sites to open surveillance and full compromise.

Firesheep allows an attacker connected to the local network to monitor the web sessions of other users on that network. The attacker can then also commandeer the sessions of others, acting in their user context.

Firesheep specifically targets open Wi-Fi networks, but the problem is the same unconventional wired Ethernet networks.

None of this is new. These problems have been generally known, at least in the security community, for years. Firesheep has opened the vulnerability up to others and put devastating identity theft attacks in easy reach of even casual hackers.

As experts proclaimed in reaction to Firesheep, the best solution to the problem is to use TLS/SSL for all connections to websites, including the home page. Perhaps owing to the increased need for processing power it would entail, many large sites have been sparing in their use of TLS/SSL, but such frugality is increasingly indefensible in the face of the level of threats and true costs.

Tags : symantec, security, threat, report, key findings, best practice, strategy, technology

* Please enter your email address and click the Download Now button to download the white paper.

 Email this page
Published:  Oct 03, 2013
Length:  8
Type:  White Paper