> Symantec Corporation > Protecting Users from Firesheep and Other Sidejacking Attacks with SSL
 

Protecting Users from Firesheep and Other Sidejacking Attacks with SSL

White Paper Published By: Symantec Corporation
Symantec Corporation
Published:  Oct 03, 2013
Type:  White Paper
Length:  8 pages

The recent release of the Firesheep Wi-Fi attack tool has increased awareness among both users and attackers of the inherent insecurity of unprotected HTTP connections. Users on unprotected networks who connect to websites through plain HTTP connections expose their connections to those sites to open surveillance and full compromise.

Firesheep allows an attacker connected to the local network to monitor the web sessions of other users on that network. The attacker can then also commandeer the sessions of others, acting in their user context.

Firesheep specifically targets open Wi-Fi networks, but the problem is the same unconventional wired Ethernet networks.

None of this is new. These problems have been generally known, at least in the security community, for years. Firesheep has opened the vulnerability up to others and put devastating identity theft attacks in easy reach of even casual hackers.

As experts proclaimed in reaction to Firesheep, the best solution to the problem is to use TLS/SSL for all connections to websites, including the home page. Perhaps owing to the increased need for processing power it would entail, many large sites have been sparing in their use of TLS/SSL, but such frugality is increasingly indefensible in the face of the level of threats and true costs.



Tags : 
symantec, security, threat, report, key findings, best practice, strategy, technology