October 27, 2010
Nerdsonsite

An Important Firefox Patch, No "Kill Switch" for Firesheep, and More Debit Card Fraud Problems

[Thanks to Nerd Dennis Houseknecht for this post]

Mozilla wasted no time in issuing this patch for Firefox 3.5 and 3.6. It fixes a serious flaw that was revealed just about two days ago.
Mozilla also announced that, despite the enormous problem posed by Firesheep, it will not use its “kill switch” option to disable this add-on. The “silver lining” to the Firesheep release is that it will probably force social networking sites to address the issue of cookie hijacking, which has been a serious threat to users on unsecured networks. Jeremy Laughlin had asked the question about whether users on a wired network would be subject to attacks by Firesheep. The answer is yes. It would take a little more skill and some additional hacking tools, though. Almost all wired networks use switches that isolate traffic on each segment. However, this is easily circumvented if you have the right tools and know how to use them. The reason Firesheep is such a big deal is that you can hijack a social networking session on an open wi-fi network with absolutely no skill or other tools at all.
Finally, and just in case you missed the memo, it is a REALLY BAD IDEA to keep a large sum of money in an account that is tied to a debit card. Here are two articles that show how criminals are stealing LARGE sums of money from compromised accounts:
https://www.theregister.co.uk/2010/10/27/credit_card_flash_attacks/
https://www.computerworld.com/s/article/9193378/Fraudsters_find_holes_in_debit_card_fraud_detection?source=rss_news

Homepage: Nerds On Site

Blog Home: Blog

Artile: An Important Firefox Patch, No "Kill Switch" for Firesheep, and More Debit Card Fraud Problems

Sort By Category